research-article

A decision support system for secure information sharing

Authors:

Achille Fokoue,

Mudhakar Srivatsa,

Pankaj Rohatgi,

John YesbergAuthors Info & Claims

SACMAT '09: Proceedings of the 14th ACM symposium on Access control models and technologies

Pages 105 - 114

https://doi.org/10.1145/1542207.1542226

Published: 03 June 2009 Publication History

Abstract

In both the commercial and defense sectors a compelling need is emerging for highly dynamic, yet risk optimized, sharing of information across traditional organizational boundaries. Risk optimal decisions to disseminate mission critical tactical intelligence information to the pertinent actors in a timely manner is critical for a mission's success. In this paper1, we argue that traditionally decision support mechanisms for information sharing (such as Multi-Level Security (MLS)) besides being rigid and situation agnostic, do not offer explanations and diagnostics for non-shareability. This paper exploits rich security metadata and semantic knowledgebase that captures domain specific concepts and relationships to build a logic for risk optimized information sharing. We show that the proposed approach is: (i) flexible: e.g., sensitivity of tactical information decays with space, time and external events, (ii) situation-aware: e.g., encodes need-to-know based access control policies, and more importantly (iii) supports explanations for non-shareability; these explanations in conjunction with rich security metadata and domain ontology allows a sender to intelligently transform information (e.g., downgrade information, say, by deleting participant list in a meeting) with the goal of making transformed information shareable with the recipient. In this paper, we will describe an architecture for secure information sharing using a publicly available hybrid semantic reasoner and present several illustrative examples that highlight the benefits of our proposal over traditional approaches.

References

[1]

SHER: Scalable highly expressive reasoner. http://www.alphaworks.ibm.com/tech/sher.

[2]

F. Baader, D. Calvanese, D. McGuinness, D. Nardi, and P. Patel-Schneider. The Description Logic Handbook. Cambridge University Press, 2003.

Digital Library

[3]

L. Bauer, S. Garriss, and M. K. Reiter. Distributed Proving in Access Control Systems. In IEEE

[4]

Symposium on Security and Privacy, 2005.

[5]

M. Y. Becker and P. Sewell. Cassandra: Distributed Access Control Policies with Tunable Expressiveness. In POLICY, 2004.

[6]

D. E. Bell and L. J. LaPadula. Secure Computer Systems: Mathematical Foundation. Technical Report 2547, vol 1, MITRE Corporation, 1973.

[7]

P.-C. Cheng, P. Rohatgi, C. Keser, P. Karger, G. Wagner, and A. Reninger. Fuzzy Multi-Level

[8]

Security: An Experiment on Quantified Risk-Adaptive Access Control. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP 2007), pages 222--230. IEEE Computer Society, 2007.

Digital Library

[9]

J. Dolby, A. Fokoue, A. Kalyanpur, A. Kershenbaum, E. Schonberg, K. Srinivas, and L. Ma. Scalable semantic retrieval through summarization and refinement. In AAAI, pages 299--304, 2007.

Digital Library

[10]

J. Dolby, A. Fokoue, A. Kalyanpur, L. Ma, E. Schonberg, K. Srinivas, and X. Sun. Scalable grounded conjunctive query evaluation over large and expressive knowledge bases. In International Semantic Web Conference, pages 403--418, 2008.

Digital Library

[11]

R. Fikes, D. Ferrucci, and D. Thurman. Knowledge associates for novel intelligence (kani). In https://analysis.mitre.org/proceedings/Final Papers Files/174 Camera Ready Paper.pdf, 2005.

[12]

I. Horrocks, U. Sattler, and S. Tobies. Reasoning with individuals for the description logic SHIQ. Proc. of 17th Int.Conf. on Automated Deduction, pages 482--496, 2000.

Digital Library

[13]

C. K. J. Karat and C. Brodie. SPARCLE Policy Management Workbench. http://domino.research.ibm.com/comm/research projects.nsf/pages/sparcle.index.html.

[14]

A. Kalyanpur. Debugging and Repair of OWL-DL Ontologies. PhD thesis, University of Maryland, https://drum.umd.edu/dspace/bitstream/1903/3820/1/umi-umd-3665.pdf, 2006.

