Academia.eduAcademia.edu

Outline

Title
Abstract
Executive Summary of the Project
Acknowledgement
Organizational Data Sharing
Data Integration and Analysis Technologies
Experimental Analysis
Data Provenance
Dependable Data Sharing
Privacy Preserving Data Sharing
Geospatial Data
Social Network Analysis
Summary and Directions
Data Partitioning
Dataset Information
Dataset_FN
Dataset Processor
Load and Analysis
Statistics
Main Process Data Set
Process Dataset
Batch Test Cases Processing
Background and Related Work
Overview
Experimental Results
Summary and Future Directions
Background
Analysis of Results
Conclusions
Introduction
Related Work
Results
Conclusion
References

1 Information Operations Across Infospheres

Profile image of Bhavani ThuraisinghamBhavani Thuraisingham

Abstract

There is a critical need for organizations to share data within and across infospheres and form coalitions so that analysts could examine the data, mine the data, and make effective decisions. Each organization could share information within its infosphere. An infosphere may consist of the data, applications and services that are needed for its operation. Organizations may share data with one another across what is called a global infosphere that spans multiple infospheres. It is critical that the war fighters get timely information. Furthermore, secure data and information sharing is an important requirement. The challenge is for data processing techniques to meet timing constraints and at the same time ensure that security is maintained. This proposal addresses information operations across infospheres. We first describe secure timely data sharing across infospheres and then focus on Role-based access control and Usage control in such an environment. Our goal is to send timely inf...

Related papers

Dynamic privilege management infrastructures utilising secure attribute exchange
john watt

2005

Technologies which implement dynamic privilege management infrastructures will be crucial to the secure sharing of resources on the Grid, especially as the number of resources and participating sites increases. The DyVOSE project has successfully deployed Grid services secured with the PERMIS authorisation software implementing a static Privilege Management Infrastructure (PMI) model. The second stage of this project focuses on the extension of the current PERMIS infrastructure to include dynamic delegation of authority and cross-certification of institutional security policies. This paper describes the existing static PMI that has been used within the Grid Computing module as part of the advanced MSc at Glasgow University. We also outline an e-Science education use case that will be used to highlight how dynamic PMIs can be established using an extended version of PERMIS and utilising the Internet2 Shibboleth software to transfer user attributes and authentication tokens across institutional boundaries. This work addresses one of the key challenges in the Grid, supporting the dynamic establishment of secure Virtual Organisations (VOs).

View PDFchevron_right
A Framework for Semantic-Based Dynamic Access Control in Data Grids1
Warren Moseley

The abundance of large commercial and scientific data stores have driven the need for Petascale computation and data integration. Technologies such as Grid Computing are being developed to address this need. Grid Computing supports the coordinated sharing of data and resources among different organizations. Data Grids focus on the management of data and resources for analyzing the data. Though Grid computing technologies have been adopted in many scientific and commercial sectors, many Security issues have to be resolved for them to gain wider acceptance. Their true potential will only be realized by developing secure systems that can encompass multiple organizations. In this paper, we consider the security implications of the dynamic interactions that would occur in Data Grids and examine the requirements for a comprehensive security model to support those interactions. We explain that such a model could be constructed by enhancing existing dynamic role-based access control models and semantic-based access control models. Additionally, we present an enumeration of the security requirements for such dynamic interactions. Our work takes into consideration that the co-allocation of resources and job scheduling in Data Grids should not only be based on the user's request, and the available pool and state of resources, but also on the user's access rights, computing environment and the Security policies of resources. Furthermore, we discuss the problem of making access control decisions dynamically during an application's runtime.

View PDFchevron_right
Achieving Secure cloud Data Sharing
IJCST Eighth Sense Research Group

Eighth Sense Research Group

Abstract—Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that users’ data are usually processed remotely in unknown machines that users do not own or operate. While enjoying the convenience brought by this new emerging technology, users’ fears of losing control of their own data (particularly, financial and health data) can become a significant barrier to the wide adoption of cloud services. To address this problem, in this paper, we propose a novel highly decentralized information accountability framework to keep track of the actual usage of the users’ data in the cloud. In particular, we propose an object-centered approach that enables enclosing our logging mechanism together with users’ data and policies. We leverage the JAR programmable capabilities to both create a dynamic and traveling object, and to ensure that any access to users’ data will trigger authentication and automated logging local to the JARs. To strengthen user’s control, we also provide distributed auditing mechanisms. We provide extensive experimental studies that demonstrate the efficiency and effectiveness of the proposed approaches. Keywords – Cloud computing, accountability, data sharing.

