Skip to main content
SpringerLink
Log in
Book cover

International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security

MMM-ACNS 2010: Computer Network Security pp 55–69Cite as

Group-Centric Models for Secure and Agile Information Sharing

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 6258))

Abstract

To share information and retain control (share-but-protect) is a classic cyber security problem for which effective solutions continue to be elusive. Where the patterns of sharing are well defined and slow to change it is reasonable to apply the traditional access control models of lattice-based, role-based and attribute-based access control, along with discretionary authorization for further fine-grained control as required. Proprietary and standard rights markup languages have been developed to control what a legitimate recipient can do with the received information including control over its further discretionary dissemination. This dissemination-centric approach offers considerable flexibility in terms of controlling a particular information object with respect to already defined attributes of users, subjects and objects. However, it has many of the same or similar problems that discretionary access control manifests relative to role-based access control. In particular specifying information sharing patterns beyond those supported by currently defined authorization attributes is cumbersome or infeasible. Recently a novel mode of information sharing called group-centric was introduced by these authors. Group-centric secure information sharing (g-SIS) is designed to be agile and accommodate ad hoc patterns of information sharing. In this paper we review g-SIS models, discuss their relationship with traditional access control models and demonstrate their agility relative to these.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Saltzer, J., Schroeder, M.: The protection of information in computer systems. Proceedings of IEEE 63(9), 1278–1308 (1975)

    Article  Google Scholar 

  2. Wikipedia: Analog hole (September 2009) (Online; accessed December 15, 2009)

    Google Scholar 

  3. TCG: TCG specification architecture overview (August 2007), http://www.trustedcomputinggroup.org

  4. Krishnan, R., Sandhu, R., Niu, J., Winsborough, W.: A conceptual framework for group-centric secure information sharing. ACM Symposium on Information, Computer and Comm. Security (March 2009)

    Google Scholar 

  5. Krishnan, R., Sandhu, R., Niu, J., Winsborough, W.H.: Foundations for group-centric secure information sharing models. In: Proc. of ACM Symposium on Access Control Models and Technologies (2009)

    Google Scholar 

  6. Krishnan, R., Sandhu, R., Niu, J., Winsborough, W.: Towards a framework for group-centric secure collaboration. In: Proceedings of IEEE International Conference on Collaborative Computing (2009)

    Google Scholar 

  7. Krishnan, R., Sandhu, R., Ranganathan, K.: PEI models towards scalable, usable and high-assurance information sharing. In: ACM Symposium on Access Control Models and Technologies (SACMAT 2007), pp. 145–150. ACM, New York (2007)

    Chapter  Google Scholar 

  8. Sandhu, R.: The PEI framework for application-centric security. In: Proceedings of 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing (2009)

    Google Scholar 

  9. Sandhu, R., Ranganathan, K., Zhang, X.: Secure information sharing enabled by trusted computing and PEI models. In: Proc. of ACM Symp. on Inf. Computer and Comm. Security, pp. 2–12 (2006)

    Google Scholar 

  10. Sandhu, R., Samarati, P.: Access control: Principles and practice 32(9), 40–48 (1994)

    Google Scholar 

  11. OrangeBook: Trusted Computer System Evaluation Criteria. DoD National Computer Security Center (December 1985)

    Google Scholar 

  12. Graham, G., Denning, P.: Protection-principles and practice. In: Proceedings of the AFIPS Spring Joint Computer Conference, vol. 40, pp. 417–429 (1972)

    Google Scholar 

  13. Lampson, B.: Protection. ACM SIGOPS Operating Systems Review 8(1), 18–24 (1974)

    Article  Google Scholar 

  14. Graubart, R.: On the Need for a Third Form of Access Control. In: Proceedings of the 12th National Computer Security Conference, pp. 296–304 (1989)

    Google Scholar 

  15. McCollum, C., Messing, J., Notargiacomo, L.: Beyond the pale of MAC and DAC - defining new forms of access control. In: Proceedings of the 1990 IEEE Symposium on Security and Privacy, pp. 190–200 (1990)

    Google Scholar 

  16. Abrams, M., Heaney, J., King, O., LaPadula, L., Lazear, M., Olson, I.: Generalized Framework for Access Control: Towards Prototyping the ORGCON Policy. In: Nat. Comp. Sec. Conf. (1991)

    Google Scholar 

  17. Park, J., Sandhu, R.: Originator control in usage control. In: Policies for Distrib. Syst. and Networks (2002)

    Google Scholar 

  18. Bell, D., La Padula, L.: Secure computer systems: Unified exposition and multics interpretation. Technical Report ESD-TR-75-306 (1975)

    Google Scholar 

  19. Denning, D.: A Lattice Model of Secure Information Flow. Communications of the ACM 19(5), 236–243 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  20. Sandhu, R.: Lattice-Based Access Control Models. IEEE Computer 26(11), 9–19 (1993)

    Google Scholar 

  21. Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. on Inf. and Syst. Security (TISSEC) 4(3), 224–274 (2001)

    Article  Google Scholar 

  22. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer, 38–47 (1996)

    Google Scholar 

  23. Osborn, S., Sandhu, R., Munawer, Q.: Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Trans. on Inf. and Syst. Security 3(2), 85–106 (2000)

    Article  Google Scholar 

  24. Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Transactions on Information and System Security (TISSEC) 7(1), 128–174 (2004)

    Article  Google Scholar 

  25. XACML: OASIS eXtensible Access Control Markup Language (April 2009), http://www.oasis-open.org/committees/xacml/

  26. Levin, R., Cohen, E., Corwin, W., Pollack, F., Wulf, W.: Policy/mechanism separation in Hydra. In: 5th ACM Symposium on Operating Systems Principles, pp. 132–140 (1975)

    Google Scholar 

  27. Rafaeli, S., Hutchison, D.: A survey of key management for secure group communication. ACM Computing Surveys, 309–329 (September 2003)

    Google Scholar 

  28. Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M., Haghighat, S.A.: Practical domain and type enforcement for unix. In: SP 1995: Proceedings of the 1995 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 66. IEEE Computer Society, Los Alamitos (1995)

    Chapter  Google Scholar 

  29. Foley, S.N.: A model for secure information flow. IEEE Symposium on Security and Privacy, 248–258 (1989)

    Google Scholar 

  30. Phillips Jr., C.E., Ting, T., Demurjian, S.A.: Information sharing and security in dynamic coalitions. In: SACMAT 2002: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, pp. 87–96. ACM, New York (2002)

    Chapter  Google Scholar 

  31. Shands, D., Jacobs, J., Yee, R., Sebes, E.: Secure virtual enclaves: Supporting coalition use of distributed application technologies. ACM Transactions on Information and System Security (TISSEC) 4(2), 103–133 (2001)

    Article  Google Scholar 

  32. Freudenthal, E., Pesin, T., Port, L., Keenan, E., Karamcheti, V.: drbac: Distributed role-based access control for dynamic coalition environments. In: ICDCS 2002: Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS2002), Washington, DC, USA, pp. 411–420. IEEE Computer Society, Los Alamitos (2002)

    Chapter  Google Scholar 

  33. Cohen, E., Thomas, R.K., Winsborough, W., Shands, D.: Models for coalition-based access control (CBAC). In: SACMAT 2002: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, pp. 97–106. ACM, New York (2002)

    Chapter  Google Scholar 

  34. Krishnan, R., Niu, J., Sandhu, R., Winsborough, W.: Stale-safe security properties for group-based secure information sharing. In: Proceedings of the 6th ACM Workshop on Formal Methods in Security Engineering, pp. 53–62. ACM, New York (2008)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Cyber Security,  

    Ravi Sandhu, Ram Krishnan, Jianwei Niu & William H. Winsborough

  2. Department of Computer Science, University of Texas at San Antonio,  

    Ravi Sandhu, Jianwei Niu & William H. Winsborough

Authors
  1. Ravi Sandhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ram Krishnan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianwei Niu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. William H. Winsborough
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Security Research Group, St. Petersburg Institute for Informatics and Automation, 39, 14 Liniya, 199178, St.-Petersburg, Russia

    Igor Kotenko

  2. US Air Force, Binghamton University (SUNYI), 13902, Binghamton, NY, USA

    Victor Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sandhu, R., Krishnan, R., Niu, J., Winsborough, W.H. (2010). Group-Centric Models for Secure and Agile Information Sharing. In: Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2010. Lecture Notes in Computer Science, vol 6258. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14706-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14706-7_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14705-0

  • Online ISBN: 978-3-642-14706-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation