Skip to Main Content
The role-based access control (RBAC) model is widely used to make information systems secure. Even if every access request is authorized in the roles, illegal information flow might occur as the well known confinement problem. In this paper, we discuss how to prevent illegal information flow to occur by synchronizing conflicting transactions in the RBAC model. We first define types of information flow relations, legal (LIF), illegal (IIF), and possibly illegal (PIF) ones R1 = R2, R1 rarr R2, and R1 rarr R2 among a pair of role families R and Ri, respectively. Here, let T1 and T2 be a pair of transactions with role families R1 and R2 respectively. Suppose T1 precedes T2 in a schedule, i.e. for every pair of conflicting methods op and opi from T andT% respectively, op is performed prior to op2- Here, if the LIF relation R1 = R2 holds, no illegal information flow occur. If R1 rarr R2, illegal information flow necessarily occur. R1 rarr R2 implies that illegal information flow might occur depending on in which order the transactions perform what methods.