Design and implementation of DF-Salvia which provides mandatory access control based on data flow

Shozo Ida, Takehiro Kashiyama, Eiji Takimoto, Shoichi Saito, Eric Wallace Cooper, Koichi Mouri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Recently, incidents in which data such as private information has leaked have occurred frequently. In many cases, the main causes of data leakage are as follows: taking data out illegally or unfairly, erroneous operation by a user with authority to access the data. We developed the operating system Salvia for the purpose of preventing data leakage resulting from these causes. Salvia provides the capability to attach data protection policies to each file. In addition, Salvia monitors resource access that may incur the possibility of data leakage. When a process requests to access to such resources, Salvia allows the operation only if it does not violate the policies of all files which are read by the process. That is, Salvia controls resource access by process. In this paper, we propose DF-Salvia, based on Salvia. An access control unit of DF-Salvia is data flow, which is finer-grained than the process-based access control of Salvia. This means that DF-Salvia applies a policy not to each process but to each data flow in a process in order to limit the extent of the effect of the policy to corresponding data flow. The results show a solution to the problem of over-restriction of irrelevant data.

Original languageEnglish
Title of host publicationInternational MultiConference of Engineers and Computer Scientists, IMECS 2012
PublisherNewswood Limited
Pages182-189
Number of pages8
Volume2195
ISBN (Print)9789881925114
Publication statusPublished - 2012
Externally publishedYes
Event2012 International MultiConference of Engineers and Computer Scientists, IMECS 2012 - Kowloon, Hong Kong
Duration: Mar 14 2012Mar 16 2012

Other

Other2012 International MultiConference of Engineers and Computer Scientists, IMECS 2012
CountryHong Kong
CityKowloon
Period3/14/123/16/12

Fingerprint

Access control
Data privacy

All Science Journal Classification (ASJC) codes

  • Computer Science (miscellaneous)

Cite this

Ida, S., Kashiyama, T., Takimoto, E., Saito, S., Cooper, E. W., & Mouri, K. (2012). Design and implementation of DF-Salvia which provides mandatory access control based on data flow. In International MultiConference of Engineers and Computer Scientists, IMECS 2012 (Vol. 2195, pp. 182-189). Newswood Limited.

Design and implementation of DF-Salvia which provides mandatory access control based on data flow. / Ida, Shozo; Kashiyama, Takehiro; Takimoto, Eiji; Saito, Shoichi; Cooper, Eric Wallace; Mouri, Koichi.

International MultiConference of Engineers and Computer Scientists, IMECS 2012. Vol. 2195 Newswood Limited, 2012. p. 182-189.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ida, S, Kashiyama, T, Takimoto, E, Saito, S, Cooper, EW & Mouri, K 2012, Design and implementation of DF-Salvia which provides mandatory access control based on data flow. in International MultiConference of Engineers and Computer Scientists, IMECS 2012. vol. 2195, Newswood Limited, pp. 182-189, 2012 International MultiConference of Engineers and Computer Scientists, IMECS 2012, Kowloon, Hong Kong, 3/14/12.
Ida S, Kashiyama T, Takimoto E, Saito S, Cooper EW, Mouri K. Design and implementation of DF-Salvia which provides mandatory access control based on data flow. In International MultiConference of Engineers and Computer Scientists, IMECS 2012. Vol. 2195. Newswood Limited. 2012. p. 182-189
Ida, Shozo ; Kashiyama, Takehiro ; Takimoto, Eiji ; Saito, Shoichi ; Cooper, Eric Wallace ; Mouri, Koichi. / Design and implementation of DF-Salvia which provides mandatory access control based on data flow. International MultiConference of Engineers and Computer Scientists, IMECS 2012. Vol. 2195 Newswood Limited, 2012. pp. 182-189
@inproceedings{bb599db36c0a423e89868b722e586554,
title = "Design and implementation of DF-Salvia which provides mandatory access control based on data flow",
abstract = "Recently, incidents in which data such as private information has leaked have occurred frequently. In many cases, the main causes of data leakage are as follows: taking data out illegally or unfairly, erroneous operation by a user with authority to access the data. We developed the operating system Salvia for the purpose of preventing data leakage resulting from these causes. Salvia provides the capability to attach data protection policies to each file. In addition, Salvia monitors resource access that may incur the possibility of data leakage. When a process requests to access to such resources, Salvia allows the operation only if it does not violate the policies of all files which are read by the process. That is, Salvia controls resource access by process. In this paper, we propose DF-Salvia, based on Salvia. An access control unit of DF-Salvia is data flow, which is finer-grained than the process-based access control of Salvia. This means that DF-Salvia applies a policy not to each process but to each data flow in a process in order to limit the extent of the effect of the policy to corresponding data flow. The results show a solution to the problem of over-restriction of irrelevant data.",
author = "Shozo Ida and Takehiro Kashiyama and Eiji Takimoto and Shoichi Saito and Cooper, {Eric Wallace} and Koichi Mouri",
year = "2012",
language = "English",
isbn = "9789881925114",
volume = "2195",
pages = "182--189",
booktitle = "International MultiConference of Engineers and Computer Scientists, IMECS 2012",
publisher = "Newswood Limited",

}

TY - GEN

T1 - Design and implementation of DF-Salvia which provides mandatory access control based on data flow

AU - Ida, Shozo

AU - Kashiyama, Takehiro

AU - Takimoto, Eiji

AU - Saito, Shoichi

AU - Cooper, Eric Wallace

AU - Mouri, Koichi

PY - 2012

Y1 - 2012

N2 - Recently, incidents in which data such as private information has leaked have occurred frequently. In many cases, the main causes of data leakage are as follows: taking data out illegally or unfairly, erroneous operation by a user with authority to access the data. We developed the operating system Salvia for the purpose of preventing data leakage resulting from these causes. Salvia provides the capability to attach data protection policies to each file. In addition, Salvia monitors resource access that may incur the possibility of data leakage. When a process requests to access to such resources, Salvia allows the operation only if it does not violate the policies of all files which are read by the process. That is, Salvia controls resource access by process. In this paper, we propose DF-Salvia, based on Salvia. An access control unit of DF-Salvia is data flow, which is finer-grained than the process-based access control of Salvia. This means that DF-Salvia applies a policy not to each process but to each data flow in a process in order to limit the extent of the effect of the policy to corresponding data flow. The results show a solution to the problem of over-restriction of irrelevant data.

AB - Recently, incidents in which data such as private information has leaked have occurred frequently. In many cases, the main causes of data leakage are as follows: taking data out illegally or unfairly, erroneous operation by a user with authority to access the data. We developed the operating system Salvia for the purpose of preventing data leakage resulting from these causes. Salvia provides the capability to attach data protection policies to each file. In addition, Salvia monitors resource access that may incur the possibility of data leakage. When a process requests to access to such resources, Salvia allows the operation only if it does not violate the policies of all files which are read by the process. That is, Salvia controls resource access by process. In this paper, we propose DF-Salvia, based on Salvia. An access control unit of DF-Salvia is data flow, which is finer-grained than the process-based access control of Salvia. This means that DF-Salvia applies a policy not to each process but to each data flow in a process in order to limit the extent of the effect of the policy to corresponding data flow. The results show a solution to the problem of over-restriction of irrelevant data.

UR - http://www.scopus.com/inward/record.url?scp=84867441886&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84867441886&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84867441886

SN - 9789881925114

VL - 2195

SP - 182

EP - 189

BT - International MultiConference of Engineers and Computer Scientists, IMECS 2012

PB - Newswood Limited

ER -