A Solution to 'Confused Deputy' Problem Using RWFM Labels

A client-server architecture mapped to a multi-level security (MLS) system maintain independent access restrictions for various system resources. Traditional access control mechanisms e.g., discretionary access matrix often lead to indirect access, therefore are incapable to enforce confidentiality and integrity at process-level. The confused deputy problem is well known in this regard where an unauthorized process may influence an authorized process to manipulate a protected object. In this paper, we propose a solution to confused deputy problem using a recently proposed novel mandatory access control (MAC) based security model RWFM. We demonstrate our approach through a reference monitor that adapts the proposed solution while performing process-level security check, and prevents indirect access to isolated sensitive objects. Further, we compare our solution with the existing literature towards the end of this paper.