Skip to Main Content
The role-based access control (RBAC) model is widely used to make information systems secure. Even if every access request is authorized, illegal information flow might occur as the well known confinement problem. In this paper, we discuss how prevent illegal information flow to occur by synchronizing onflicting transactions in the RBAC model. We first define types of information flow relations, legal (LIF), illegal (IIF), and possibly illegal (PIF) ones R1 rArr R2, R1 rarr R2, and R1 rarr R2 among a pair of role families R1 and R2, respectively. Here, let T1 and T2 be a pair of transactions with role families R1 and R2, respectively. Suppose T1 precedes T2 in a schedule, i.e. for every pair of conflicting methods op1 and op2 from T1 and T2, respectively, op1 is performed prior to op2. Here, if the LIF relation R1 rArr R2 holds, no illegal information flow occur. If R1 rarr R2, illegal information flow necessarily occur. R1 rarr R2 implies that illegal information flow might occur depending on in which order the transactions perform what methods.