Academic
Publications
The Limes Security Model for Information Flow Control

The Limes Security Model for Information Flow Control,10.1109/ARES.2011.88,Eckehard Hermann

The Limes Security Model for Information Flow Control   (Citations: 1)
BibTex | RIS | RefWorks Download
In the business world, the protection of informa- tion and data objects and their well-directed flow is essential for the success of enterprises. The Chinese Wall Security Policy model (CWSP model), defined by Brewer and Nash in (1), provides access control based on the definition of conflict of interest classes. This model addresses in particular the commercial business sector. In their model Brewer and Nash made the implicit assumption that a conflict of interest is an equivalence relation. Lin (2) presented a modified version of the model called the Aggressive Chinese Wall Security Policy model (ACWSP model). He showed in (5) that the "conflict of interest" is a binary relation, but not, in general, an equivalence relation like Brewer and Nash assumed. Lin observed that the Conflict of Interest relation is symmetric but non-reflexive and non-transitive. In the world of business, symmetric conflict of interest classes are not the default. In this paper a new model is presented that is based on a non-symmetric, non-reflexive and non-transitive conflict of interest relation, where each object is allowed to define its own time dependent Conflict Function and Conflict Of Interest List. Before a subject is allowed to do a write access to an object, each object that has been read accessed by the same subject before has to acknowledge that it is free of conflict with the object the subject intends to write access currently. Otherwise the write access is denied.
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
    • ...The Limes Security Model [1] is based on a not necessarily symmetric, not necessarily reflexive and not necessarily transitive conflict of interest relation...
    • ...Let us recollect some of our earlier considerations [1]: Because each organization defines its own security policy, symmetric conflict of interest classes are not the default in the real world of business...
    • ...The Limes security model, introduced in [1], extends the CWSP model and is based on a not necessarily symmetric, not necessarily reflexive and not necessarily transitive conflict of interest relation...
    • ...The Limes Security Model as defined in [1] works on the assumption that an object does only stay in conflict with an object and does not stay in conflict with a subject...
    • ...In [1] the Conflict Function and Conflict Of Interest List are defined as follows:...
    • ...For each instant of time t ∈ N ,a ll objects i,j ∈ Ot and each instant of time l ∈ N with l ≤ t and where l is the instant of time, where a read access to object i has been performed, let iCIL t be the Conflict Of Interest List and let iNCL t be the Non Conflict Of Interest List of the object i depending on the read access to the instant of time l with the following properties [1]: – iCIL t ∪ iNCL t = Ot. – iCIL t ∩ iNCL t = {}. – i ∈ iNCL ...
    • ...The function a t : Ot → Z is called the Actuality Function of i ,i fa t has the following property [1]: a t(j )= � t, if (j,t) ∈...
    • ...Figure 1 (b.) shows the instant of time t + 1, where the subject s1 performs a read access operation to object o1. As part of the read access the dataset of o1 is added to the dataset of s1 and a tuple consisting of the instance of time t +1 and o1 is added to the Read Access History of s1.[1]...
    • ...In addition to the merging of the dataset of s1 into the dataset of o2 ,am erging of the Read Access History of s1 with the Dataset Actuality of o2 is performed and written to the Dataset Actuality of o2.[1]...
    • ...History of s2. After the Read Access History of s2 is refreshed with a tuple of o2 and the instant of time of the current read access, it contains the complete information about the sources and actuality of the data contained by the dataset dss2 of s2.[1]...
    • ...Similarly to the Limes of a subject, defined in [1], the Limes of an agent describes the borderline between the objects (and agents), where an agent is allowed to perform a read or write access, and those objects (and agents), where the agent is not allowed to perform a read or write access...
    • ...The Limes Security model introduced in [1] acts on the assumption that a conflict of interest is not necessarily symmetric, not necessarily reflexive and 24 E. Hermann...

    Eckehard Hermann. A Security Policy Model for Agent Based Service-Oriented Architectures

Sort by: