Granularity based flow control

Many models, methods, techniques, and systems have been developed to preserve the integrity of data and guarantee an acceptable level of security over networks. Protection from illegitimate data access and control of information flow are two main goals. This paper presents new techniques that address two main issues: information protection at various levels of granularity and data flow control. We first investigate challenges and limits of established access control models regarding flow control. We then introduce a new flow control model based on granularity, the GBFC. GBFC is capable of guaranteeing flow control under reasonable assumptions. In addition, it offers advantages such as adaptability, full control, reliability and compatibility amongst others. Essentially, in GBFC classified information at suitable levels of granularity is accessible through references and information flow control is applied on the references. We also introduce the concepts of views for information access and Noise Injection that represent building blocks for the Granularity Based Flow Control. With noise injection, a document can be transformed into different views to erase or replace protected information and this transformation can be made almost undetectable to the unauthorized reader. Therefore, inference can be made much more difficult with this method. The GBFC model is intended to complement, rather than replace, existing access control methods.