View PDFchevron_right
A Trusted Federated System to Share Granular Data Among Disparate Database Resources
David Ferraiolo

Computer

Sharing data between organizations is difficult due to different database management systems imposing different schemas as well as security and privacy concerns. We leverage two proven NIST technologies to address the problem: Next Generation Database Access Control and the data block matrix.

View PDFchevron_right
Data is key: introducing the data-based access control paradigm
Wolter Pieters

Data and Applications Security XXIII, 2009

According to the Jericho forum, the trend in information security is moving the security perimeter as close to the data as possible. In this context, we suggest the idea of data-based access control, where decryption of data is made possible by knowing enough of the data. Trust is thus based on what someone already knows. A specific problem is defined as follows: given n pieces of data, an agent is able to recover all n items once she knows k of them. The problem is similar to both secure sketches and secret sharing, and we show that both can be used as a basis for constructions. Examples of possible applications are granting access without credentials, recovering forgotten passwords and sharing personal data in social networks.

View PDFchevron_right
SecRBAC: Secure data in the Clouds
tarun reddy

—Most current security solutions are based on perimeter security. However, Cloud computing breaks the organization perimeters. When data resides in the Cloud, they reside outside the organizational bounds. This leads users to a loos of control over their data and raises reasonable security concerns that slow down the adoption of Cloud computing. Is the Cloud service provider accessing the data? Is it legitimately applying the access control policy defined by the user? This paper presents a data-centric access control solution with enriched role-based expressiveness in which security is focused on protecting user data regardless the Cloud service provider that holds it. Novel identity-based and proxy re-encryption techniques are used to protect the authorization model. Data is encrypted and authorization rules are cryptographically protected to preserve user data against the service provider access or misbehavior. The authorization model provides high expressiveness with role hierarchy and resource hierarchy support. The solution takes advantage of the logic formalism provided by Semantic Web technologies, which enables advanced rule management like semantic conflict detection. A proof of concept implementation has been developed and a working prototypical deployment of the proposal has been integrated within Google services.

View PDFchevron_right
An Architecture for Providing Data Usage and Access Control in Data Sharing Ecosystems
Sonsoles López-Pernas

Procedia Computer Science, 2019

We are experiencing a new digital revolution in which data are becoming a key pillar for business and industry. Promoting data sharing, without compromising data sovereignty and traceability, is fundamental since it provides a heterogeneous ecosystem with the potential to enrich the variety of applications and services that take part in this digital revolution. In this scope, the use of secure and trusted platforms for sharing and processing personal and industrial data is crucial for the creation of a data market and a data economy. Protecting data goes beyond restricting who can access what resource (covered by identity and access control respectively): it becomes necessary to control how data are treated, which is known as data usage control. Data usage control provides a common and trustful security framework to guarantee the sovereignty and the responsible use of organizations' data by third-party entities, easing and ensuring data sharing in ecosystems such as industry or smart cities. In this article, we present an architecture proposal for achieving access and usage control in shared data ecosystems among multiple organizations. The proposed architecture is based on the UCON (Usage Control) model and an extended XACML (eXtensible Access Control Markup Language) Reference Architecture, relying on key aspects of the IDS (International Data Spaces) Reference Architecture Model. Its modular design and technology-agnostic nature provide an integral solution while maintaining flexibility of implementation.

View PDFchevron_right
A Design of Lightweight Secure Data Sharing
Neha Fatima

In this paper, we propose a lightweight data sharing scheme (LDSS) for different cloud platforms. It adopts CP-ABE, an access control technology used in most of the cloud environments; there are certain necessary changes in the structure of access control tree to make it suitable for portable cloud environments. LDSS moves a large portion of the computational intensive access control tree transformation in CP-ABE from different devices to external proxy servers. Furthermore, to reduce the user revocation cost, it introduces attribute description fields to implement lazy-revocation, which is a thorny issue in program based CP-ABE systems. The experimental results show that LDSS can effectively reduce the overhead on large number of devices when users are sharing data through different cloud environments Neha Fatima | Prof. S. A. Madival"A Design of Lightweight Secure Data Sharing" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), I...

