We implement experimentally a simple game of mandatory disclosure in which senders are required to disclose their private information truthfully, but can choose how complex to make their reports. If senders choose complex reports, receivers must exert costly cognitive effort to correctly determine the sender’s private information. We find that senders use complex disclosure when their private i...

A filesystem-level storage cloud offers network-filesystem access to multiple customers at low cost over the Internet. In this paper, we investigate two alternative architectures for achieving multi-tenancy securely and efficiently in such storage cloud services. They isolate customers in virtual machines at the hypervisor level and through mandatory access-control checks in one shared operatin...

LIMITED DISTRIBUTION NOTICE: This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and sp...

There has been a long history of security and access control models, from both a research perspective, and as realized in working systems. The three dominant models are: mandatory access control, MAC [Bell, 1975], discretionary access control, DAC [Linn, 1999], and role-based access control, RBAC [Sandhu, 1996]. In MAC [Bell, 1975], security levels (SL’s) such as unclassified (U), confidential ...

This material is based upon work supported by the Department of Commerce under contract number 50-DKNB-5-00188. Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views of the Department of Commerce. There is a recognized need for a more robust method of performing security controls in computer net...

A key issue in any information security is to protect information about all forms against unauthorized access. Innovation access control model is now becoming a need for application on systems due to emerging acts. Role based access control (RBAC) is a feasible alternative to traditional Discretionary Access Control (DAC) and Mandatory Access Control (MAC). RBAC has been presented to be cost op...

Role-based access control (RBAC) is useful in information security. It is a super set of discretionary access control (DAC) and mandatory access control (MAC). Since DAC and MAC are useful in information flow control (which protects privacy within an application), RBAC can certainly be used in that control. Our research reveals that different control granularity is needed in different cases whe...

Protecting access to digital resources is one of the fundamental problems recognized in computer security. It yet remains a challenging problem to work out starting from the conception till implementation. Access control is a study which deals with the ability to permit or deny the access rights to a particular resource (object) by a particular entity (subject). The three most widely implemente...

Mobility leads to unplanned interactions between computer systems as people use devices to access services in varied environments. Before two systems agree to interact, they must trust that each will satisfy the security and privacy requirements of the other. In this paper we introduce trust overlays, a systematic approach to building such trust. Our solution exploits the increasing availabilit...

We consider the use of aspect-oriented techniques as a flexible way to deal with security policies in distributed systems. Recent work suggests to use aspects for analysing the future behaviour of programs and to make access control decisions based on this; this gives the flavour of dealing with information flow rather than mere access control. We show in this paper that it is beneficial to aug...