Design and Evaluation of a Legal Information Flow (LIF) Scheduler in a Role-based Access Control Model

The role-based access control model is widely used to keep information systems secure. Here, a subject s is allowed to issue a method op to an object o only if an access right (o, op) is included in the roles granted to the subject s. Even if every access request is authorized in the roles, illegal information flow might occur as well known confinement problem. A legal information flow relation (R₁ les^I R₂) among a pair of role families R₁ and R₂ shows that no illegal information flow occur if a transaction T₁ with a role family R₁ is performed prior to another transaction T₂ with R₂. In addition, a significantly precedent relation R₁ les^s R₂ implies that a role family R₂ is more significant than R₁. We discuss a legal information flow (LIF) scheduler to synchronize transactions so as to prevent illegal information flow and how to serialize conflicting methods from multiple transactions in terms of significancy and information flow relation of roles families. We evaluate the LIF scheduler in terms of how much illegal information flow can be prevented.