ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A decision support system for secure information sharing
Full text PdfPdf (479 KB)
Source
Symposium on Access Control Models and Technologies archive
Proceedings of the 14th ACM symposium on Access control models and technologies table of contents
Stresa, Italy
SESSION: Secure sharing and policy combination table of contents
Pages 105-114  
Year of Publication: 2009
ISBN:978-1-60558-537-6
Authors
Achille Fokoue  IBM T.J. Watson Research Center, Hawthorne, NY, USA
Mudhakar Srivatsa  IBM T.J. Watson Research Center, Hawthorne, NY, USA
Pankaj Rohatgi  IBM T.J. Watson Research Center, Hawthorne, NY, USA
Peter Wrobel  CESG, Gloucestershire, United Kingdom
John Yesberg  Defense Sciences and Technologies Laboratory, London, United Kingdom
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 37,   Downloads (12 Months): 121,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1542207.1542226
What is a DOI?

ABSTRACT

In both the commercial and defense sectors a compelling need is emerging for highly dynamic, yet risk optimized, sharing of information across traditional organizational boundaries. Risk optimal decisions to disseminate mission critical tactical intelligence information to the pertinent actors in a timely manner is critical for a mission's success. In this paper1, we argue that traditionally decision support mechanisms for information sharing (such as Multi-Level Security (MLS)) besides being rigid and situation agnostic, do not offer explanations and diagnostics for non-shareability. This paper exploits rich security metadata and semantic knowledgebase that captures domain specific concepts and relationships to build a logic for risk optimized information sharing. We show that the proposed approach is: (i) flexible: e.g., sensitivity of tactical information decays with space, time and external events, (ii) situation-aware: e.g., encodes need-to-know based access control policies, and more importantly (iii) supports explanations for non-shareability; these explanations in conjunction with rich security metadata and domain ontology allows a sender to intelligently transform information (e.g., downgrade information, say, by deleting participant list in a meeting) with the goal of making transformed information shareable with the recipient. In this paper, we will describe an architecture for secure information sharing using a publicly available hybrid semantic reasoner and present several illustrative examples that highlight the benefits of our proposal over traditional approaches.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
SHER: Scalable highly expressive reasoner. http://www.alphaworks.ibm.com/tech/sher.
 
2
Franz Baader , Diego Calvanese , Deborah L. McGuinness , Daniele Nardi , Peter F. Patel-Schneider, The Description Logic Handbook, Cambridge University Press, New York, NY, 2007
 
3
L. Bauer, S. Garriss, and M. K. Reiter. Distributed Proving in Access Control Systems. In IEEE
 
4
Symposium on Security and Privacy, 2005.
 
5
M. Y. Becker and P. Sewell. Cassandra: Distributed Access Control Policies with Tunable Expressiveness. In POLICY, 2004.
 
6
D. E. Bell and L. J. LaPadula. Secure Computer Systems: Mathematical Foundation. Technical Report 2547, vol 1, MITRE Corporation, 1973.
 
7
P.-C. Cheng, P. Rohatgi, C. Keser, P. Karger, G. Wagner, and A. Reninger. Fuzzy Multi-Level
 
8
Pau-Chen Cheng , Pankaj Rohatgi , Claudia Keser , Paul A. Karger , Grant M. Wagner , Angela Schuett Reninger, Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control, Proceedings of the 2007 IEEE Symposium on Security and Privacy, p.222-230, May 20-23, 2007  [doi>10.1109/SP.2007.21]
 
9
J. Dolby, A. Fokoue, A. Kalyanpur, A. Kershenbaum, E. Schonberg, K. Srinivas, and L. Ma. Scalable semantic retrieval through summarization and refinement. In AAAI, pages 299--304, 2007.
 
10
Julian Dolby , Achille Fokoue , Aditya Kalyanpur , Li Ma , Edith Schonberg , Kavitha Srinivas , Xingzhi Sun, Scalable Grounded Conjunctive Query Evaluation over Large and Expressive Knowledge Bases, Proceedings of the 7th International Conference on The Semantic Web, October 26-30, 2008, Karlsruhe, Germany  [doi>10.1007/978-3-540-88564-1_26]
 
11
R. Fikes, D. Ferrucci, and D. Thurman. Knowledge associates for novel intelligence (kani). In https://analysis.mitre.org/proceedings/Final Papers Files/174 Camera Ready Paper.pdf, 2005.
 
