Security labels convey information that is utilised to perform access control decisions, specify protective measures, and aid in the determination of additional handling restrictions required by security policies. In discussing security labelling, one of the most important aspects is to investigate access control models and obtain an appropriate technique for specifying the kind of security policies that are required. One problem with previous approaches to the specification of access control policies is that they are based on an idealisation of the real problem and give a first approximation: may or may not a subject access a given object? The binary, logical function is the essential starting point, but is generally insufficient to guide the hard decisions that are required by a variety of applications in the real world. Focusing on the issues regarding security labelling, this paper first proposes a technique for expressing need-to-know policies that are regarded as the basis for security labelling and should be followed in the labelling process. Then, based on the proposed lattice access control model dealing with both security levels and categories of objects, several security labelling principles are given. Finally, we propose a dynamic model for security labelling that not only provides support for dynamic labelling within a system but also a functional base for the design and implementation of a security labelling system.
|Cite as: Liu, C., Billard, A., Ozols, M. and Jeremic, N. (2007). Access Control Models and Security Labelling. In Proc. Thirtieth Australasian Computer Science Conference (ACSC2007), Ballarat Australia. CRPIT, 62. Dobbie, G., Ed. ACS. 181-190. |
(local if available)