| Summary: | 碩士 === 國立交通大學 === 資訊科學系所 === 93 === As the Internet becomes a ubiquitous environment where people with different background and purposes can share their information, information security and privacy have become an increasingly critical issue. With poor protection, informa-tion systems may leak sensitive information to the open public. To reduce such risks, there have been many security mechanisms and technologies proposed and developed. Most of these approaches rely on a mixture of label-based access con-trol and information flow mechanisms. Specifically, they enforce various security policies by attaching suitable labels to information as well as users and grant data access based on these labels. However, many labeling approaches often require complicated managerial efforts in order to set up and enforce security policies cor-rectly. In addition, they focus primarily on labeling data without paying too much attention to sharing tools that process these data. As a result, whether a given tool can access a piece of data depends on who is invoking the tool, making correct security management more challenging. In this thesis, we propose an information sharing model that permits controlling information flow in a flexible, decentralized manner, where each user can specify his/her own access hierarchy instead of rely-ing on centralized security management. Based on the access hierarchy, each user can label both data and tools in a consistent manner, and can realize data declassifi-cation by restricting or relaxing the access level of individual tools. Finally, to re-duce the overhead associated with individual data labeling, we introduce a rule-based labeling mechanism to associate data with their access levels correspondingly. In summary, we believe our model is a unification of and improvement over exist-ing access control mechanisms, and can contribute to secure information sharing over the Internet.
|
|---|
