Abstract
Recently, incidents in which data such as private information has leaked have occurred frequently. In many cases, the main causes of data leakage are as follows: taking data out illegally or unfairly, erroneous operation by a user with authority to access the data. We developed the operating system Salvia for the purpose of preventing data leakage resulting from these causes. Salvia provides the capability to attach data protection policies to each file. In addition, Salvia monitors resource access that may incur the possibility of data leakage. When a process requests to access to such resources, Salvia allows the operation only if it does not violate the policies of all files which are read by the process. That is, Salvia controls resource access by process. In this paper, we propose DF-Salvia, based on Salvia. An access control unit of DF-Salvia is data flow, which is finer-grained than the process-based access control of Salvia. This means that DF-Salvia applies a policy not to each process but to each data flow in a process in order to limit the extent of the effect of the policy to corresponding data flow. The results show a solution to the problem of over-restriction of irrelevant data.
Original language | English |
---|---|
Title of host publication | International MultiConference of Engineers and Computer Scientists, IMECS 2012 |
Publisher | Newswood Limited |
Pages | 182-189 |
Number of pages | 8 |
Volume | 2195 |
ISBN (Print) | 9789881925114 |
Publication status | Published - 2012 |
Externally published | Yes |
Event | 2012 International MultiConference of Engineers and Computer Scientists, IMECS 2012 - Kowloon, Hong Kong Duration: Mar 14 2012 → Mar 16 2012 |
Other
Other | 2012 International MultiConference of Engineers and Computer Scientists, IMECS 2012 |
---|---|
Country | Hong Kong |
City | Kowloon |
Period | 3/14/12 → 3/16/12 |
Fingerprint
All Science Journal Classification (ASJC) codes
- Computer Science (miscellaneous)
Cite this
Design and implementation of DF-Salvia which provides mandatory access control based on data flow. / Ida, Shozo; Kashiyama, Takehiro; Takimoto, Eiji; Saito, Shoichi; Cooper, Eric Wallace; Mouri, Koichi.
International MultiConference of Engineers and Computer Scientists, IMECS 2012. Vol. 2195 Newswood Limited, 2012. p. 182-189.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Design and implementation of DF-Salvia which provides mandatory access control based on data flow
AU - Ida, Shozo
AU - Kashiyama, Takehiro
AU - Takimoto, Eiji
AU - Saito, Shoichi
AU - Cooper, Eric Wallace
AU - Mouri, Koichi
PY - 2012
Y1 - 2012
N2 - Recently, incidents in which data such as private information has leaked have occurred frequently. In many cases, the main causes of data leakage are as follows: taking data out illegally or unfairly, erroneous operation by a user with authority to access the data. We developed the operating system Salvia for the purpose of preventing data leakage resulting from these causes. Salvia provides the capability to attach data protection policies to each file. In addition, Salvia monitors resource access that may incur the possibility of data leakage. When a process requests to access to such resources, Salvia allows the operation only if it does not violate the policies of all files which are read by the process. That is, Salvia controls resource access by process. In this paper, we propose DF-Salvia, based on Salvia. An access control unit of DF-Salvia is data flow, which is finer-grained than the process-based access control of Salvia. This means that DF-Salvia applies a policy not to each process but to each data flow in a process in order to limit the extent of the effect of the policy to corresponding data flow. The results show a solution to the problem of over-restriction of irrelevant data.
AB - Recently, incidents in which data such as private information has leaked have occurred frequently. In many cases, the main causes of data leakage are as follows: taking data out illegally or unfairly, erroneous operation by a user with authority to access the data. We developed the operating system Salvia for the purpose of preventing data leakage resulting from these causes. Salvia provides the capability to attach data protection policies to each file. In addition, Salvia monitors resource access that may incur the possibility of data leakage. When a process requests to access to such resources, Salvia allows the operation only if it does not violate the policies of all files which are read by the process. That is, Salvia controls resource access by process. In this paper, we propose DF-Salvia, based on Salvia. An access control unit of DF-Salvia is data flow, which is finer-grained than the process-based access control of Salvia. This means that DF-Salvia applies a policy not to each process but to each data flow in a process in order to limit the extent of the effect of the policy to corresponding data flow. The results show a solution to the problem of over-restriction of irrelevant data.
UR - http://www.scopus.com/inward/record.url?scp=84867441886&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84867441886&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84867441886
SN - 9789881925114
VL - 2195
SP - 182
EP - 189
BT - International MultiConference of Engineers and Computer Scientists, IMECS 2012
PB - Newswood Limited
ER -