Automated Detection of Information Leakage in Access Control
نویسندگان
چکیده
The prevention of information flow is an important concern in several access control models. Even though this property is stated in the model specification, it is not easy to verify it in the actual implementation of a given security policy. In this paper we model-check rewrite-based implementations of access control policies. We propose a general algorithm that allows one to automatically identify information leakage. We apply our approach to the well-known security model of Bell and LaPadula and show that its generalization proposed by McLean does not protect a system against information leakage.
منابع مشابه
An automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملSurvey on Perception of People Regarding Utilization of Computer Science & Information Technology in Manipulation of Big Data, Disease Detection & Drug Discovery
this research explores the manipulation of biomedical big data and diseases detection using automated computing mechanisms. As efficient and cost effective way to discover disease and drug is important for a society so computer aided automated system is a must. This paper aims to understand the importance of computer aided automated system among the people. The analysis result from collected da...
متن کامل3D Scene and Object Classification Based on Information Complexity of Depth Data
In this paper the problem of 3D scene and object classification from depth data is addressed. In contrast to high-dimensional feature-based representation, the depth data is described in a low dimensional space. In order to remedy the curse of dimensionality problem, the depth data is described by a sparse model over a learned dictionary. Exploiting the algorithmic information theory, a new def...
متن کاملData Leakage Detection Using Cloud Computing
In the virtual and widely distributed network, the process of handover sensitive data from the distributor to the trusted third parties always occurs regularly in this modern world. It needs to safeguard the security and durability of service based on the demand of users. The idea of modifying the data itself to detect the leakage is not a new approach. Generally, the sensitive data are leaked ...
متن کاملEfficient Trust Negotiation based on Trust Evaluations and Adaptive Policies
Automated trust negotiation (ATN) is an approach that establishes mutual trust between strangers wishing to share resources or conduct business by gradually requesting and disclosing digitally signed credentials. Previous work on improving negotiation efficiency mainly focuses on using history negotiation information, which may lead to unnecessary information leakage and cannot improve the nego...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007