Using access control for secure information flow in a Java-like language

The virtual machine in the fine-grained information flow tracking is the basis for realization of transparent cloud platform program level control. The information flow control access to sensitive information in the process, because the authority transfer security level and cannot read or write the non sensitive data, the coarse granularity information flow control is difficult to meet the actual demand of diversification, this paper proposes extended DIFC (Distributed Information Flow Control) model, this model avoids component of cloud platform virtual machine because of the higher level of security sensitive data through reading, it sends or modifies the defects of non sensitive data by transfering the authority, and effectively overcomes the defect that the existing information flow control method for the coarse granularity, and the shortcomings which unable to meet the actual demand, this model guarantees the tracking and control of fine-grained information flow within the virtual machine application, and it does not affect the original cloud service operation.

Access control mechanisms are often used with the intent of enforcing confidentiality and integrity policies, but few rigorous connections have been made between information flow and runtime access control. The Java virtual machine and the .NET runtime system provide a dynamic access control mechanism in which permissions are granted to program units and a runtime mechanism checks permissions of code in the calling chain. We investigate a design pattern by which this mechanism can be used to achieve confidentiality and integrity goals: a single interface serves callers of more than one security level and dynamic access control prevents release of high information to low callers. Programs fitting this pattern would be rejected by previous flow analyses. We give a static analysis that admits them, using permission-dependent security types. The analysis is given for a class-based object-oriented language with features including inheritance, dynamic binding, dynamically allocated mutable objects, type casts and recursive types. The analysis is shown to ensure a noninterference property formalizing confidentiality and integrity.

Abstract: We use a state-transition approach to analyze and compare the core access control mechanisms that are characteristic of a variety of trust management, access control list, and capability-based systems. The framework, which characterizes the set of rights a subject has over an object after any sequence of actions, is based on abstract system states, state transitions, and logical deduction of access control judgments. We present abstract models representing the access control portion of trust management, access control lists, and two versions of capabilities, proving various correspondence and simulation relations between these models. The main results include an equivalence between access control lists (ACLs) and capabilities viewed as rows of the Lampson access matrix and the (proper) subsumption of a form of ACLs by an unforgeable reference form of capabilities. The access control mechanism at the heart of distributed trust management systems is formally shown to provide a tractable compromise between unrestricted capability passing from the capability models and easy revocation provided by access control lists. The underlying simulations show how trust management compares with more established access control mechanisms, independent of features such as local name spaces and certificate authorization hierarchies.

An information flow control model for C applications based on access control lists

The security of software-intensive systems is frequently attacked. High fines or loss in reputation are potential consequences of not maintaining confidentiality, which is an important security objective. Detecting confidentiality issues in early software designs enables cost-efficient fixes. A Data Flow Diagram (DFD) is a modeling notation, which focuses on essential, functional aspects of such early software designs. Existing confidentiality analyses on DFDs support either information flow control or access control, which are the most common confidentiality mechanisms. Combining both mechanisms can be beneficial but existing DFD analyses do not support this. This lack of expressiveness requires designers to switch modeling languages to consider both mechanisms, which can lead to inconsistencies. In this article, we present an extended DFD syntax that supports modeling both, information flow and access control, in the same language. This improves expressiveness compared to related work and avoids inconsistencies. We define the semantics of extended DFDs by clauses in first-order logic. A logic program made of these clauses enables the automated detection of confidentiality violations by querying it. We evaluate the expressiveness of the syntax in a case study. We attempt to model nine information flow cases and six access control cases. We successfully modeled fourteen out of these fifteen cases, which indicates good expressiveness. We evaluate the reusability of models when switching confidentiality mechanisms by comparing the cases that share the same system design, which are three pairs of cases. We successfully show improved reusability compared to the state of the art. We evaluated the accuracy of confidentiality analyses by executing them for the fourteen cases that we could model. We experienced good accuracy.

