Abstract
Group-Centric Secure Information Sharing (g-SIS) envisions bringing users and objects together in a group to facilitate agile sharing of information brought in from external sources as well as creation of new information within the group. We expect g-SIS to be orthogonal and complementary to authorization systems deployed within participating organizations. The metaphors “secure meeting room” and “subscription service” characterize the g-SIS approach.
The focus of this article is on developing the foundations of isolated g-SIS models. Groups are isolated in the sense that membership of a user or an object in a group does not affect their authorizations in other groups. Present contributions include the following: formal specification of core properties that at once help to characterize the family of g-SIS models and provide a “sanity check” for full policy specifications; informal discussion of policy design decisions that differentiate g-SIS policies from one another with respect to the authorization semantics of group operations; formalization and verification of a specific member of the family of g-SIS models; demonstration that the core properties are logically consistent and mutually independent; and identification of several directions for future extensions.
The formalized specification is highly abstract. Besides certain well-formedness requirements that specify, for instance, a user cannot leave a group unless she is a member, it constrains only whether user-level read and write operations are authorized and it does so solely in terms of the history of group operations; join and leave for users and add, create, and remove for objects. This makes temporal logic one of the few formalisms in which the specification can be clearly and concisely expressed. The specification serves as a reference point that is the first step in deriving authorization-system component specifications from which a programmer with little security expertise could implement a high-assurance enforcement system for the specified policy.
Supplemental Material
Available for Download
The proof is given in an electronic appendix, available online in the ACM Digital Library.
- Abrams, M., Heaney, J., King, O., LaPadula, L., Lazear, M., and Olson, I. 1991. Generalized framework for access control: Towards prototyping the ORGCON Policy. In Proceedings of the National Computer Security Conference.Google Scholar
- Ahn, G.-J., Mohan, B., and Hong, S.-P. 2007. Towards secure information sharing using role-based delegation. J. Netw. Comput. Appl. 30, 1, 42--59. Google Scholar
Digital Library
- Atluri, V. and Warner, J. 2004. Automatic enforcement of access control policies among dynamic coalitions. In Proceedings of the International Conference on Distributed Computing and Internet Technology. Google Scholar
Digital Library
- Badger, L., Sterne, D. F., Sherman, D. L., Walker, K. M., and Haghighat, S. A. 1995. Practical domain and type enforcement for UNIX. In Proceedings of the IEEE Symposium on Security and Privacy (SP’95). IEEE Computer Society, Los Alamitos, CA, 66. Google Scholar
Digital Library
- Ballardie, A. 1996. Scalable multicast key distribution. http://rsync.tools.ietf.org/html.rfc1949.Google Scholar
- Ballardie, T. and Crowcroft, J. 1995. Multicast-specific security threats and counter-measures. In Proceedings of the Symposium on Network and Distributed System Security. Google Scholar
Digital Library
- Bandhakavi, S., Zhang, C. C., and Winslett, M. 2006. Super-sticky and declassifiable release policies for flexible information dissemination control. In Proceedings of the ACM Workshop on Privacy in Electronic Society. 51--58. Google Scholar
Digital Library
- Barth, A., Datta, A., Mitchell, J. C., and Nissenbaum, H. 2006. Privacy and contextual integrity: Framework and applications. In Proceedings of the IEEE Symposium on Security and Privacy. 184--198. Google Scholar
Digital Library
- Bell, D. and La Padula, L. 1975. Secure computer systems: Unified exposition and multics interpretation. Tech. rep. ESD-TR-75-306, MITRE Corp.Google Scholar
- Berkovits, S. 1991. How to broadcast a secret. In Proceedings of the EUROCRYPT’91. 535--541. Google Scholar
Digital Library
