High assurance discretionary access control for object bases

36Citations
Citations of this article
33Readers
Mendeley users who have this article in their library.

Abstract

Discretionary access control, based on checking access requests against users' authorizations, does not provide any way of restricting the usage of information once it has been 'legally' accessed. This makes discretionary systems vulnerable to Trojan Horses maliciously leaking information. Therefore the need arises for providing additional controls limiting the indiscriminate flow of information in the system. This paper proposes a message filter complementing discretionary authorization control in object-oriented systems to limit the vulnerability of authorization systems to Trojan Horses. The encapsulation property of the object-oriented data model, which requires that access to objects be possible only through defined methods, makes information flow in such systems have a very concrete and natural embodiment in the form of messages and their replies. As a result, information information flow can be controlled by mediating the transmission of messages exchanged between objects. The message filter intercepts every message exchanged between objects to ensure that information is not leaked to objects accessible by users not allowed for it.

Cite

CITATION STYLE

APA

Bertino, E., Samarati, P., & Jajodia, S. (1993). High assurance discretionary access control for object bases. In 1st ACM Conference on Computer and Communications Security (pp. 140–150). Publ by ACM. https://doi.org/10.1145/168588.168606

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free