A Legal Information flow (LIF) scheduler for distributed systems

In formation systems have to be kept consistent and secure in presence of multiple conflicting transactions and security threats. The role-based access control (RBAC) model is widely used to make systems secure. Here, a subject s is allowed to issue a method op to an object o only if an access right (o, op) is included in the roles granted to the subject s. Even if every access request issued by every subject is authorized in the roles, illegal information flow might occur as well known confinement problem. In this paper, we newly define a legal information flow (LIF) relation (R1 rArr R2) among a pair of role families R1 and R2 to prevent illegal information flow. Here, the relation R1 rArr R2 shows that no illegal information flow occur if a transaction T\ with a role family R\ is performed prior to another transaction T2 with R2. In addition, we discuss an illegal information flow (IIF) relation R1 rarr R2, i.e. illegal information flow necessarily occur if every transaction T1 with R1 is performed before T2 with R2. The more significant transaction, the more prior performed. We discuss a legal information flow (LIF) scheduler to synchronize transactions so as to prevent illegal information flow and to serialize conflicting methods from multiple transactions in terms of significancy and information flow relation of roles families.