Abstract
In information systems, illegal information flow among objects has to be prevented. A transaction illegally reads data in an object if the object includes data in other objects which are not allowed to be read. In our previous studies, the FRWA-R (flexible read-write-abortion with role sensitivity) and FRWA-O (object sensitivity) protocols are proposed to prevent illegal information flow. Here, a transaction aborts with some probability once illegally reading data in an object. The abortion probability depends on the sensitivity of roles which the transaction holds and objects in which the transaction illegally reads data. The role sensitivity and object sensitivity show how many transactions which hold the role and illegally read data in the object abort after illegally reading data in the object, respectively. Here, the sensitivity just monotonically increases each time a transaction aborts. In this paper, we propose a new safety concept of a role and an FRWA-RS (FRWA with role safety) protocol. Here, the safety of a role increases and decreases each time a transaction holding the role commits and aborts by issuing an illegal read operation, respectively. A transaction with safer roles aborts with smaller probability. In the evaluation, we show fewer and more numbers of transactions abort in the FRWA-RS protocol than the RWA protocol and than the WA protocol, respectively, and transactions are more efficiently performed than the WA protocol.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bacon J, Eyers D, Pasquier TFJM, Singh J, Papagiannis I, Pietzuch P (2014) Information flow control for secure cloud computing. IEEE Trans Netw Serv Manag 11(1):1–14
Che X, Maag S (2015) Formally testing the protocol performances. Int J Space-Based Situat Comput 5(2):76–88
Denning DER (1982) Cryptography and data security. Addison Wesley, Boston
Enokido T, Takizawa M (2009) A legal information flow (lif) scheduler based on role-based access control model. Int J Comput Stand Interfaces 31(5):906–912
Enokido T, Takizawa M (2010) A purpose-based synchronization protocol for secure information flow control. Int J Comput Syst Sci Eng 25(2):25–32
Enokido T, Takizawa M (2011) Purpose-based information flow control for cyber engineering. IEEE Trans Indus Electr 58(6):2216–2225
Fernadez EB, Summers RC, Wood C (1980) Database security and integrity. Adison Wesley, Boston
Ferraiolo DF, Kuhn DR, Chandramouli R (2007) Role-based access controls, 2nd edn. Artech, Norwood
Fisher-Hellmann KS (2012) Information flow based security control beyond RBAC. Springer Vieweg, Brooklyn
Hegarty R, Haggerty J (2015) Extrusion detection of illegal files in cloud-based systems. Int J Space-Based Situat Comput 5(3):150–158
Messina F, Pappalardo G, Santoro C, Rosaci D, Sarné GML (2016) A multi-agent protocol for service level agreement negotiation in cloud federations. Int J Grid Utility Comput 7(2):101–112
Nakamura S, Duolikun D, Aikebaier A, Enokido T, Takizawa M (2014a) Read-write abortion (rwa) based synchronization protocols to prevent illegal information flow. In: Proc. of the 17th International Conference on Network-Based Information Systems (NBiS-2014), pp 120–127
Nakamura S, Duolikun D, Aikebaier A, Enokido T, Takizawa M (2014b) Role-based information flow control models. In: Proc. of IEEE the 28th international conference on advanced information networking and applications (AINA-2014), pp 1140–1147
Nakamura S, Duolikun D, Aikebaier A, Enokido T, Takizawa M (2014c) Synchronization protocols to prevent illegal information flow in role-based access control systems. In: Proc. of the 8th international conference on complex, intelligent, and software intensive systems (CISIS-2014), pp 279–286
Nakamura S, Duolikun D, Enokido T, Takizawa M (2015a) A flexible read-write abortion protocol to prevent illegal information flow. In: Proc. of IEEE the 29th international conference on advanced information networking and applications (AINA-2015), pp 155–162
Nakamura S, Duolikun D, Enokido T, Takizawa M (2015b) A flexible read-write abortion protocol to prevent illegal information flow among objects. J Mob Multimed 11(3&4):263–280
Nakamura S, Duolikun D, Enokido T, Takizawa M (2015c) A flexible read-write abortion protocol with sensitivity of objects to prevent illegal information flow. In: Proc. of the 9th international conference on complex, intelligent, and software intensive systems (CISIS-2015), pp 289–296
Nakamura S, Duolikun D, Enokido T, Takizawa M (2015d) A flexible read-write abortion protocol with sensitivity of roles. In: Proc. of the 18th international conference on network-based information systems (NBiS-2015), pp 132–139
Nakamura S, Duolikun D, Enokido T, Takizawa M (2015e) A write abortion-based protocol in role-based access control systems. Int J Adapt Innov Syst 2(2):142–160
Nakamura S, Duolikun D, Takizawa M (2015f) Read-abortion (ra) based synchronization protocols to prevent illegal information flow. J Compu Syst Sci 81(8):1441–1451
Nakamura S, Duolikun D, Enokido T, Takizawa M (2016) A read-write abortion (rwa) protocol to prevent illegal information flow in role-based access control systems. Int J Space-Based Situat Comput 6(1):43–53
Osborn S, Sandhu RS, Munawer Q (2000) Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans Inform Syst Secur 3(2):85–106
Sandhu RS (1993) Lattice-based access control models. IEEE Comput 26(11):9–19
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. IEEE Comput 29(2):38–47
Yang J, Cheng R, Liu W, Xiao Y, Zhang F (2013) Cryptoanalysis and improvement of smart prepayment meter protocol in standard q/gdw 365. Int J Grid Utility Comput 4(1):40–46
Yasuda M, Tachikawa T, Takizawa M (1998) A purpose-oriented access control model for object-based systems. In: Proc. of the 1st international symposium on object-oriented real-time distributed computing (ISORC’98), pp 146–147
Zeldovich N, Boyd-Wickizer S, Mazières D (2008) Securing distributed systems with information flow control. In: Proc. of the 5th USENIX symposium on networked systems design and implementation, pp 293–308
Acknowledgements
This work was supported by JSPS KAKENHI Grant Number 15H0295.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Nakamura, S., Enokido, T. & Takizawa, M. A flexible read-write abortion protocol with role safety concept to prevent illegal information flow. J Ambient Intell Human Comput 9, 1415–1425 (2018). https://doi.org/10.1007/s12652-017-0541-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-017-0541-1