View PDFchevron_right
Efficient resource allocation and data processing in a secured cloud environment
IJERT Journal

Current data processing frameworks rather expect the cloud to imitate the static nature of the cluster environment. As a result, rented resources may be inadequate for big parts of the processing job, which may lower the overall processing performance and increase the cost. The main objective of this project is to implement a new processing framework explicitly designed for cloud environments. This framework will include the possibility of dynamically allocating/de-allocating different compute resources from a cloud in its scheduling and during job execution. The framework is designed for Cloud Computing and can adapt to the dynamic nature of a Cloud. 'Dynamic' means that the number and kind of the machines in the Cloud is neither fixed nor uniform. The system adapts to this changes automatically. The user just submits the task(s) to the system not knowing the hardware or the configuration of it. With this the entire data processing becomes very simple, fast and their by the IaaS service is economical.

View PDFchevron_right
Access Control for Emerging Distributed Systems
David Ferraiolo

Computer

Technologies such as BigData, Cloud, Grid, and IoT are reshaping current data systems and practices, and IT experts are just as keen on harnessing the power of distributed systems to boost security and prevent fraud. How can massive distributed system capabilities be used to improve processing, instead of inflating risk? A recent report [1] estimates that the global data population will reach 44 zettabytes (44 billion terabytes) by 2020, figure that might have seemed inconceivable only a decade ago. This growth trend is influencing the way data is being managed for high-performance computing or operations and planning analysis. To address the challenge, distributed systems are constructed for large and/or dispersed data that is difficult to process with a single data processing unit. Current storage solutions are working, but massive data breaches show that big data security solutions are failing far too often. Big data means big risk, and we are no longer surprised by reports of 100 million or more accounts stolen in a single incident. Technologies such as BigData, Cloud, Grid, and IoT are reshaping current data systems and practices, and IT experts are just as keen on harnessing the power of distributed systems to boost security and prevent fraud. How can massive distributed system capabilities be used to improve processing, instead of inflating risk? Distributed Systems Distributed architecture (figure 1) aims to answer distributed system scaling issues such as capabilities for data storage, advanced analysis, and shared data services. Therefore, data processing systems for distributed architecture must collect, analyze, distribute, and secure data that requires cooperatively processing diverse data sets that defy non-distributed technologies. To maximize scalability and performance, some distributed systems apply massively parallel software running on many commodity computers that may include columnar databases and other distributed management solutions, in many varieties of configurations. In general, a distributed system application has multiple interconnected but independent computers coordinating to perform a joint computation. Different computers in the system are independent, in the sense that they do not directly share memory. Instead, they communicate with each other using messages, information transferred from one computer to another over a network.

View PDFchevron_right

References (84)

