Entry Bertino:1998:EBI from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Bertino:1998:EBI,
  author =       "Elisa Bertino and Sabrina {De Capitani Di Vimercati}
                 and Elena Ferrari and Pierangela Samarati",
  title =        "Exception-based information flow control in
                 object-oriented systems",
  journal =      j-TISSEC,
  volume =       "1",
  number =       "1",
  pages =        "26--65",
  month =        nov,
  year =         "1998",
  CODEN =        "ATISBQ",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Tue Jul 27 17:35:45 MDT 1999",
  bibsource =    "http://www.acm.org/tissec/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  URL =          "http://www.acm.org:80/pubs/citations/journals/tissec/1998-1-1/p26-bertino/",
  abstract =     "We present an approach to control information flow in
                 object-oriented systems. The decision of whether an
                 information flow is permitted or denied depends on both
                 the authorizations specified on the objects and the
                 process by which information is obtained and
                 transmitted. Depending on the specific computations, a
                 process accessing sensitive information could still be
                 allowed to release information to users who are not
                 allowed to directly access it. Exceptions to the
                 permissions and restrictions stated by the
                 authorizations are specified by means of exceptions
                 associated with methods. Two kinds of exceptions are
                 considered: {\em invoke exceptions,\/} applicable
                 during a method execution and {\em reply exceptions\/}
                 applicable to the information returned by a method.
                 Information flowing from one object into another or
                 returned to the user is subject to the different
                 exceptions specified for the methods enforcing the
                 transmission. We formally characterize information
                 transmission and flow in a transaction and define the
                 conditions for safe information flow. We define
                 security specifications and characterize safe
                 information flows. We propose an approach to control
                 unsafe flows and present an algorithm to enforce it. We
                 also illustrate an efficient implementation of our
                 controls and present some experimental results
                 evaluating its performance.",
  acknowledgement = ack-nhfb,
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
