The University of Southampton
University of Southampton Institutional Repository

Preventing unauthorized data flows

Preventing unauthorized data flows
Preventing unauthorized data flows
Trojan Horse attacks can lead to unauthorized data flows and can cause either a confidentiality violation or an integrity violation. Existing solutions to address this problem employ analysis techniques that keep track of all subject accesses to objects, and hence can be expensive. In this paper we show that for an unauthorized flow to exist in an access control matrix, a flow of length one must exist. Thus, to eliminate unauthorized flows, it is sufficient to remove all one-step flows, thereby avoiding the need for expensive transitive closure computations. This new insight allows us to develop an efficient methodology to identify and prevent all unauthorized flows leading to confidentiality and integrity violations. We develop separate solutions for two different environments that occur in real life, and experimentally validate the efficiency and restrictiveness of the proposed approaches using real data sets.
41-62
Springer
Uzun, Emre
6a346a23-8598-41b1-9d67-d13419d25f9f
Parlato, Gennaro
c28428a0-d3f3-4551-a4b5-b79e410f4923
Atluri, Vijayalakshmi
f4401f35-3e76-4846-9ce8-4bb8362079fe
Ferrara, Anna Lisa
6bc9ff9b-aa7d-4124-8de1-73aeda822d7e
Vaidya, Jaideep
7dfa994e-6422-4a65-b938-ad19fd283930
Sural, Shamik
60e4c319-a321-4613-b598-f2c20032d184
Lorenzi, David
544781b1-dfa7-4e2a-94db-a81ffeef4f81
Livraga, G.
Zhu, S.
Uzun, Emre
6a346a23-8598-41b1-9d67-d13419d25f9f
Parlato, Gennaro
c28428a0-d3f3-4551-a4b5-b79e410f4923
Atluri, Vijayalakshmi
f4401f35-3e76-4846-9ce8-4bb8362079fe
Ferrara, Anna Lisa
6bc9ff9b-aa7d-4124-8de1-73aeda822d7e
Vaidya, Jaideep
7dfa994e-6422-4a65-b938-ad19fd283930
Sural, Shamik
60e4c319-a321-4613-b598-f2c20032d184
Lorenzi, David
544781b1-dfa7-4e2a-94db-a81ffeef4f81
Livraga, G.
Zhu, S.

Uzun, Emre, Parlato, Gennaro, Atluri, Vijayalakshmi, Ferrara, Anna Lisa, Vaidya, Jaideep, Sural, Shamik and Lorenzi, David (2017) Preventing unauthorized data flows. Livraga, G. and Zhu, S. (eds.) In Data and Applications Security and Privacy XXXI. DBSec 2017. vol. 10359, Springer. pp. 41-62 . (doi:10.1007/978-3-319-61176-1_3).

Record type: Conference or Workshop Item (Paper)

Abstract

Trojan Horse attacks can lead to unauthorized data flows and can cause either a confidentiality violation or an integrity violation. Existing solutions to address this problem employ analysis techniques that keep track of all subject accesses to objects, and hence can be expensive. In this paper we show that for an unauthorized flow to exist in an access control matrix, a flow of length one must exist. Thus, to eliminate unauthorized flows, it is sufficient to remove all one-step flows, thereby avoiding the need for expensive transitive closure computations. This new insight allows us to develop an efficient methodology to identify and prevent all unauthorized flows leading to confidentiality and integrity violations. We develop separate solutions for two different environments that occur in real life, and experimentally validate the efficiency and restrictiveness of the proposed approaches using real data sets.

Text
DBSEC17 - Accepted Manuscript
Download (356kB)

More information

Accepted/In Press date: 5 May 2017
e-pub ahead of print date: 22 June 2017
Published date: July 2017
Venue - Dates: Conference on Data and Applications Security and Privacy: 31st Annual IFIP WG 11.3, Temple University Center City (TUCC), Philadelphia, United States, 2017-07-19 - 2017-07-21
Organisations: Electronics & Computer Science, Electronic & Software Systems

Identifiers

Local EPrints ID: 410623
URI: http://eprints.soton.ac.uk/id/eprint/410623
PURE UUID: 4b38b6a0-59c6-4274-b517-c66635095fc2

Catalogue record

Date deposited: 09 Jun 2017 09:15
Last modified: 16 Mar 2024 05:37

Export record

Altmetrics

Contributors

Author: Emre Uzun
Author: Gennaro Parlato
Author: Vijayalakshmi Atluri
Author: Anna Lisa Ferrara
Author: Jaideep Vaidya
Author: Shamik Sural
Author: David Lorenzi
Editor: G. Livraga
Editor: S. Zhu

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×