12
Ian Horrocks , Ulrike Sattler , Stephan Tobies, Reasoning with Individuals for the Description Logic SHIQ, Proceedings of the 17th International Conference on Automated Deduction, p.482-496, June 17-20, 2000
 
13
C. K. J. Karat and C. Brodie. SPARCLE Policy Management Workbench. http://domino.research.ibm.com/comm/research projects.nsf/pages/sparcle.index.html.
 
14
Aditya Kalyanpur , James Hendler, Debugging and repair of owl ontologies, University of Maryland at College Park, College Park, MD, 2006
15
Apu Kapadia , Geetanjali Sampemane , Roy H. Campbell, KNOW Why your access was denied: regulating feedback for usable security, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA  [doi>10.1145/1030083.1030092]
 
16
D. Koller, A. Y. Levy, and A. Pfeffer. P-classic: A tractable probablistic description logic. In AAAI/IAAI, pages 390--397, 1997.
 
17
T. Lukasiewicz. Probabilistic description logics for the semantic web. In http://www.kr.tuwien.ac.at/staff/lukasiew/rr0605.pdf, 2007.
 
18
Moritz Becker , Cedric Fournet , Andrew Gordon, Design and Semantics of a Decentralized Authorization Language, Proceedings of the 20th IEEE Computer Security Foundations Symposium, p.3-15, July 06-08, 2007  [doi>10.1109/CSF.2007.18]
 
19
Y. Ma, P. Hitzler, and Z. Lin. Paraconsistent reasoning for expressive and tractable description logics. In Description Logics, 2008.
 
20
C. McCollum and J. M. L. Notargiacomo. Beyond the Pale of MAC and DAC-Defining New Forms of Access Control. In Proceedings of the 1990 IEEE Symposium on Security and Privacy (S&P 1990), pages 190--200. IEEE Computer Society, 1990.
 
21
A. Myers and B. Liskov. Complete Safe Inforamtion Flow with Decentralized Labels. In Proceedings of the 1998 IEEE Symposium on Security and Privacy (S&P 1998), pages 186--197. IEEE Computer Society, 2001.
 
22
J. P. Office. HORIZONTAL INTEGRATION: Broader Access Models for Realizing Information Dominance. Special Report JSR-04-13, MITRE Corporation, 2004.
 
23
D. Roberts, G. Lock, and D. Verma. Holistan: A Futuristic Scenario for International Coalition Operations. In In 4th IntlConference on Knowledge Systems for Coalition Operations (KSCO), 2007.
 
24
M. Srivatsa, D. Agrawal, and S. Balfe. A metadata calculus for securing information flows. In Proceedings of 26st Army Science Conference (ASC), 2008.
 
25
M. Srivatsa, P. Rohatgi, S. Balfe, and S. Reidt. Securing information flows: A metadata framework. In Proceedings of 1st IEEE Workshop on Quality of Information for Sensor Networks (QoISN), 2008.
 
26
Umberto Stracia, A fuzzy description logic, Proceedings of the fifteenth national/tenth conference on Artificial intelligence/Innovative applications of artificial intelligence, p.594-599, July 1998, Madison, Wisconsin, United States
 
27
U. Straccia. Towards a fuzzy description logic for the semantic web. In ESWC, pages 167--181, 2005.
 
28
Nikhil Swamy , Brian J. Corcoran , Michael Hicks, Fable: A Language for Enforcing User-defined Security Policies, Proceedings of the 2008 IEEE Symposium on Security and Privacy, p.369-383, May 18-21, 2008  [doi>10.1109/SP.2008.29]
29
Nikhil Swamy , Michael Hicks, Verified enforcement of stateful information release policies, Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, June 07-13, 2008, Tucson, AZ, USA  [doi>10.1145/1375696.1375700]
 
30
Jeffrey A. Vaughan , Steve Zdancewic, A Cryptographic Decentralized Label Model, Proceedings of the 2007 IEEE Symposium on Security and Privacy, p.192-206, May 20-23, 2007  [doi>10.1109/SP.2007.5]
31
Marianne Winslett , Charles C. Zhang , Piero A. Bonatti, PeerAccess: a logic for distributed authorization, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA  [doi>10.1145/1102120.1102144]

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Information flow controls


General Terms:
Languages, Security


Keywords:
description logic, flexible information sharing, justification for non-shareability, semantic reasoner

Collaborative Colleagues:
Achille Fokoue: colleagues
Mudhakar Srivatsa: colleagues
Pankaj Rohatgi: colleagues
Peter Wrobel: colleagues
John Yesberg: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player