A Legal Information flow (LIF) scheduler for distributed systems

In formation systems have to be kept consistent and secure in presence of multiple conflicting transactions and security threats. The role-based access control (RBAC) model is widely used to make systems secure. Here, a subject s is allowed to issue a method op to an object o only if an access right (o, op) is included in the roles granted to the subject s. Even if every access request issued by every subject is authorized in the roles, illegal information flow might occur as well known confinement problem. In this paper, we newly define a legal information flow (LIF) relation (R₁ rArr R₂) among a pair of role families R₁ and R₂ to prevent illegal information flow. Here, the relation R₁ rArr R₂ shows that no illegal information flow occur if a transaction T with a role family R is performed prior to another transaction T₂ with R₂. In addition, we discuss an illegal information flow (IIF) relation R₁ rarr R₂, i.e. illegal information flow necessarily occur if every transaction T₁ with R₁ is performed before T₂ with R₂. The more significant transaction, the more prior performed. We discuss a legal information flow (LIF) scheduler to synchronize transactions so as to prevent illegal information flow and to serialize conflicting methods from multiple transactions in terms of significancy and information flow relation of roles families.