Digital Library

[15]

A. Kapadia, G. Sampemane, and R. H. Campbell. Know Why Your Access Was Denied: Regulating Feedback for Usable Security. In 11th ACM Conference on Computer and Communication Security (CCS), 2004.

Digital Library

[16]

D. Koller, A. Y. Levy, and A. Pfeffer. P-classic: A tractable probablistic description logic. In AAAI/IAAI, pages 390--397, 1997.

Digital Library

[17]

T. Lukasiewicz. Probabilistic description logics for the semantic web. In http://www.kr.tuwien.ac.at/staff/lukasiew/rr0605.pdf, 2007.

[18]

C. F. M. Y. Becker and A. D. Gordon. Design and Semantics of a Decentralized Authorization Language. In 20th IEEE Computer Security Foundations Symposium (CSFW), 2007.

Digital Library

[19]

Y. Ma, P. Hitzler, and Z. Lin. Paraconsistent reasoning for expressive and tractable description logics. In Description Logics, 2008.

[20]

C. McCollum and J. M. L. Notargiacomo. Beyond the Pale of MAC and DAC-Defining New Forms of Access Control. In Proceedings of the 1990 IEEE Symposium on Security and Privacy (S&P 1990), pages 190--200. IEEE Computer Society, 1990.

[21]

A. Myers and B. Liskov. Complete Safe Inforamtion Flow with Decentralized Labels. In Proceedings of the 1998 IEEE Symposium on Security and Privacy (S&P 1998), pages 186--197. IEEE Computer Society, 2001.

[22]

J. P. Office. HORIZONTAL INTEGRATION: Broader Access Models for Realizing Information Dominance. Special Report JSR-04-13, MITRE Corporation, 2004.

[23]

D. Roberts, G. Lock, and D. Verma. Holistan: A Futuristic Scenario for International Coalition Operations. In In 4th IntlConference on Knowledge Systems for Coalition Operations (KSCO), 2007.

[24]

M. Srivatsa, D. Agrawal, and S. Balfe. A metadata calculus for securing information flows. In Proceedings of 26st Army Science Conference (ASC), 2008.

[25]

M. Srivatsa, P. Rohatgi, S. Balfe, and S. Reidt. Securing information flows: A metadata framework. In Proceedings of 1st IEEE Workshop on Quality of Information for Sensor Networks (QoISN), 2008.

[26]

U. Straccia. A fuzzy description logic. In AAAI/IAAI, pages 594--599, 1998.

Digital Library

[27]

U. Straccia. Towards a fuzzy description logic for the semantic web. In ESWC, pages 167--181, 2005.

Digital Library

[28]

N. Swamy, B. J. Corcoran, and M. Hicks. Fable: A language for enforcing user-defined security policies. In IEEE Symposium on Security and Privacy, 2008.

Digital Library

[29]

N. Swamy and M. Hicks. Verified enforcement of automaton-based information release policies. In Proceedings of 2008 ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), 2008.

Digital Library

[30]

J. Vaughan and S. Zdancewic. A Cryptographic Decentralized Label Model. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (S&P 2007), pages 192--206. IEEE Computer Society, 2007.

Digital Library

[31]

M. Winslett, C. C. Zhang, and P. A. Bonatti. PeerAccess: A Logic for Distributed Authorization. In 12th ACM Conference on Computer and Communication Security (CCS), 2005

Digital Library

Cited By

Zoughbi S(2020)Major Issues Affecting Government Data and Information in Developing CountriesOpen Government10.4018/978-1-5225-9860-2.ch040(862-871)Online publication date: 2020
https://doi.org/10.4018/978-1-5225-9860-2.ch040
Zoughbi S(2017)Major Issues Affecting Government Data and Information in Developing CountriesSecuring Government Information and Data in Developing Countries10.4018/978-1-5225-1703-0.ch007(115-126)Online publication date: 2017
https://doi.org/10.4018/978-1-5225-1703-0.ch007
Choi JChun SCho JPuron-Cid GRobertson SZhang JGil-Garcia J(2014)Smart SecureGovProceedings of the 15th Annual International Conference on Digital Government Research10.1145/2612733.2612756(91-99)Online publication date: 18-Jun-2014
https://dl.acm.org/doi/10.1145/2612733.2612756
Show More Cited By

Index Terms

A decision support system for secure information sharing
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Information flow control
    2. Operating systems security

