Trust-oriented Access Control based on Sources of Information Flow

To equip a computer system with trust measurement capability, measurement mechanisms must be built into the system. Access Control is indispensable to ensure effective work of such mechanisms. Existing access control models are not good enough to support trust measurement because they were not devised with this goal in due consideration. Trust is often evaluated in term of integrity, which can be naturally measured using information flow. To support trust measurement, this paper proposes an access control model called Trust-oriented Access Control based on Sources of Information Flow (TACSIF). It uses sources of information flow to describe the integrity level of an entity, which is the destination of that flow. Integrity levels of both subjects and objects are fundamental elements for TACSIF to make access authorization. They are used to define access control rules, which form access control policies of the TACSIF. The TACSIF enforces access control in accordance with its access control policies. To improve its applicability, the TACSIF introduces the concept of constrained subjects to handle network information flows. By embedding trust measurement elements into the model, the TACSIF may provide a good way to support implementation of system mechanisms for trust measurement, especially for one that is based on information flow.