Role Based Access Control in Distributed Object Systems

The role-based access control (RBAC) model is widely used to make information systems secure. Even if every access request is authorized, illegal information flow might occur as the well known confinement problem. In this paper, we discuss how prevent illegal information flow to occur by synchronizing onflicting transactions in the RBAC model. We first define types of information flow relations, legal (LIF), illegal (IIF), and possibly illegal (PIF) ones R₁ rArr R₂, R₁ rarr R₂, and R₁ rarr R₂ among a pair of role families R₁ and R₂, respectively. Here, let T₁ and T₂ be a pair of transactions with role families R₁ and R₂, respectively. Suppose T₁ precedes T₂ in a schedule, i.e. for every pair of conflicting methods op₁ and op₂ from T₁ and T₂, respectively, op₁ is performed prior to op₂. Here, if the LIF relation R₁ rArr R₂ holds, no illegal information flow occur. If R₁ rarr R₂, illegal information flow necessarily occur. R₁ rarr R₂ implies that illegal information flow might occur depending on in which order the transactions perform what methods.