9. NV Narendra kumar and RK Shyamasundar, A Complete Generative Label Model for Lattice-based Access Control Models,

Title : 9. NV Narendra kumar and RK Shyamasundar, A Complete Generative Label Model for Lattice-based Access Control Models,

Abstract : Lattice-based access control models (LBAC) initiated through Bell Lapadula (BLP)/ Biba models, and consolidated by Dorothy Denning have played a vital role in building secure systems via Information Flow Control (IFC). IFC systems typically label data and track labels, while allowing users to exercise appropriate access privileges. This is defined through a finite set of security classes over a lattice along with a can-flow-to-relation as a pre-order on the security classes with a join operator that is totally defined over the classes. Recently IFC has also been playing a role in formally establishing the security of operating systems and programs. Towards such a goal, researchers often use assertions keeping track of the flow of information from one subject/object to another object /subject. Specifying and realizing these assertions will be greatly benefitted, if the underlying labels of objects/subjects can be interpreted in terms of access permissions /rights to subjects/objects as well as subjects/objects that have influenced (including possibility of being written) them; these would lead to automatic (or semi) generation of proof obligations/assertions. Thus, if one can arrive at a label model for LBAC that would satisfy properties like (i) intuitive and expressive labels, (ii) complete with respect to Denning’s lattice model, and (iii) ecient computations on labels, then building/certifying secure systems using LBAC will be greatly benefitted. In this paper, we arrive at such a semantic generative model (that tracks readers /writers of objects/subjects) for the Denning’s lattice model, and establish a strong correspondence between syntactic label policies and semantically labelled policies. Such a correspondence leads to the derivation of the recently proposed Readers-Writers Flow Model (RWFM 1). The relationship, further establishes that the RWFM label model provides an application-independent concrete generative label model that is sound and complete wrt Denning’s Model. We define the semantics of information flow in this label model, and argue that reading and writing induce possibly di erent pre-orders on the set of subjects. Hence, the subject relations become explicit, making it possible to derive relations from the labels. We further define a notion of information dominance on subjects and show that the notion of principal hierarchy can be naturally defined that is consistent with the IFC model; this perhaps overcomes the adverse impact on the flow policy that is often experienced during the classical approach of defining the hierarchy orthogonally. This enables us to realize Role-Based Access Control (RBAC) structurally and enforce information flow security. Further, we demonstrate how the underlying label algebra succinctly defines various lattice-based control models like BLP, Biba, RBAC, Chinese wall model, etc.

Conference Details : 15th International Conference on Software Engineering and Formal Methods, SEFM 2017, will be held in Trento, Italy, September 4-8, 2017

Date :04/09/2017 ,

Venue : Trento, Italy

Published At :LNCS, Springer Verlag,

View :

Style Switcher

Predefined Colors

Layout Style

Header Color

Footer Top Color

Footer Bottom Color