  keywords =     "security",
  subject =      "{\bf H.2.7} Information Systems, DATABASE MANAGEMENT,
                 Database Administration, Security, integrity, and
                 protection. {\bf H.2.4} Information Systems, DATABASE
                 MANAGEMENT, Systems, Object-oriented databases.",
}

Related entries

accessing, 2(2)177
administration, 1(1)93, 2(1)65, 2(1)105, 2(2)177, 7(3)363, 8(4)388, 9(2)113, 9(4)391, 10(4)2, 17(2)5
algorithm, 2(1)3, 2(1)65, 2(1)105, 2(3)295, 9(2)162, 9(4)391, 9(4)421, 10(1)4, 10(4)3, 11(1)4, 11(3)12, 12(2)8, 12(3)17, 12(4)20, 13(1)10, 13(3)20, 13(3)22, 13(3)24, 13(3)26, 13(3)27, 13(3)28, 13(4)36, 13(4)41, 14(1)3, 14(1)13, 14(3)25, 15(3)11, 15(4)15, 15(4)17, 16(1)4, 17(3)11, 17(4)13, 18(1)1, 18(1)4, 18(4)14
allowed, 10(4)2, 11(2)3, 12(2)10, 13(4)40, 15(4)16
another, 1(1)66, 11(3)13, 11(3)14, 12(1)5, 12(3)18, 13(3)26, 13(4)36, 15(3)12, 15(4)18, 18(1)1
applicable, 10(3)12, 11(4)18, 11(4)19, 14(3)25
approach, 1(1)3, 2(1)34, 2(2)138, 2(3)269, 2(3)295, 5(2)119, 5(3)203, 6(1)128, 7(3)392, 9(4)391, 9(4)421, 10(1)2, 10(1)4, 10(3)11, 10(3)12, 10(4)4, 11(1)3, 11(3)15, 11(3)16, 11(4)17, 11(4)19, 12(1)1, 12(1)4, 12(2)11, 12(3)14, 13(3)20, 13(3)24, 13(4)31, 13(4)35, 13(4)36, 14(1)8, 14(3)23, 14(4)29, 15(1)4, 15(3)12, 15(3)13, 15(4)15, 15(4)17, 15(4)18, 16(2)5, 16(2)7, 16(2)8, 16(4)15, 16(4)16, 17(3)12, 17(4)14, 18(2)5, 18(2)7, 18(3)11
associated, 2(1)105, 10(4)2, 11(4)20, 12(3)18, 13(3)26, 13(4)33, 15(3)13, 16(4)15
authorization, 2(1)34, 2(1)65, 2(1)105, 2(2)177, 3(4)207, 4(4)453, 5(1)62, 6(1)128, 6(4)566, 7(2)175, 7(3)363, 10(4)2, 11(1)2, 11(1)3, 11(1)4, 12(1)6, 12(2)8, 12(3)15, 13(3)20, 13(3)25, 13(4)40, 14(1)3, 14(1)8, 14(3)23, 15(3)13, 17(2)5
Bertino, Elisa, 2(1)65, 4(3)191, 4(4)321, 5(3)290, 6(1)71, 8(2)187, 8(4)388, 9(4)421, 10(1)2, 10(4)2, 11(1)4, 13(3)24, 13(4)36
both, 1(1)93, 2(1)65, 2(4)416, 9(2)181, 10(1)4, 10(3)12, 11(1)3, 11(1)4, 11(2)2, 11(3)14, 11(3)15, 11(3)16, 11(4)22, 12(1)2, 12(2)13, 12(3)15, 12(4)20, 13(4)30, 13(4)33, 14(3)24, 15(1)5, 15(2)10, 15(3)11, 15(3)13, 16(1)4, 16(2)5, 16(3)10, 16(4)17, 17(3)9, 18(1)1, 18(4)13, 18(4)14
Capitani Di Vimercati, Sabrina, De, 8(1)119, 13(3)22
characterize, 2(3)295, 12(1)2, 12(1)5, 14(3)23, 18(2)5
computation, 2(3)332, 9(4)461, 11(2)6, 12(1)6, 13(3)22, 13(4)29, 14(1)5, 14(4)29, 14(4)31, 15(1)2, 15(2)9, 16(3)11, 17(3)11
condition, 2(3)295, 10(4)1, 11(1)3, 11(2)2, 11(4)21, 12(2)11, 13(3)26, 16(1)3, 17(1)2, 18(1)2, 18(2)5, 18(2)6
considered, 10(2)5, 14(1)14, 15(1)5, 15(4)16
could, 7(2)319, 10(3)11, 12(2)9, 14(1)10, 17(1)1, 17(4)14, 18(4)14
DATABASE, 1(1)93, 2(1)65, 2(1)105
database, 1(1)93, 2(4)354, 4(4)321, 8(1)119, 9(1)31, 10(1)2, 10(4)4, 11(2)5, 12(2)8, 13(4)31, 13(4)32, 14(3)25, 16(3)12, 17(3)11, 18(3)9
De Capitani Di Vimercati, Sabrina, 8(1)119, 13(3)22
decision, 1(1)3, 10(4)2, 11(1)3, 14(1)3, 15(3)13, 16(1)3, 16(4)16, 17(1)2, 18(1)3
define, 2(2)177, 10(1)3, 10(1)4, 10(2)8, 10(4)2, 10(4)5, 12(1)1, 12(3)19, 13(3)24, 13(3)27, 13(4)29, 13(4)36, 14(1)9, 14(1)14, 14(3)25, 16(1)4, 17(1)2, 17(1)4
denied, 14(1)2
depend, 14(1)8, 15(4)15, 15(4)16
depending, 12(3)17, 15(3)12
Di Vimercati, Sabrina, De Capitani, 8(1)119, 13(3)22
different, 1(1)93, 2(1)105, 2(2)138, 2(3)269, 10(1)2, 10(1)4, 10(4)4, 12(1)3, 12(3)14, 13(1)10, 13(3)27, 13(3)28, 14(1)4, 14(4)28, 15(1)2, 15(2)7, 15(2)10, 16(1)3, 16(2)7, 16(3)9, 16(4)15, 17(2)7, 17(4)14, 18(1)1, 18(3)11
directly, 10(2)5, 11(1)2, 12(2)12, 13(3)27
during, 9(4)421, 11(1)3, 11(4)18, 12(2)8, 13(3)25, 15(3)13, 15(4)17, 17(2)6, 17(3)10
efficient, 3(2)63, 6(2)258, 6(3)365, 7(1)21, 9(4)391, 9(4)461, 10(1)3, 10(2)5, 10(2)6, 10(4)2, 11(1)3, 11(2)4, 11(2)6, 11(3)15, 11(4)19, 12(1)1, 12(3)15, 12(3)18, 12(4)21, 13(1)9, 13(1)10, 13(3)24, 13(3)27, 13(4)31, 13(4)32, 13(4)34, 13(4)38, 14(1)5, 14(1)14, 15(1)4, 15(2)6, 15(2)9, 15(4)16, 16(1)2, 16(1)4, 17(3)10, 17(4)15, 18(3)11
enforce, 2(2)177, 3(2)85, 7(3)392, 10(2)5, 12(2)8, 12(3)19, 13(3)22, 13(3)24, 13(3)28, 14(1)6, 15(2)6, 15(2)10
enforcing, 2(1)34, 10(2)5, 12(2)8, 13(1)6, 13(3)21, 14(3)25, 14(4)31, 16(1)1, 17(1)3
exception, 12(2)11
execution, 10(4)3, 12(2)10, 12(2)11, 12(3)14, 14(1)6, 14(2)15, 14(4)32, 15(1)2, 15(2)10, 15(3)13, 16(1)3, 16(2)6, 16(2)7, 18(1)2, 18(1)4
experimental, 1(1)3, 10(1)3, 10(1)4, 11(1)3, 11(4)22, 11(4)23, 12(1)4, 12(3)16, 13(3)22, 15(3)12, 15(4)16, 16(2)7, 16(3)10, 16(4)17, 18(3)11, 18(4)12
Ferrari, Elena, 2(1)65, 4(3)191, 4(4)321, 5(3)290, 6(1)71, 8(4)349, 9(4)421, 10(3)12, 13(1)6, 13(3)28
flow, 1(1)93, 10(2)7, 12(1)5, 12(2)11, 13(3)26, 14(3)24, 15(1)2, 16(1)1, 16(2)6, 18(2)8
formally, 2(3)230, 9(4)421, 10(3)9, 10(4)2, 11(3)13, 11(4)17, 12(2)8, 13(3)24, 13(3)27, 14(4)30, 17(1)2, 17(1)3
H.2.4, 2(4)354
H.2.7, 1(1)93
illustrate, 9(2)162, 11(4)19, 13(3)25, 14(1)8, 15(2)10, 17(1)1, 18(1)2
implementation, 1(1)3, 1(1)66, 2(1)34, 2(2)177, 2(4)390, 2(4)416, 7(2)319, 11(1)2, 11(1)3, 11(1)4, 11(3)16, 11(4)18, 11(4)22, 12(1)1, 12(2)10, 12(2)11, 12(3)14, 12(4)22, 13(1)4, 13(3)26, 13(3)27, 14(1)3, 15(1)3, 15(2)8, 15(3)13, 15(4)16, 16(1)1, 16(1)2, 16(3)9, 16(3)10, 16(3)11, 16(4)13, 17(2)5, 17(2)8, 18(1)2, 18(1)3, 18(1)4
integrity, 1(1)93, 2(1)65, 2(1)105, 3(1)51, 10(2)8, 10(3)11, 11(3)14, 12(1)6, 12(3)14, 13(1)4, 13(1)5, 13(3)25, 14(3)24, 17(2)6, 17(4)15, 18(2)5
it, 10(3)10, 11(3)12, 13(1)10, 14(1)12, 16(2)5
kinds, 2(1)3, 9(4)391, 14(4)30
MANAGEMENT, 1(1)3, 1(1)93, 2(1)3, 2(1)65, 2(1)105
mean, 2(1)34, 2(3)230, 10(3)10, 11(2)2, 12(4)22, 14(1)5, 14(3)27, 15(3)12, 16(2)8, 18(4)14
method, 1(1)3, 2(2)159, 2(3)295, 2(3)332, 2(4)416, 9(3)259, 10(1)3, 10(3)10, 10(4)4, 10(4)5, 11(2)2, 11(3)16, 11(4)19, 11(4)22, 12(1)2, 12(1)6, 12(2)13, 12(3)16, 13(2)15, 13(4)35, 15(1)4, 15(2)10, 15(3)12, 15(4)15, 15(4)17, 17(3)12, 18(3)9
not, 2(1)65, 2(2)177, 2(3)230, 2(3)269, 2(4)390, 9(4)421, 10(1)3, 10(4)2, 11(1)3, 11(1)4, 11(2)2, 11(2)4, 11(2)5, 11(3)12, 11(3)13, 11(3)15, 11(3)16, 11(4)19, 11(4)20, 11(4)22, 12(1)1, 12(1)2, 12(1)3, 12(1)6, 12(2)10, 12(2)11, 12(2)13, 12(3)14, 12(4)22, 13(1)10, 13(3)28, 13(4)33, 13(4)35, 13(4)36, 13(4)37, 13(4)39, 13(4)40, 14(3)23, 14(3)27, 14(4)28, 14(4)29, 14(4)31, 15(2)6, 15(2)9, 15(2)10, 15(3)12, 15(3)13, 16(1)1, 16(2)5, 16(2)6, 16(3)9, 16(3)12, 16(4)13, 16(4)15, 16(4)16, 17(1)2, 17(3)10, 17(4)15, 18(1)1, 18(3)9, 18(4)13
object, 10(1)2, 11(1)3, 12(3)18, 14(3)23, 16(2)5, 16(4)13, 18(3)9
obtained, 10(1)2, 10(1)4, 10(2)8, 11(3)13, 12(2)8, 12(3)18, 14(1)14, 16(4)14, 18(4)12
one, 1(1)93, 2(1)3, 2(1)65, 2(3)295, 9(4)461, 10(1)2, 10(2)5, 10(2)8, 10(3)12, 10(4)3, 11(2)6, 11(3)14, 12(1)1, 12(1)5, 12(2)13, 12(3)14, 13(3)21, 13(3)25, 13(3)26, 13(3)27, 13(4)41, 14(1)3, 14(1)5, 14(4)30, 14(4)32, 15(2)10, 15(3)11, 15(4)16, 15(4)18, 16(1)3, 16(1)4, 16(3)9, 16(4)14, 17(2)8, 17(4)13, 18(1)1, 18(3)11, 18(4)13
performance, 1(1)3, 1(1)66, 2(3)269, 4(3)289, 5(4)458, 7(3)457, 9(4)461, 10(1)3, 10(4)4, 11(1)2, 11(1)3, 11(2)1, 11(4)17, 11(4)19, 12(3)14, 12(3)16, 13(3)24, 13(3)25, 13(4)32, 13(4)35, 13(4)38, 14(1)3, 15(1)4, 16(1)1, 16(2)6, 16(2)8, 16(3)9, 16(4)16, 17(1)1, 17(2)8, 17(3)9, 17(4)13, 17(4)15
permission, 2(1)105, 10(1)2, 10(2)5, 10(4)2, 12(4)20, 13(3)24, 13(3)27, 15(4)15, 17(1)2
permitted, 11(4)21, 12(1)1, 16(1)4, 17(1)2
present, 2(1)3, 2(1)65, 2(2)177, 2(3)230, 2(3)269, 2(3)295, 2(4)354, 7(2)319, 9(2)181, 9(4)461, 10(1)2, 10(2)7, 10(3)10, 10(3)11, 10(3)12, 10(4)2, 10(4)3, 11(1)2, 11(1)4, 11(2)2, 11(2)5, 11(3)14, 11(4)22, 12(1)2, 12(1)4, 12(2)10, 12(2)11, 12(3)14, 12(3)15, 12(3)16, 12(3)17, 12(4)22, 13(1)10, 13(3)20, 13(3)22, 13(3)25, 13(3)28, 13(4)29, 13(4)41, 14(1)4, 14(1)5, 14(1)6, 15(1)2, 15(2)6, 15(2)8, 15(2)10, 15(3)12, 15(3)13, 15(4)16, 15(4)18, 16(2)6, 16(2)7, 16(4)13, 16(4)14, 17(1)4, 17(2)6, 17(2)7, 17(2)8, 17(3)9, 17(3)12, 17(4)14, 17(4)15, 17(4)16, 18(1)3, 18(1)4, 18(2)7, 18(3)9, 18(3)10, 18(3)11, 18(4)12, 18(4)14
process, 2(1)65, 9(4)421, 10(3)9, 10(4)4, 11(1)2, 11(1)4, 11(4)18, 11(4)20, 12(2)11, 12(3)14, 13(1)10, 13(3)25, 13(4)36, 15(3)13, 16(2)5, 16(2)7, 17(2)6, 17(4)14, 18(1)3