Cloud now provides a wide range of services hosted by different providers from different domains. These services can be composed together dynamically to realize important tasks. In a composite service, information may flow from one service to subsequent services from different domains. Such information flow, if not properly controlled, may cause undesired leakage of critical data. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques is not flexible and cannot work with domain-specific information flow control policies. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques are not flexible and cannot work with domain-specific information flow control policies. In this paper, we define the WS-AIFC infrastructure for enforcing access and information flow control. The major goal of WS-AIFC is to provide a new IFC mechanism that can allow each domain to define their own IFC policies while WS-AIFC is capable of preventing undesired information leakage (IFC policy violation) among benign, semi-honest service domains. The main idea in WS-AIFC is to derive and record the dependency list for each data object. The system, upon receiving an access request to a critical data object, not only validates the conventional access control policy for the access, but also extracts the data and the corresponding domains in the dependency list and consults these domains to validate their IFC policies for the indirect access. In summary, WS-AIFC empowers individual domains to control how their information flows and achieves enhanced security for service based systems.

Storage in cloud computing is the fundamental service which is widely used by consumers of cloud. Cloud offer many advantages such as flexibility, elasticity, scalability and sharing of data among users. However, cloud storage throws many privacy and security challenges. Especially, the most significant problem is access control mechanism which ensures sharing of dataonly to authorized users. Most of the cloud service providers offer Role Based Access Control (RBAC) where users are grouped into roles and access is given to resources based on roles. The problem with this scheme is that once a role gets access to a resource, further restrictions are not possible, where there are security limitations for which data owner needs to restrict access to a part of an object but not entire object. This work proposes to useSwift, an object storage service in open source cloud named OpenStack. Swift restricts access to objects using Access Control Lists (ACLs). As per ACL, users can gain access to an object. However, once access is given, users can access the complete object without further restrictions. The proposed work is evaluated in real cloud environment Amazon cloud, Microsoft Azure, and Open stack cloud. A framework termed Predicate Based Access Control (PBAC) is proposed to render fine grained access control to Swift storage. Access is provided to predicates that are part of an object. Instead of following an “all or nothing” approach, an access control mechanism that makes the Swift storage and retrieval more secure is preferred.

Current information systems are more and more complex. They require more interactions between different components and users. So, ensuring system security must not be limited to using an access control model but also, it is primordial to deal with information flows in a system. Thus, an important function of a security policy is to enforce access to different system elements and supervise information flows simultaneously. Several works have been undertaken to join together models of access control and information flow. Unfortunately, beyond the fact that the reference model they use is BLP which is quite rigid, these research works suggest a non integrated models which do nothing but juxtapose access control and information flow controls or are based on a misuse of a mapping between MLS and RBAC models. In this paper, we suggest to formalize DTE model in order to use it as a solution for a flexible information flow control. Then, we integrate it into an unique access control model expressive enough to handle access and flow control security rules. The expressivity of the OrBAC model makes this integration possible and quite natural.

The most important aspect of security in a database after establishing the authenticity of the user is its access control mechanism. The ability of this access control mechanism to express the security policy can make or break the system.This paper introduces constraints-based access control (CBAC) — an access control mechanism that general associations between users and permissions are specified by the rules (or constraints) governing the access rights of each user. This association is not restricted to static events but can include dynamic factors as well.One of the many advantages of CBAC is that even a static CBAC is a generalisation of most of the access control mechanism in use today. We demonstrate how CBAC can efficiently simulate role-based access control (RBAC) and access control list (ACL). In fact, CBAC allows the introduction of any abstract concepts as one would do roles in RBAC. On top of that, CBAC also allows the users to specify interactions between these concepts.Any flexibile access control method usually raises concerns over its time efficiency. We advocate the use of partial solutions to the access control constraints to improve the efficiency of CBAC.Keywordsconstraintsaccess controlsecurity

Dedicated to the memory of John C. Reynolds (1935--2013). We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can all be expressed in RHTT using only standard type-theoretic constructions such as monads, higher-order functions, abstract types, abstract predicates, and modules. Example security policies include conditional declassification, information erasure, and state-dependent information flow and access control. RHTT can reason about such policies in the presence of dynamic memory allocation, deallocation, pointer aliasing and arithmetic.