Recommendations

Performance evaluation of semantic reasoners
COMAD '13: Proceedings of the 19th International Conference on Management of Data

As the performance of semantic reasoners change significantly with regard to all included characteristics, and therefore requires assessment and evaluation before selecting an appropriate reasoner for a given application. There are number of inference ...
Semantic SenseLab: Implementing the vision of the Semantic Web in neuroscience

Objective: Integrative neuroscience research needs a scalable informatics framework that enables semantic integration of diverse types of neuroscience data. This paper describes the use of the Web Ontology Language (OWL) and other Semantic Web ...
Formal semantics-preserving translation from fuzzy ER model to fuzzy OWL DL ontology

Ontology is an important part of the W3C standards for the Semantic Web, and how to quickly and cheaply construct Web ontologies has become a key technology to enable the Semantic Web. However, information imprecision and uncertainty exist in many real-...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '09: Proceedings of the 14th ACM symposium on Access control models and technologies

June 2009

258 pages

ISBN:9781605585376

DOI:10.1145/1542207

General Chair:
Barbara Carminati
University of Insubria, Italy
,
Program Chair:
James Joshi
University of Pittsburgh, USA

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 June 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '09

Sponsor:

SACMAT '09: 14th ACM Symposium on Access Control Models and Technologies

June 3 - 5, 2009

Stresa, Italy

Acceptance Rates

SACMAT '09 Paper Acceptance Rate 24 of 75 submissions, 32%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
579
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zoughbi S(2020)Major Issues Affecting Government Data and Information in Developing CountriesOpen Government10.4018/978-1-5225-9860-2.ch040(862-871)Online publication date: 2020
https://doi.org/10.4018/978-1-5225-9860-2.ch040
Zoughbi S(2017)Major Issues Affecting Government Data and Information in Developing CountriesSecuring Government Information and Data in Developing Countries10.4018/978-1-5225-1703-0.ch007(115-126)Online publication date: 2017
https://doi.org/10.4018/978-1-5225-1703-0.ch007
Choi JChun SCho JPuron-Cid GRobertson SZhang JGil-Garcia J(2014)Smart SecureGovProceedings of the 15th Annual International Conference on Digital Government Research10.1145/2612733.2612756(91-99)Online publication date: 18-Jun-2014
https://dl.acm.org/doi/10.1145/2612733.2612756
Choi JAe Chun SKim DKeromytis AMellouli SLuna-Reyes LZhang J(2013)SecureGovProceedings of the 14th Annual International Conference on Digital Government Research10.1145/2479724.2479745(127-135)Online publication date: 17-Jun-2013
https://dl.acm.org/doi/10.1145/2479724.2479745
Zhang XCheung WLuo ZTong F(2012)A Game Theoretic Approach for Sensitive Information Sharing in Supply ChainInnovations in Logistics and Supply Chain Management Technologies for Dynamic Economies10.4018/978-1-4666-0267-0.ch016(272-282)Online publication date: 2012
https://doi.org/10.4018/978-1-4666-0267-0.ch016
Fokoue ASrivatsa MYoung R(2011)Trust-based probabilistic query answeringProceedings of the 12th international conference on Web information system engineering10.5555/2050963.2050969(57-71)Online publication date: 13-Oct-2011
https://dl.acm.org/doi/10.5555/2050963.2050969
Fokoue ASrivatsa MYoung R(2011)Trust-Based Probabilistic Query AnsweringWeb Information System Engineering – WISE 201110.1007/978-3-642-24434-6_5(57-71)Online publication date: 2011
https://doi.org/10.1007/978-3-642-24434-6_5
Zhang XCheung WLuo ZTong F(2010)A Game Theoretic Approach for Sensitive Information Sharing in Supply ChainInternational Journal of Applied Logistics10.4018/jal.20101001011:4(1-12)Online publication date: 1-Oct-2010
https://doi.org/10.4018/jal.2010100101
Chen CHan WYong J(2010)Specify and enforce the policies of quantified risk adaptive access controlThe 2010 14th International Conference on Computer Supported Cooperative Work in Design10.1109/CSCWD.2010.5471991(110-115)Online publication date: Apr-2010
https://doi.org/10.1109/CSCWD.2010.5471991

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten