On the design of access control to prevent sensitive information leakage in distributed obj.pdf
- 1、本文档共18页,可阅读全部内容。
- 2、原创力文档(book118)网站文档一经付费(服务费),不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
- 3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考,付费前请自行鉴别。如您付费,意味着您自己接受本站规则且自行承担风险,本站不退款、不进行额外附加服务;查看《如何避免下载的几个坑》。如果您已付费下载过本站文档,您可以点击 这里二次下载。
- 4、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“版权申诉”(推荐),也可以打举报电话:400-050-0827(电话支持时间:9:00-18:30)。
查看更多
On the design of access control to prevent sensitive information leakage in distributed obj
On the design of access control to prevent sensitive
information leakage in distributed object systems: a
Colored Petri Net based model
Panagiotis Katsaros
1
1
Department of Informatics, Aristotle University of Thessaloniki,
54124 Thessaloniki, Greece
katsaros@csd.auth.gr
http://delab.csd.auth.gr/~katsaros/index.html
Abstract. We introduce a Colored Petri Net model for simulating and verifying
information flow in distributed object systems. Access control is specified as
prescribed by the OMG CORBA security specification. An insecure flow arises
when information is transferred from one object to another in violation of the
applied security policy. We provide precise definitions, which determine how
discretionary access control is related to the secure or insecure transfer of in-
formation between objects. The model can be queried regarding the detected in-
formation flow paths and their dependencies. This is a valuable mean for the
design of multilevel mandatory access control that addresses the problem of en-
forcing object classification constraints to prevent undesirable leakage and in-
ference of sensitive information.
1 Introduction
For a secure application it is not enough to control access to objects, without taking
into account the information flow paths implied by a given, outstanding collection of
access rights. The problem is faced by the use of multilevel mandatory policies, where
users have no control and therefore they cannot be bypassed. Access to objects is
granted on the basis of classifications (taken from a partially ordered set) assigned to
objects and subjects requesting access to them.
The rigidity of these policies implies the need for a systematic design approach. In
the design of mandatory access control we aim to enforce object classification con-
straints to prevent undesirable leakage and inference of sensitive information, while at
the same time guaranteeing that objects will not be overclassified (to maxim
您可能关注的文档
- Moon supernova说明书.pdf
- Moon.Orm 5.0(MQL版)使用指南(二).doc
- Mooncell Receiving Card VCSG3-V21.pdf
- Mooncell Receiving Card VCSG3-V22.pdf
- Mooncell Receiving Card VCSG3-V23C.pdf
- Mooncell Receiving Card VCSG3-V50.pdf
- Mooncell Receiving Card VCSG3-V23D.pdf
- Mooncell Receiving Card VCSG3-V51.pdf
- MOON_650D_Manual.pdf
- MOON_300D_Manual.pdf
最近下载
- 介入室制度及流程.docx
- MM-美的集团运营转型_01企业流程框架项目成果培训(P74)-2014.pdf VIP
- (新课标)新外研版中职(英语基础模块2)Unit 2 Time Really Matters 《Listening and Speaking》说课稿.doc
- 学院党委书记某基层党组织书记论坛总结讲话稿.docx VIP
- 珠宝行业一文读懂老铺黄金(H01947.HK)招股书:古法金开创引领者,打造世界一流珠宝品牌.pdf VIP
- 老年心理慰藉实务(老年人心理健康)高职PPT完整全套教学课件.pptx VIP
- 2024徐州中考数学二轮重点专题研究 微专题 运动产生的线段问题(课件).pptx
- 2024年宝鸡市高考模拟检测(二)二模理科数学试卷(含答案).pdf
- 临沧市20000亩咖啡坚果种植开发项目可行性研究报告.doc
- 医疗器械供货企业质量保证体系调查表(模板).pdf
文档评论(0)