  1. M. Awad, B. Thuraisingham, and L. Khan, et al, Assured Information Sharing: Volume 2: Experimental Analysis of Data Integration, Mining and Security, Technical Report, The University of Texas at Dallas, 2006 (to appear)
  2. A. Ashraful, G. Subbiah, L. Khan, and B. Thuraisingham, Geospatial Semantic Web, Technical Report, The University of Texas at Dallas, 2006 (to appear).
  3. E. Bertino, B. Carminati, E. Ferrari and B. Thuraisingham, Secure Third Party Publication of XML Documents, IEEE Transactions on Knowledge and Data Engineering, October 2004
  4. E. Celikel, M. Kantarcioglu and B. Thuraisingham, Assured Information Sharing: Risk- based Data Sharing, Technical Report, The University of Texas at Dallas, 2006 (to appear)
  5. A. Jones, Game Theory, Mathematical Models of Conflict, Halstead Press, 1980.
  6. L. Khan, B. Thuraisingham et al, Assured Information Sharing: Volume 4: Data Mining Applications for Defensive Operations in a Coalition, Technical Report, The University of Texas at Dallas, (to appear).
  7. J. Kim and B. Thuraisingham, Dependable and Secure TMO Scheme, Proceedings of IEEE ISORC Conference, April 006.
  8. J. Kim, B. Thuraisingham, et al, Data Provenance in Healthcare Systems: Survey and Research Issues, UTD Technical Report, to appear.
  9. J. Kim and B. Thuraisingham, Applying RBAC and UCON to TMO, Technical report, University of Texas at Dallas, to appear.
  10. G. Lavee et al, Suspicious Event Detection with Surveillance Data, Proceedings of the ACM SIGKDD Conference Workshop on Multimedia Data Mining, 2005.
  11. R. Layfield, et al, Design of a Social Network Analysis System, Proceedings of the ACM SIGKDD Conference Workshop on Multimedia Data Mining, 2005.
  12. R. Layfield, M. Kantarcioglu and B. Thuraisingham, Assured Information Sharing: Volume 3: Using Game Theory to Enforce Honesty Within a Competitive Coalition, Technical Report, The University of Texas at Dallas, 2006 (to appear)
  13. Berners Lee, T., et al., The Semantic Web, Scientific American, May 2001.
  14. L. Liu, M. Kantarcioglu, N. Thuraisingham, L. Khan, An Adaptable Perturbation Model of Privacy Preserving Data Mining, Proceedings of the IEEE ICDM Data Mining Conference Workshop on Privacy preserving Data Mining, 2005 (also published as technical report, UTDCS- 03-06, January 2006).
  15. L. Liu, et al, Privacy Preserving Data Sharing, Technical Report, The University of Texas at Dallas, 2006 (to appear)
  16. Creating a Trusted Network for Homeland Security, Markle Report, 2003 (Editor: M. Vatis)
  17. Masud, M, L. Khan, B. Thuraisingham and M. Awad, Detecting New malicious Executables Using Data Mining, UTDCS-27-06 Technical Report, The University of Texas at Dallas, June 2006, also submitted for publications. (version to be published as UTD AIS Technical Report series)
  18. The Implementation of Network Centric Warfare, Office of Force Transformation, 2003.
  19. Martin S. Olivier: Self-protecting Objects in a Secure Federated Database, Proceedings of the IFIP Database Security Conference, NY, August 1995.
  20. Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman, "Role-Based Access Control Models." IEEE Computer, Volume 29, Number 2, February 1996.
  21. R. Sandhu et al, RBAC for AIS, to be published as AIS Technical Report Series, 2006.
  22. Signal Magazine, AFCEA, May 2005
  23. Signal Magazine, AFCEA, February 2005
  24. Lance Spitzner, Honeypots, Tracking Hackers, Addison Wesley, 2002.
  25. S. Son, R. David and B. Thuraisingham, An Adaptive Policy for Improved Timeliness in Secure Database Systems, Proceedings of the 9th IFIP Working Conference in Database Security, New York, August 1995.
  26. B. Thuraisingham, Novel Approaches to the Inference Problem, June 1990, Proceedings of the 3rd RADC Database Security Workshop, New York.
  27. B. Thuraisingham, Security Issues for Federated Database Systems, 1994, Computers and Security (North Holland), December 1994.
  28. B. Thuraisingham, Data Mining: Technologies, Techniques, Tools and Trends, CRC Press, December 1998.
  29. B. Thuraisingham and J. Maurer, Information Survivability for Real-time Command and Control Systems, IEEE Transactions on Knowledge and Data Engineering, January 1999
  30. B. Thuraisingham, Web Data Mining and Applications in Business Intelligence and Counter-terrorism, CRC Press, Boca Raton, FL, 2003.
  31. B. Thuraisingham, Security Standards for the Semantic Web, Computer Standards and Interfaces Journal, 2005.
  32. B. Thuraisingham, Database and Applications Security: Integrating Information Security and Data Management, CRC Press, May 2005
