Dynamic, Flow Control-Based Information Management for Web Services

Dynamic, Flow Control-Based Information Management for Web Services

Zahir Tari (RMIT University, Australia), Peter Bertok (RMIT University, Australia) and Dusan Simic (RMIT University, Australia)
Copyright: © 2008 |Pages: 44
DOI: 10.4018/978-1-59904-904-5.ch009
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Information Flow Control (IFC) is a method of enforcing confidentiality by using labels, data structures for specifying security classifications. IFC is used in programming languages to monitor procedures in an attempt to detect and prevent information leakage. While it ensures greater security, IFC excessively restricts flow of information. This chapter presents a model of information flow control using semi-discretionary label structures. We propose a set of rules that not only increase the flexibility of IFC, but also define labels as a practical component of a security system. We propose a dynamic approach using a centralized model for dynamic label checking, and verify the proposed model using theoretical proofs.

Complete Chapter List

Search this Book:
Reset