We introduce a Colored Petri Net model for simulating and verifying information flow in distributed object systems. Access control is specified as prescribed by the OMG CORBA security specification. An insecure flow arises when information is transferred from one object to another in violation of the applied security policy. We provide precise definitions, which determine how discretionary access control is related to the secure or insecure transfer of information between objects. The model can be queried regarding the detected information flow paths and their dependencies. This is a valuable mean for the design of multilevel mandatory access control that addresses the problem of enforcing object classification constraints to prevent undesirable leakage and inference of sensitive information. © Springer-Verlag Berlin Heidelberg 2005.
CITATION STYLE
Katsaros, P. (2005). On the design of access control to prevent sensitive information leakage in distributed object systems: A Colored Petri Net based model. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3761 LNCS, pp. 941–959). https://doi.org/10.1007/11575801_2
Mendeley helps you to discover research relevant for your work.