Managing role relationships in an information flow control model

An information flow control model prevents information leakage during the execution of an application. Quite a few information flow control models have been developed. We also developed information flow control models based on role-based access control (RBAC). Our research revealed that user relationships might result in role relationships when users play roles in an application. Moreover, role relationships may cause role permission change. We also identified that role relationship change may invalidate the results of previous join operations (which prevent indirect information leakage). According to our survey, we cannot identify a model that manages role relationships well. Moreover, we cannot identify a model that corrects the invalidated join results. This paper presents an information flow control model that manages role relationships and corrects the invalidated join results. It is an extension of our previous work OORBAC (object-oriented RBAC). The model is named EOORBAC (extended OORBAC). We evaluate EOORBAC against OORBAC. The evaluation result is also shown in this paper.