- Bertino, E., Bettini, C., and Samarati, P. 1994. A temporal authorization model. In Proceedings of the 2nd ACM Conference on Computer and Communications Security. Google Scholar
Digital Library
- Bertino, E., Bonatti, P., and Ferrari, E. 2001. TRBAC: A temporal role-based access control model. ACM Trans. Info. Syst. Sec. 4, 3, 191--233. Google Scholar
Digital Library
- Chadwick, D. W. and Lievens, S. F. 2008. Enforcing “sticky” security policies throughout a distributed application. In Proceedings of the Workshop on Middleware Security (MidSec’08). 1--6. Google Scholar
Digital Library
- Chiou, G. and Chen, W. 1989. Secure broadcasting using the secure lock. IEEE Trans. Softw. Engin. 15, 8, 929--934. Google Scholar
Digital Library
- Cimatti, A., Clarke, E., Giunchiglia, F., and Roveri, M. 2000. NuSMV: A new symbolic model checker. J. Softw. Tools Tech. Transfer, 410--425.Google Scholar
- Cohen, E., Thomas, R. K., Winsborough, W., and Shands, D. 2002. Models for coalition-based access control (cbac). In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT’02). ACM, New York, NY, 97--106. Google Scholar
Digital Library
- Fiat, A. and Naor, M. 1994. Broadcast Encryption. In Proceedings of Crypto’93. 480--491. Google Scholar
Digital Library
- Freudenthal, E., Pesin, T., Port, L., Keenan, E., and Karamcheti, V. 2002. drbac: Distributed role-based access control for dynamic coalition environments. In Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS’02). IEEE Computer Society, Los Alamitos, CA, 411. Google Scholar
Digital Library
- Gong, L. 1996. Enclaves: Enabling secure collaboration over the internet. In Proceedings of the USENIX Security Symposium. Google Scholar
Digital Library
- Graubart, R. 1989. On the need for a third form of access control. In Proceedings of the 12th National Computer Security Conference. 296--304.Google Scholar
- Harney, H., Muckenhirn, C., and Rivers, T. 1997. Group key management protocol (GKMP) architecture. Tech. rep., RFC 2094, SPARTA Inc. Google Scholar
Digital Library
- Harrison, M., Ruzzo, W., and Ullman, J. 1976. Protection in operating systems. Comm. ACM. Google Scholar
Digital Library
- Jaeger, T. and Tidswell, J. E. 2001. Practical safety in flexible access control models. ACM Trans. Info. Syst. Sec. 4, 2, 158--190. Google Scholar
Digital Library
- Joshi, J. B. D., Bertino, E., Latif, U., and Ghafoor, A. 2005. A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Engin. 17, 1, 4--23. Google Scholar
Digital Library
- Khurana, H. and Gligor, V. D. 2004. A model for access negotiations in dynamic coalitions. In Proceedings of the IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. Google Scholar
Digital Library
- Khurana, H., Gligor, V., and Linn, J. 2002. Reasoning about joint administration of access policies for coalition resources. In Proceedings of the 22nd International Conference on Distributed Computing Systems. 429. Google Scholar
Digital Library
- Kim, Y., Perrig, A., and Tsudik, G. 2000. Simple and fault-tolerant key agreement for dynamic collaborative groups. In Proceedings of the 7th ACM Conference on Computer and Communications Security. 235--244. Google Scholar
Digital Library
- Krishnan, R., Sandhu, R., and Ranganathan, K. 2007. PEI models towards scalable, usable and high-assurance information sharing. In Proceedings of the Symposium on Access Control Models and Technologies (SACMAT’07). ACM, 145--150. Google Scholar
Digital Library
- Krishnan, R., Sandhu, R., Niu, J., and Winsborough, W. 2009a. A conceptual framework for group-centric secure information sharing. In Proceedings of the ACM Symposium on Information, Computer and Communications Security. Google Scholar
Digital Library
- Krishnan, R., Sandhu, R., Niu, J., and Winsborough, W. 2009b. Towards a framework for group-centric secure collaboration. In Proceedings of IEEE International Conference on Collaborative Computing.Google Scholar
- Krishnan, R., Sandhu, R., Niu, J., and Winsborough, W. H. 2009c. Foundations for group-centric secure information sharing models. In Proceedings of the ACM Symposium on Access Control Models and Technologies. Google Scholar
Digital Library
- Krishnan, R., Niu, J., Sandhu, R., and Winsborough, W. 2010. Model checking code for proofs of small carrier cases. http://profsandhu.com/ram_krishnan/tissec_sacmat/index.html.Google Scholar
