Design and Evaluation of a Legal Information Flow (LIF) Scheduler in a Role-based Access Control Model

摘要

The role-based access control model is widely used to keep information systems secure. Here, a subject s is allowed to issue a method op to an object o only if an access right leftlangle {o,op} rightrangle is included in the roles granted to the subject s. Even if every access request is authorized in the roles, illegal information flow might occur as well known confinement problem. A legal information flow relation (R_1 underline prec^I R_2) among a pair of role families R_1 and R_2 shows that no illegal information flow occur if a transaction T_1 with a role family R_1 is performed prior to another transaction T_2 with R_2. In addition, a significantly precedent relation R_1 underline prec^S R_2 implies that a role family R_2 is more significant than R_1. We discuss a legal information flow (LIF) scheduler to synchronize transactions so as to prevent illegal information flow and how to serialize conflicting methods from multiple transactions in terms of significancy and information flow relation of roles families. We evaluate the LIF scheduler in terms of how much illegal information flow can be prevented.