propose, 2(1)65, 2(2)138, 2(3)269, 9(2)162, 9(4)391, 9(4)421, 10(1)3, 10(1)4, 10(3)12, 10(4)1, 10(4)3, 10(4)4, 10(4)6, 11(1)3, 11(1)4, 11(3)12, 11(3)15, 11(4)18, 11(4)19, 11(4)23, 12(1)4, 12(2)8, 12(2)11, 12(2)13, 12(3)18, 13(3)28, 13(4)32, 13(4)36, 13(4)40, 13(4)41, 14(1)5, 14(1)10, 14(1)11, 14(3)24, 14(3)26, 14(4)30, 15(2)7, 15(4)17, 16(1)2, 16(4)15, 16(4)16, 17(1)1, 17(3)10, 17(3)11, 17(3)12, 17(4)13, 17(4)14, 18(1)2, 18(2)7
protection, 1(1)3, 1(1)66, 1(1)93, 2(1)3, 2(1)34, 2(1)105, 2(2)138, 2(2)177, 2(3)230, 2(3)295, 2(4)354, 2(4)390, 10(1)3, 10(3)9, 11(4)20, 12(2)9, 12(2)11, 13(3)22, 14(3)24, 15(1)2, 15(2)8, 16(2)6
release, 13(3)25, 14(3)26
restrictions, 13(3)21, 15(2)10
result, 1(1)3, 2(3)230, 2(4)390, 9(2)162, 10(1)3, 10(1)4, 10(2)5, 10(2)6, 10(3)9, 10(3)11, 10(4)2, 10(4)5, 11(2)3, 11(2)5, 11(3)13, 11(3)15, 11(4)18, 11(4)20, 11(4)21, 11(4)22, 12(1)4, 12(2)9, 12(3)14, 12(3)17, 13(1)10, 13(3)22, 13(3)24, 13(3)25, 13(4)33, 13(4)35, 14(1)2, 14(1)14, 14(2)19, 15(1)5, 15(2)7, 15(2)8, 15(3)12, 15(3)13, 15(3)14, 15(4)15, 16(1)2, 16(1)3, 16(2)5, 16(2)6, 16(2)7, 16(3)10, 16(3)11, 16(4)14, 16(4)17, 17(2)7, 17(3)9, 17(3)10, 17(3)12, 17(4)14, 18(1)4, 18(2)5, 18(2)6, 18(3)9, 18(3)11, 18(4)12, 18(4)13
returned, 12(3)16, 13(3)22
safe, 12(3)14, 12(3)19, 15(2)10, 16(2)5
Samarati, Pierangela, 4(4)453, 5(1)1, 5(2)169, 8(1)119, 13(3)22
sensitive, 2(2)159, 2(3)332, 6(1)1, 10(2)5, 10(2)7, 10(3)12, 12(2)9, 12(3)15, 13(3)21, 13(3)22, 13(3)24
specific, 10(2)6, 10(4)3, 10(4)4, 11(4)19, 12(1)6, 13(3)26, 14(1)5, 14(1)9, 15(2)6, 16(3)10, 18(1)2
specification, 2(1)65, 2(2)177, 3(4)207, 6(4)501, 8(2)187, 8(4)351, 10(2)7, 10(2)8, 10(3)9, 10(4)2, 11(1)4, 11(4)19, 13(3)24, 13(3)26, 14(3)24, 15(3)13, 15(4)16, 16(1)3, 16(1)4, 16(4)13, 17(2)5, 17(4)16, 18(2)7, 18(2)8
specified, 9(4)421, 10(4)2, 11(1)3, 11(1)4, 11(2)4, 12(3)19, 13(3)20, 13(3)28, 13(4)35, 17(1)2
stated, 15(2)10
still, 10(1)2, 11(4)17, 11(4)21, 12(2)13, 12(4)20, 13(3)20, 13(3)25, 14(3)27, 17(2)8, 18(2)7
subject, 9(2)162, 9(4)421, 11(1)3, 11(1)4, 11(3)12, 13(3)26, 14(1)7, 15(3)12, 17(1)2, 17(4)14, 18(2)5
transaction, 1(1)66, 2(4)354, 4(4)321, 13(3)20, 17(3)10, 18(1)2
transmission, 9(4)461, 11(2)2, 12(3)15, 14(1)13
transmitted, 9(4)421
two, 2(4)416, 9(4)391, 10(1)4, 10(2)6, 10(2)8, 10(3)10, 10(4)4, 11(2)1, 11(2)4, 11(2)6, 11(3)13, 11(4)22, 12(1)2, 12(1)3, 12(1)4, 12(1)6, 12(3)14, 12(4)20, 13(3)22, 13(3)27, 13(4)40, 14(1)4, 14(1)5, 14(4)30, 15(1)2, 15(1)5, 15(2)6, 15(3)11, 15(3)12, 16(1)1, 16(1)2, 16(1)4, 16(3)9, 16(3)10, 16(4)15, 17(4)13, 18(2)5, 18(4)12, 18(4)13, 18(4)14
unsafe, 16(3)9
Vimercati, Sabrina, De Capitani Di, 8(1)119, 13(3)22
whether, 1(1)3, 10(2)5, 10(4)2, 10(4)5, 11(2)3, 11(2)6, 11(3)16, 12(1)1, 12(4)20, 13(3)26, 13(4)40, 14(3)25, 14(4)32, 16(1)3, 16(1)4, 17(1)1, 17(1)2
who, 1(1)66, 10(4)3, 11(3)12, 11(4)19, 11(4)23, 12(1)2, 12(2)9, 13(4)39, 13(4)40, 15(3)14, 16(2)8, 17(1)4, 18(4)13