A Dynamic Label Checking Approach for Information Flow Control in Web Services

2006 ◽  
Vol 3 (1) ◽  
pp. 1-28 ◽  
Author(s):  
Zahir Tari ◽  
Peter Bertok ◽  
Dusan Simic
Keyword(s):  
Web Services ◽  
Flow Control ◽  
Information Flow ◽  
Information Flow Control

Access Control and Information Flow Control for Web Services Security

2016 ◽  
Vol 11 (1) ◽  
pp. 44-76 ◽  
Author(s):  
Saadia Kedjar ◽  
Abdelkamel Tari ◽  
Peter Bertok
Keyword(s):  
Web Services ◽  
Access Control ◽  
Flow Control ◽  
Information Flow ◽  
Information Flow Control ◽  
User Access ◽  
Web Services Security ◽  
Information Confidentiality ◽  
Security Standards

With the advancement of web services technology, security has become an increasingly important issue. Various security standards have been developed to secure web services at the transport and message level, but application level has received less attention. The security solutions at the application level focus on access control which cannot alone ensure the confidentiality and integrity of information. The solution proposed in this paper consists on a hybrid model that combines access control (AC) and information flow control (IFC). The AC mechanism uses the concept of roles and attributes to control user access to web services' methods. The IFC mechanism uses labels to control how the roles access to the system's objects and verify the information flows between them to ensure the information confidentiality and integrity. This manuscript describes the model, gives the demonstration of the IFC model safety, presents the modeling and implementation of the model and a case study.

Access Control and Information Flow Control for Web Services Security

2020 ◽  
pp. 185-219
Author(s):  
Saadia Kedjar ◽  
Abdelkamel Tari ◽  
Peter Bertok
Keyword(s):  
Web Services ◽  
Access Control ◽  
Flow Control ◽  
Information Flow ◽  
Information Flow Control ◽  
User Access ◽  
Web Services Security ◽  
Information Confidentiality ◽  
Security Standards

With the advancement of web services technology, security has become an increasingly important issue. Various security standards have been developed to secure web services at the transport and message level, but application level has received less attention. The security solutions at the application level focus on access control which cannot alone ensure the confidentiality and integrity of information. The solution proposed in this paper consists on a hybrid model that combines access control (AC) and information flow control (IFC). The AC mechanism uses the concept of roles and attributes to control user access to web services' methods. The IFC mechanism uses labels to control how the roles access to the system's objects and verify the information flows between them to ensure the information confidentiality and integrity. This manuscript describes the model, gives the demonstration of the IFC model safety, presents the modeling and implementation of the model and a case study.

Dynamic, Flow Control-Based Information Management for Web Services

2011 ◽  
pp. 260-303
Author(s):  
Zahir Tari ◽  
Peter Bertok ◽  
Dusan Simic
Keyword(s):  
Web Services ◽  
Flow Control ◽  
Programming Languages ◽  
Information Management ◽  
Information Flow ◽  
Data Structures ◽  
Information Leakage ◽  
Information Flow Control ◽  
Proposed Model ◽  
Flow Of Information

Information Flow Control (IFC) is a method of enforcing confidentiality by using labels, data structures for specifying security classifications. IFC is used in programming languages to monitor procedures in an attempt to detect and prevent information leakage. While it ensures greater security, IFC excessively restricts flow of information. This chapter presents a model of information flow control using semi-discretionary label structures. We propose a set of rules that not only increase the flexibility of IFC, but also define labels as a practical component of a security system. We propose a dynamic approach using a centralized model for dynamic label checking, and verify the proposed model using theoretical proofs.

HLIO: mixing static and dynamic typing for information-flow control in Haskell

2015 ◽  
Vol 50 (9) ◽  
pp. 289-301 ◽  
Author(s):  
Pablo Buiras ◽  
Dimitrios Vytiniotis ◽  
Alejandro Russo
Keyword(s):  
Flow Control ◽  
Information Flow ◽  
Information Flow Control ◽  
Dynamic Typing

scholarly journals Tenant-Led Ciphertext Information Flow Control for Cloud Virtual Machines

IEEE Access ◽  
2021 ◽  
Vol 9 ◽  
pp. 15156-15169
Author(s):  
Zhao Zhang ◽  
Zhi Yang ◽  
Xuehui Du ◽  
Wenfa Li ◽  
Xingyuan Chen ◽  
...  
Keyword(s):  
Flow Control ◽  
Information Flow ◽  
Virtual Machines ◽  
Information Flow Control

Exception-based information flow control in object-oriented systems

1998 ◽  
Vol 1 (1) ◽  
pp. 26-65 ◽  
Author(s):  
Elisa Bertino ◽  
Sabrina De Capitani Di Vimercati ◽  
Elena Ferrari ◽  
Pierangela Samarati
Keyword(s):  
Flow Control ◽  
Information Flow ◽  
Object Oriented ◽  
Information Flow Control ◽  
Object Oriented Systems
Sign in / Sign up

Export Citation Format

Share Document