Skip to Main content Skip to Navigation
Conference papers

Preventing Unauthorized Data Flows

Abstract : Trojan Horse attacks can lead to unauthorized data flows and can cause either a confidentiality violation or an integrity violation. Existing solutions to address this problem employ analysis techniques that keep track of all subject accesses to objects, and hence can be expensive. In this paper we show that for an unauthorized flow to exist in an access control matrix, a flow of length one must exist. Thus, to eliminate unauthorized flows, it is sufficient to remove all one-step flows, thereby avoiding the need for expensive transitive closure computations. This new insight allows us to develop an efficient methodology to identify and prevent all unauthorized flows leading to confidentiality and integrity violations. We develop separate solutions for two different environments that occur in real life, and experimentally validate the efficiency and restrictiveness of the proposed approaches using real data sets.
Document type :
Conference papers
Complete list of metadata

Cited literature [32 references]  Display  Hide  Download

https://hal.inria.fr/hal-01684345
Contributor : Hal Ifip <>
Submitted on : Monday, January 15, 2018 - 2:06:42 PM
Last modification on : Friday, August 9, 2019 - 3:24:27 PM
Long-term archiving on: : Monday, May 7, 2018 - 9:01:37 PM

File

453481_1_En_3_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Emre Uzun, Gennaro Parlato, Vijayalakshmi Atluri, Anna Ferrara, Jaideep Vaidya, et al.. Preventing Unauthorized Data Flows. 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC), Jul 2017, Philadelphia, PA, United States. pp.41-62, ⟨10.1007/978-3-319-61176-1_3⟩. ⟨hal-01684345⟩

Share

Metrics

Record views

110

Files downloads

67