  33. B. Thuraisingham, D. Harris, L. Khan, R. Paul, "Standards for Secure Data Sharing across Organizations," Accepted in Computer Standards and Interfaces Journal, 2005. (version to be published as part of UTD AIS technical report series)
  34. N. Tsybulnik, B. Thuraisingham, A. Ashraful, CPT: Confidentiality, Privacy and Trust for the Semantic Web,UTDCS-06-06, Technical Report, the University of Texas at Dallas, March 2006, Also to appear in the Journal of Information Security and Privacy.
  35. J. Zhu, B. Thuraisingham, Grid Computing and Grid Security, Technical; Report, The University of Texas at Dallas, to appear. (also published in International Journal of Computer and Network Secuirty, August 2006). References
  36. P. Scerri, Y. Xu, E. Liao, J. Lai, M. Lewis, K. Sycara. Coordinating very large groups of wide area search munitions, Recent Developments in Cooperative Control and Optimization, Dordrecht, NL: Kluwer Academic Publishers.
  37. M. H. Burstein and D. E. Diller. A framework for dynamic informationflow in mixed-initiative human/agent organizations. Applied Intelligence on Agents and Process Management, 2004. Forthcoming.
  38. K. Decker, K. Sycara, A. Pannu and M. Williamson.Designing behaviors for information agents. Procs. Of the First International Conference on Autonomous Agents, Feb., 1997.
  39. P. R. Cohen, H. J. Levesque and I. Smith. On team formation.In J. Hintikka and R. Tuomela, editors, Contemporary Action Theory, Synthese,1998
  40. K. C. Jim and C.L. Giles. How communication can improve the performance of multi-agent systems. In Proceedings of Autonomous agents'01, 584-591, 2001.
  41. P. Scerri, Y. Xu, E. Liao, J. Lai, K. Sycara. Scaling Teamwork to Very Large Teams, AAMAS 04, Forthcoming, 2004.
  42. D. Pynadath and M. Tambe. The communicative multiagent team decision problem: analyzing teamwork theories and models. Journal of Artificial Intelligence Research, Vol.16, pages 389-423, 2002.
  43. J. Yen, J. Yin, T. R. Ioerger, M. S. Miller, D. Xu and R. A. Volz. Cast: Collaborative agents for simulating teamwork. In Proceedings of IJCAI'01, pages 1135-1142, 2001.
  44. P. Xuan, V. Lesser and S. Zilberstein. Communication decisions in multiagent cooperation: Model and experiments. In Proceedings of Autonomous Agents'01, 2001. [10] C.V. Goldman and S. Zilberstein. Optimizing information exchange in cooperative multi-agent systems. Proceedings of the Second International Conference on Autonomous Agents and Multi-agent Systems, 2003.
  45. C.V. Goldman and S. Zilberstein. Mechanism design for communication in cooperative systems. Game Theoretic and Decision Theoretic Agents Workshop at AAMAS' 03, July, 2003.
  46. H.H. Bui, S. Venkatesh and D. Kieronska. A framework for coordination and learning among team members. In Proceedings of the Third Australian Workshop on Distributed AI (DAI- 97), pages 116-126, Perth, Australia.
  47. M.V. Wie. A probabilistic method for team plan formation without communication. Proceedings of the Fourth International Conference on Autonomous Agents, pages 112-113, Barcelona, Spain, June 3-7, 2000.
  48. R. Albert and A. Barabasi. Statistical mechanics of complex networks. Review Modern Physics, 74, 47,2002.
  49. M. E. J. Newman. The structure and function of complex networks. SIAM Review, Vol. 45, No. 2, pages 167-256, 2003.
  50. D. Watts and S. Strogatz. Collective dynamics of small world networks. Nature, 393:440- 442, 1998. the practical application of such work to the real world, but we believe that it is within reason to expect that such strategies could greatly benefit intelligence sharing within coalitions.
  51. References
  52. Axelrod, Robert, The Evolution of Cooperation. Basic Books, New York, 1985.
  53. Buragohain, C., D. Agrawal, and S. Suri. "A game theoretic framework for incentives in P2P systems." Proceedings from the Third International Conference on Peer-to-Peer Computing, 2003.
  54. Cohen, Brian. "Incentives Build Robustness in BitTorrent" In Proceedings of the 1st Workshop on Economics of Peer-to-Peer Systems, June 2003.
  55. Gupta, Rohit. and A. K. Somani. "Game theory as a tool to strategize as well as predict nodes' behavior in peer-to-peer networks." Proceedings from the 11 th International Conference on Parallel and Distributed Systems, 2005.
  56. Halpern, Joseph and V. Teague, "Rational secret sharing and multiparty computation: extended abstract". Proceedings of the thirty-sixth annual ACM symposium on Theory of computing, 2004.
  57. Harsanyi, John C., "Games with incomplete information played by 'Bayesian' players." Management Science, vol. 14, 1967.
  58. Myerson, Roger B., Game Theory: Analysis of Conflict. Harvard University Press, 1997.
  59. Nash, John, "Equilibrium Points in n-Person Games." Proceedings of the National Academy of Sciences USA, 36:48-49, 1950.
  60. Osbourne, Martin J. and A. Rubinstein, A Course in Game Theory. MIT Press, Cambridge, Mass., 1994.
  61. Scott, John. Social Network Analysis : a Handbook. Sage Publications, London, 1985. BIBLIOGRAPHICAL REFERENCES
  62. Golbeck, J., and Hendler, J. Reputation network analysis for email filtering. In CEAS (2004).
  63. Newman, M. E. J., Forrest, S., and Balthrop, J. Email networks and the spread of computer viruses. Physical Review E 66, 035101 (2002).
  64. Schultz, M., Eskin, E., and Zadok, E. MEF: Malicious email filter, a UNIX mail filter that detects malicious windows executables. In USENIX Annual Technical Conference -FREENIX Track (June 2001).
  65. Singh, S., Estan, C., Varghese, G., and Savage, S. The EarlyBird System for Real-time Detection of Unknown Worms. Technical report -cs2003-0761, UCSD, 2003.
  66. Kim, H. A. and Karp, B., Autograph: Toward Automated, Distributed Worm Signature Detection. in the Proceedings of the 13th Usenix Security Symposium (Security 2004), San Diego, CA, August, 2004.
  67. J. Newsome, B. Karp, and D. Song. Polygraph: Automatically Generating Signatures for Polymorphic Worms. In Proceedings of the IEEE Symposium on Security and Privacy, May 2005.
  68. M. Schultz, E. Eskin, E. Zadok, S. Stolfo, Data mining methods for detection of new malicious executables, in: Proc. IEEE Symposium on Security and Privacy, 2001, pp. 178--184.
  69. Kolter, J. Z., and Maloof, M. A. Learning to detect malicious executables in the wild. Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining Seattle, WA, USA Pages: 470 -478, 2004.
  70. Cygnus. GNU Binutils Cygwin. Online publication, 1999. http://sourceware.cygnus.com/cygwin [11] Windows P.E. Disassembler. http://www.geocities.com/~sangcho/index.html
  71. GoodRich, M. T., and Tamassia, R. Data structures and algorithms in Java. John Wiley & Sons, Inc. ISBN: 0-471-73884-0.
  72. Mitchell, T. Machine Learning. McGraw Hill, 1997.
  73. Weka: collection of machine learning algorithms for data mining tasks. http://www.cs.waikato.ac.nz/ml/weka/
  74. VX-Heavens: http://vx.netlux.org/
  75. Mohammad Al-Kahtani and Ravi Sandhu, "A Model for Attribute-Based User-Role Assignment." Proc. 17 th Annual Computer Security Applications Conference, Las Vegas, Nevada, December 9-13, 2002, pages 353-362.
  76. David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn and Ramaswamy Chandramouli. "Proposed NIST Standard for Role-Based Access Control." ACM Transactions on Information and System Security, Volume 4, Number 3, August 2001, pages 224-274.
  77. Savith Kandala and Ravi Sandhu, "Secure Role-Based Workflow Models." Database Security XV: Status and Prospects, (D. Spooner, editor), Kluwer 2002.
  78. Alexander Liu, Cheryl Martin, Tom Hetherington, and Sara Matzner, A Comparison of System Call Feature Representations for Insider Threat Detection, Proceedings of the 2005 IEEE Workshop on Information Assurance, United States Military Academy, West Point, NY June 2005 [PARK04] Jaehong Park and Ravi Sandhu. "The UCON ABC Usage Control Model." ACM Transactions on Information and System Security, Volume 7, Number 1, February 2004.
  79. James Pitkow and Peter Pirolli. Mining longest repeating subsequences to predict World Wide Web surfing. In Proc. of 2 nd USENIX Symposium on Internet Technologies and Systems (USITS'99).Boulder, Colorado, October 1999.
  80. Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman, "Role-Based Access Control Models." IEEE Computer, Volume 29, Number 2, February 1996.
  81. B. Thuraisingham, Security Standards for the Semantic Web, Computer Standards and Interface Journal, March 2005.
  82. B. Thuraisingham, Managing Cyber Threats: Issues and Challenges, Kluwer (editor: V. Kumar et al), Kluwer, 2005.
  83. Roshan Thomas and Ravi Sandhu, "Towards a Multi-Dimensional Characterization of Dissemination Control." Proc. 5 th IEEE International Workshop on Policies for Distributed Systems and Networks, New York, June 7-9, 2004, pages 197-200.
  84. Xinwen Zhang and Ravi Sandhu, "Peer-to-Peer Access Control Architecture Using Trusted Computing Technology." Proc. 10th ACM Symposium on Access Control Models and Technologies (SACMAT), Stockholm, June 1-3, 2005.

Related papers

Information Operations Across Infospheres Prof
Bhavani Thuraisingham

2005

There is a critical need for organizations to share data within and across infospheres and form coalitions so that analysts could examine the data, mine the data, and make effective decisions. Each organization could share information within its infosphere. An infosphere may consist of the data, applications and services that are needed for its operation. Organizations may share data with one another across what is called a global infosphere that spans multiple infospheres. It is critical that the war fighters get timely information. Furthermore, secure data and information sharing is an important requirement. The challenge is for data processing techniques to meet timing constraints and at the same time ensure that security is maintained. This proposal addresses information operations across infospheres. We first describe secure timely data sharing across infospheres and then focus on Role-based access control and Usage control in such an environment. Our goal is to send timely inf...

View PDFchevron_right
Seeing the Real World: Sharing Protected Data in Real Time
John James

2012 45th Hawaii International Conference on System Sciences, 2012

We describe a new capability for "owners" of protected data to quickly and securely share realtime data among networked decision-support and real-time control devices with whom the "owners" of the data have explicitly decided to "share the data. The service is based upon implementation of a recent formal definition and mathematical result (James et al. 2009) derived from the decades-old Bell-LaPadula information security result (Bell and LaPadula, 1973). The service provides decision makers a means of securely and automatically sharing critical information across security barriers based upon declaration of sharing policies. The declaration and implementation of information sharing policies based upon a need-to-share has been shown to be compatible with information protection policies based upon a need-to-know. Indeed, the implementation of the need-to-share service is based upon extending the mathematical foundations of need-to-know information security systems (the Bell-LaPadula result of 1973).

View PDFchevron_right
SFINKS: Secure Focused Information, News, and Knowledge Sharing
Michael Orosz, Robert Neches

IEEE Conference on Technologies for Homeland Security, 2008

Cross-agency collaboration and sharing of digital data is critical to respond to or prevent threats to U.S. interests. While hierarchical information sharing traditional approaches ensure that only relevant information is delivered to authorized nodes, the resulting organizational overhead severely impedes timely sharing of critical information. Although alternative approaches to secure data release have previously been proposed, they all have had severe practical limitations. We are developing SFINKS – a flexible collaboration platform that enables secure and focused sharing across key information organizations. SFINKS uses two technologies developed at USC Information Sciences Institute to support a new concept of fine-grained semantically controlled information visibility. The iLands infrastructure provides a semantic network-based data model, search and filtering capabilities, distributed systems support and fine-grained control of resource visibility. The Adaptive Trust Negotiation and Access Control (ATNAC) and trust provides flexible access control management. SFINKS solves many typical problems plaguing information sharing in coalitions: 1. Supporting security requirements of multiple autonomous peer authorities without a single “root”. 2. Integrating on-the-fly dynamically generated data, temporary/dynamic users, and interaction context. 3. Allowing on-demand coalition formation by negotiating security requirements of participants. Initial SFINKS implementation is deployed within the Risk Analysis Workbench – a collaborative information sharing environment.

View PDFchevron_right
Authorization Models for Secure Information Sharing: A Survey and Research Agenda
Jason Reid

The Isc International Journal of Information Security, 2015

This article presents a survey of authorisation models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerging business models based on the concept of a 'virtual organisation'. The article argues that present authorisation models are inflexible and poorly scalable in such dynamic environments due to their assumption that the future needs of the system can be predicted, which in turn justifies the use of persistent authorisation policies. The article outlines the motivation and requirement for a new flexible authorisation model that addresses the needs of information sharing. It proposes that a flexible and scalable authorisation model must allow an explicit specification of the objectives of the system and access decisions must be made based on a late trade-off analysis between these explicit objectives. A research agenda for the proposed Objective-Based Access Control concept is presented.

View PDFchevron_right
Secure information sharing using role-based delegation
Gail-joon Ahn

International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004.

As computing becomes more pervasive, information sharing occurs in broad, highly dynamic network-based environments. Such pervasive computing environments pose a difficult challenge in formally accessing the resources. The digital information generally represents sensitive and confidential information that organizations must protect and allow only authorized personnel to access and manipulate them. As organizations implement information strategies that call for sharing access to resources in the networked environment, mechanisms must be provided to protect the resources from adversaries. In this paper we seek to address the issue of how to advocate selective information sharing while minimizing the risks of unauthorized access. We integrate a role-based delegation framework to propose a system architecture. We also demonstrate the feasibility of our framework through a proof-of-concept implementation.

View PDFchevron_right
580 California St., Suite 400
San Francisco, CA, 94104
© 2025 Academia. All rights reserved