Flow based interpretation of access control: Detection of illegal information flows

Mathieu Jaume 1 Valérie Viet Triem Tong 2 Ludovic Mé 3, 2
1 SPI - Sémantiques, preuves et implantation
LIP6 - Laboratoire d'Informatique de Paris 6
3 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
Abstract : In this paper, we introduce a formal property characterizing access control policies for which the interpretations of access control as mechanism over objects and as mechanism over information contained into objects are similar. This leads us to define both a flow based interpretation of access control policies and the information flows generated during the executions of a system implementing an access control mechanism. When these two interpretations are not equivalent, we propose to add a mechanism dedicated to illegal information flow detection to the mechanism of access control over objects. Such a mechanism is parameterized by the access control policy and is proved sound and complete. Finally, we briefly describe two real implementations, at two levels of granularity, of our illegal flow detection mechanism: one for the Linux operating system and one for the Java Virtual Machine. We show that the whole approach is effective in detecting real life computer attacks.
Document type :
Conference papers
Complete list of metadatas

https://hal-supelec.archives-ouvertes.fr/hal-00647170
Contributor : Anne Cloirec <>
Submitted on : Thursday, December 1, 2011 - 3:54:19 PM
Last modification on : Tuesday, May 14, 2019 - 11:02:30 AM

Links full text

Identifiers

Citation

Mathieu Jaume, Valérie Viet Triem Tong, Ludovic Mé. Flow based interpretation of access control: Detection of illegal information flows. 7th International Conference on Information Systems Security (ICISS), Dec 2011, Kolkata, India. pp.72-86, ⟨10.1007/978-3-642-25560-1_5⟩. ⟨hal-00647170⟩

Share

Metrics

Record views

1463