Information sharing and security in dynamic coalitions

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Information sharing and security in dynamic coalitions

Full text

Pdf (1.68 MB)

Source

Symposium on Access Control Models and Technologies archive
Proceedings of the seventh ACM symposium on Access control models and technologies table of contents

Monterey, California, USA

SESSION: Mobile and Cooperative Systems table of contents

Pages: 87 - 96

Year of Publication: 2002

ISBN:1-58113-496-7

Authors

Charles E. Phillips, Jr.	The University of Connecticut, Storrs, CT
T.C. Ting	The University of Connecticut, Storrs, CT
Steven A. Demurjian	The University of Connecticut, Storrs, CT

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 27, Downloads (12 Months): 191, Citation Count: 9

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/507711.507726 What is a DOI?

ABSTRACT

Today, information sharing is critical to almost every institution. There is no more critical need for information sharing than during an international crisis, when international coalitions dynamically form. In the event of a crisis, whether it is humanitarian relief, natural disaster, combat operations, or terrorist incidents, international coalitions have an immediate need for information. These coalitions are formed with international cooperation, where each participating country offers whatever resources it can muster to support the given crisis. These situations can occur suddenly, simultaneously, and without warning. Often times, participants are coalition partners in one crisis and adversaries in another, raising difficult security issues with respect to information sharing. Our specific interest is in the Dynamic Coalition Problem (DCP), with an emphasis on the information sharing and security risks when coalitions are formed in response to a crisis. This paper defines the DCP and explores its intricate, challenging, and complex information and resource sharing, and security issues, utilizing real-world situations, which are drawn from a military domain.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	NATO Interoperability from "Advanced Concept Technology Demonstration, Management Plan," PEO C3S HTIO, Fort Monmoth, NJ. 1999.
	2	P. Barr, "ABCS ITDS", MITRE Corporation presentation, NJ, Oct. 1998.
	3	D. Bell and L. LaPadula, "Secure Computer Systems: Mathematical Foundations Model." M74-244, Mitre Corporation, Bedford, Massachusetts, 1975.
	4	Elisa Bertino , Elena Ferrari , Vijay Atluri, The specification and enforcement of authorization constraints in workflow management systems, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.65-104, Feb. 1999 [doi>10.1145/300830.300837]
	5	Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: a temporal role-based access control model, Proceedings of the fifth ACM workshop on Role-based access control, p.21-30, July 26-28, 2000, Berlin, Germany [doi>10.1145/344287.344298]
	6	S. Boutelle and C. Pizzutelli, "Army Battle Command System," Army RD&A, Sept./Oct. 1998.
	7	Prepared by PEO C3S HTIO, "Command, Control, Communications, and Computers Interoperability for Coalition Warfare, Advanced Concept Technology Demonstration, Management Plan," Ver. 1.2, March 1999.
	8	M. Cokus, "XML-MTF, A Military XML Vocabulary," The MITRE Corporation, 2001.
	9	DARPA ITO Sponsored Research, Spring, Kohout, Yates, "2000 Project Summary, Flexible Coalition Policies for Secure Information Sharing," Verdian-PSR, 2000.
	10	J. Baras, V. Gligor, and R. Poovendran, "Integrated Security Services for Dynamic Coalition Management," DARPA ACT Program, March 2001.
	11	S. A. Demurjian, Sr. , T. C. Ting, Towards a definitive paradigm for security in object-oriented systems and applications, Journal of Computer Security, v.5 n.4, p.341-382, Oct. 1997
	12	S. Demurjian, T.C. Ting, H. Ren, J. Balthazar, C. Phillips, and P. Barr, "A User Role-Based Security Model for a Distributed Environment," Research Advances in Database and Information Systems Security, J. Therrien (ed.), Kluwer, 2001.
	13	Department of Defense Directive 5200.28-STD, "Department of Defense Trusted Computer Systems Evaluation Criteria," December 1985, Authorized by DoD Directive 5200.28, Dec. 1972.
	14	Department of Defense Directive 5200.28, "Security Requirements for Automated Information Systems (AIS)," March 1988.
	15	Department of Defense Directive 8320.1-M-1, Department of Defense, "Data Standardization Procedures," March 1996. http://jcs.mil/htdocs/teinfo/software/8320.html
	16	R. Reagan, Executive Order 12356, "National Security Information," The White House, Apr. 1982.
	17	D. Ferrailo, "The Role Control Center: An Implementation of Role-Based Access Control on Identity-Based Systems," NIST White Paper, 2000.
	18	David F. Ferraiolo, An argument for the role-based access control model, Proceedings of the sixth ACM symposium on Access control models and technologies, p.142-143, May 2001, Chantilly, Virginia, United States [doi>10.1145/373256.378405]
	19	Joint Operational Support Center. "Global Command and Control Center," DISA, 1999. http://gccs.disa.mil/gccs/
	20	Trent Jaeger, On the increasing importance of constraints, Proceedings of the fourth ACM workshop on Role-based access control, p.33-42, October 28-29, 1999, Fairfax, Virginia, United States [doi>10.1145/319171.319175]
	21	JIEO Handbook 9000, Chapter One, "General Instructions," Joint Information Exchange Operations, Department of Defense Handbook, March 2000.
	22	D. Kindred and K. Djahandari, "Adaptive Network Defense, Dynamic Virtual Private Network," Networks Associates Technology, Inc., NAI Labs, 2001, see http://www.pgp.com/research/nailabs/adaptives-network/dynamic-virtual.asp.
	23	Henry F. Korth , Abraham Silberschatz, Database system concepts, McGraw-Hill, Inc., New York, NY, 1986
	24	S. Levine, "Army Modernization: Digitization and Transformation Overview," briefing at Pentagon, April 2000.
	25	C. Milster, M. Parish, G. Le Fevre, "Taking Digitization to Our Allies, " Army RD&A, Sep-Oct 1998.
	26	Sylvia Osborn , Ravi Sandhu , Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.2, p.85-106, May 2000 [doi>10.1145/354876.354878]
	27	W. Peach, "Message Text Formats-A Solution to the Problem of Interoperability," Journal of Battlefield Technology, Vol. 2, March 1999.
	28	C. Phillips, S. Demurjian, and T.C. Ting, "Security Engineering for Roles and Resources in a Distributed Environment", in Proc. of the 3rd Annual Information Systems Security Engineering Conf., March 2002.
	29	C. Phillips, S. Demurjian, and T.C. Ting, "Toward Information Assurance in Dynamic Coalitions", Comp. Sci. and Engr. Dept., Univ. of Conn. (CSE-TR-02-3), February 2002.
	30	Pierangela Samarati , Sabrina De Capitani di Vimercati, Access Control: Policies, Models, and Mechanisms, Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures, p.137-196, September 01, 2000
	31	Ravi S. Sandhu, Lattice-Based Access Control Models, Computer, v.26 n.11, p.9-19, November 1993 [doi>10.1109/2.241422]
	32	R. Sandu and P. Samarati. "Access Control: Principles and Practice." IEEE Communications Magazine, Vol. 32, No.9, Sept. 1994.
	33	R. Sandu, "Role-Based Access Control", Advances in Computer Science, Vol. 48. M. Zerkowitz (ed.), Academic Press, 1998.
	34	Ravi Sandhu , Qamar Munawer, The ARBAC99 Model for Administration of Roles, Proceedings of the 15th Annual Computer Security Applications Conference, p.229, December 06-10, 1999
	35	Fred B. Schneider, Enforceable security policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.1, p.30-50, Feb. 2000 [doi>10.1145/353323.353382]
	36	S. Spring and D. Gormley, "Information Sharing for Dynamic Coalitions," VPSR Report 2836, Verdian Pacific-Sierra Research, Dec. 2000.
	37	R. D. Tennent, Principles of Programming Languages, Prentice Hall PTR, Upper Saddle River, NJ, 1981
	38	Quotation from the National Military Strategy, "C4I For Coalition Warfare, Command and Control Systems Interoperability Program," Army Digitization Office, 1999.
	39	T. C. Ting, A user-role based data security approach, on Database Security: Status and Prospects, p.187-208, September 1988, Annapolis, Maryland, United States
	40	T.C. Ting, "Application Information Security Semantics: A Case of Mental Health Delivery," Database Security, III: Stauts and Prospects, D. Spooner and C. Landwehr (eds.), North-Holland, 1990.

CITED BY 9

	Gustaf Neumann , Mark Strembeck, An approach to engineer and enforce context constraints in an RBAC environment, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Mark Strembeck , Gustaf Neumann, An integrated approach to engineer and enforce context constraints in RBAC environments, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.392-427, August 2004
	Ioakim Marmaridis , Athula Ginige, Sharing information on the web using bitlets, Proceedings of the 6th international conference on Web engineering, July 11-14, 2006, Palo Alto, California, USA
	Rakesh Bobba , Serban Gavrila , Virgil Gligor , Himanshu Khurana , Radostina Koleva, Administering access control in dynamic coalitions, Proceedings of the 19th conference on Large Installation System Administration Conference, p.23-23, December 04-09, 2005, San Diego, CA
	Janice Warner , Vijayalakshmi Atluri , Ravi Mukkamala , Jaideep Vaidya, Using semantics for automatic enforcement of access control policies among dynamic coalitions, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Tsung-Yi Chen , Yuh-Min Chen , Chin-Bin Wang , Hui-Chuan Chu , Huimei Yang, Secure resource sharing on cross-organization collaboration using a novel trust method, Robotics and Computer-Integrated Manufacturing, v.23 n.4, p.421-435, August, 2007
	Henry Hexmoor , Seth Wilson , Sandeep Bhattaram, A theoretical inter-organizational trust-based security model, The Knowledge Engineering Review, v.21 n.2, p.127-161, June 2006
	Ram Krishnan , Ravi Sandhu , Jianwei Niu , William H. Winsborough, A conceptual framework for Group-Centric secure information sharing, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, March 10-12, 2009, Sydney, Australia
	Ram Krishnan , Ravi Sandhu , Jianwei Niu , William H. Winsborough, Foundations for group-centric secure information sharing models, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy