Saadia Kedjar scite author profile

2009

Abstract. Cooperation requires sharing data, but enforcing access restrictions across enterprises is a challenge. Different sites have different policies and use a variety of access control methods that are tailored to the individual enterprises' needs. Mapping one set of rules into another may require complex computations, possibly with a separate method for each pair of sites. This paper proposes an information flow control model for enforcing access restrictions across a virtual enterprise. Labels are assigned to data structures to ensure uniform treatment across the enterprise, and dynamic label checking provides flexibility during operation. A set of rules are presented to facilitate data manipulation so that they do not lead to information leak. The proposed solution particularly suits web-based environments and web services operations.

The hybrid model for web services security access control and information flow control

2013

The openness and accessibility of the web Services on the Internet makes them vulnerable to various attacks. Therefore, security solutions are necessary to restrict access to web services and objects they manipulate.In this paper, we propose a hybrid model that incorporates a mechanism for access control (AC) and a mechanism for information flow control (IFC).The AC mechanism controls user access to web services methods and uses the concept of role to represent a functionality of web services methods and attributes for trust management between service providers and requesters. The IFC mechanism associates labels to the objects of the system to control access to them and verify information flows between these objects to ensure the information confidentiality and integrity.

Access Control and Information Flow Control for Web Services Security

Bertók

2016

With the advancement of web services technology, security has become an increasingly important issue. Various security standards have been developed to secure web services at the transport and message level, but application level has received less attention. The security solutions at the application level focus on access control which cannot alone ensure the confidentiality and integrity of information. The solution proposed in this paper consists on a hybrid model that combines access control (AC) and information flow control (IFC). The AC mechanism uses the concept of roles and attributes to control user access to web services' methods. The IFC mechanism uses labels to control how the roles access to the system's objects and verify the information flows between them to ensure the information confidentiality and integrity. This manuscript describes the model, gives the demonstration of the IFC model safety, presents the modeling and implementation of the model and a case study.

Access Control and Information Flow Control for Web Services Security

Bertók

2020