We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can all be expressed in RHTT using only standard type-theoretic constructions such as monads, higher-order functions, abstract types, abstract predicates, and modules. Example security policies include conditional declassification, information erasure, and state-dependent information flow and access control. RHTT can reason about such policies in the presence of dynamic memory allocation, deallocation, pointer aliasing and arithmetic. The system, theorems and examples have all been formalized in Coq.

Agent-based Mobile Petri Nets are a powerful variant of classical Petri Nets which integrate mobile agent technology. A mobile agent migrates among heterogeneous platforms by acquiring their services to perform its goal. Agent-based Mobile Petri Nets effectively model mobility, concurrency and distributed nature of a mobile agent. However, security aspects related to mobile agent's mobility are still lacking. This paper has enriched Agent-based Mobile Petri Nets with access control mechanisms. Two access control mechanisms namely; static and dynamic, have been integrated in Agent-based Mobile Petri Nets. For static access control, each mobile agent net is equipped with an access control list which defines a fixed list and access rights for visiting mobile agents. For dynamic access control, access control matrix has been associated with each mobile agent net for granting the visiting mobile agents with respective privileges. The assigned privileges are not fixed and they change with state of agent net. Finally the proposed access control mechanisms are verified with a case study.

There has been recently considerable interest in Role-Based Access Control (RBAC) as an alternative to traditional DAC and MAC access control schemes. The interest in RBAC is due to its simplicity in implementation, since it adapts to the working environment of any organization effortlessly. Every cloud computing resource subjects are categorically divided into the predefined roles and policies are defined for each role. Hence the RBAC is defined as a mapping between user to roles and the roles to privileges making the access control design simple, adaptable and easily implementable. DAC scheme provides complete control to the owner of the object on the decision of access control using access control matrix and list. The problem in the present RBAC scheme is that all subjects who are in same role can access the data specified for that particular role, but we can't specify data for any particular subject in a particular role. Our system combines the concept of ACL (Access Control List) a ACM (Access Control Matrix) of DAC with the RBAC to enhance the data integrity in RBAC. Thus to achieve this, we have to add ACL to all the objects (data) and ACM to all the objects (roles) in the system, this restricts other subjects of the same role from accessing one particular subject's data.

Access control remained an important aspect of computer security, and it has been the focus of extensive research over the past several decades. Access control mechanisms generally composed of two fundamental components: authentication and authorization. Authentication refers to verifying the identity of an entity, and authorization guarantees that only authenticated entity or devices can access the permitted devices or other resources. Various traditional access control schemes, such as Access Control Lists (ACLs), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC) exist, but these have certain limitations that hinder their direct implementation in the Internet of Things (IoT). For instance, ACLs maintain user-specific access privilege lists, which are feasible for environments with limited users and devices, but impractical for large scale systems like IoT. RBAC assigns devices access through roles associated with permissions, however role management in dynamic IoT environments poses significant challenges. ABAC grants access based on user and devices attributes that requires certain attribute criteria for authorization. We advocate that IoT environments are dynamic in nature and consist of very large volumes of smart IoT devices (such as smart sensors, smart phones and gadgets) that which introduce unique access control challenges. One significant challenge is providing dynamic access to smart IoT devices, as opposed to relying on static rules, roles, or attributes. Considering these challenges, this research advocates for a novel access control scheme tailored for accessing smart IoT devices in internet of things environments. The prototype implementation of the proposed approach is carried out along with conducting the usability study to evaluate the performance and suitability of the proposed system for real world internet of things (IoT) scenarios.

The Access Matrix is a useful model for understanding the behaviour and properties of access control systems. While the matrix is rarely implemented, access control in real systems is usually based on access control mechanisms, such as access control lists or capabilities, that have clear relationships with the matrix model. In recent times a great deal of interest has been shown in Role Based Access Control (RBAC) models. However, the relationship between RBAC models and the Access Matrix is not clear. In this paper we present a model of RBAC based on the Access Matrix which makes the relationships between the two explicit. In the process of constructing this model, some fundamental similarities between certain capability models and RBAC are revealed.