- Lamport, L. 1977. Proving the correctness of multiprocess programs. IEEE Trans. Softw. Engin. 3, 2, 125--143. Google Scholar
Digital Library
- Lampson, B. W. 1973. A note on the confinement problem. Comm. ACM 16, 10, 613--615. Google Scholar
Digital Library
- Li, N., Mitchell, J. C., and Winsborough, W. H. 2002. Design of a role-based trust-management framework. In Proceedings of the IEEE Symposium on Security and Privacy. Google Scholar
Digital Library
- Lipton, R. and Snyder, L. 1977. A linear time algorithm for deciding subject security. J. ACM. 24, 3. Google Scholar
Digital Library
- McCollum, C., Messing, J., and Notargiacomo, L. 1990. Beyond the pale of MAC and DAC: Defining new forms of access control. In Proceedings of the IEEE Symposium on Security and Privacy. 190--200.Google Scholar
- Mittra, S. 1997. Iolus: A framework for scalable secure multicasting. ACM SIGCOMM Comp. Comm. Rev. Google Scholar
Digital Library
- Mont, M. C., Pearson, S., and Bramhall, P. 2003. Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In Proceedings of the International Workshop on Databases and Expert System Applications. Google Scholar
Digital Library
- ODRL. 2005. The open digital rights language initiative. www.odrl.net.Google Scholar
- Phillips Jr., C. E., Ting, T., and Demurjian, S. A. 2002. Information sharing and security in dynamic coalitions. In Proceedings of the ACM Symposium on Access Control Models and Technologies. Google Scholar
Digital Library
- Pnueli, A. 1977. The temporal logic of programs. In Proceedings of the 18th IEEE Symposium on Foundations of Computer Science. 46--67. Google Scholar
Digital Library
- Rafaeli, S. and Hutchison, D. 2003. A survey of key management for secure group communication. ACM Comput. Surv. 309--329. Google Scholar
Digital Library
- Saltzer, J. and Schroeder, M. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278--1308.Google Scholar
Cross Ref
- Saltzer, J. H. 1974. Protection and the control of information sharing in multics. Comm. ACM 17, 7, 388--402. Google Scholar
Digital Library
- Sandhu, R. 1988a. The schematic protection model: Its definition and analysis for acyclic attenuating schemes. J. ACM 35, 2, 404--432. Google Scholar
Digital Library
- Sandhu, R. 1988b. The ntree: A two dimension partial order for protection groups. ACM Trans. Comput. Syst. 6, 2, 197--222. Google Scholar
Digital Library
- Sandhu, R. 1992. The typed access matrix model. In Proceedings of the IEEE Symposium on Security and Privacy. 122. Google Scholar
Digital Library
- Sandhu, R. 1996. Roles versus groups. In Proceedings of the ACM Workshop on Role Based Access Control. Google Scholar
Digital Library
- Sandhu, R. 2009. The PEI framework for application-centric security. In Proceedings of 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing.Google Scholar
Cross Ref
- Sandhu, R. S. and Share, M. E. 1986. Some owner based schemes with dynamic groups in the schematic protection model. In Proceedings of the IEEE Symposium on Security and Privacy.Google Scholar
- Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. 1996. Role-based access control models. IEEE Comput. 38--47. Google Scholar
Digital Library
- Sandhu, R., Bhamidipati, V., and Munawer, Q. 1999. The ARBAC97 model for role-based administration of roles. ACM Trans. Info. Syst. Sec. 2, 1, 105--135. Google Scholar
Digital Library
- Sandhu, R., Ranganathan, K., and Zhang, X. 2006. Secure information sharing enabled by trusted computing and PEI models. In Proceedings of the ACM Symposium on Information, Computer and Communications Security. 2--12. Google Scholar
Digital Library
- Sandhu, R., Krishnan, R., Niu, J., and Winsborough, W. 2010. Group-centric models for secure and agile information sharing. In Proceedings of the 5th International Conference, on Mathematical Methods, Models, and Architectures for Computer Network Security (MMM-ACNS’10). Springer. Google Scholar
Digital Library
- Shands, D., Yee, R., Jacobs, J., and Sebes, E. 2001. Secure virtual enclaves: Supporting coalition use of distributed application technologies. ACM Trans. Info. Syst. Sec. 4, 2, 103--133. Google Scholar
Digital Library
- Stinson, D. 1997. On some methods for unconditionally secure key distribution and broadcast encryption. Des. Codes Cryptog. 12, 3, 215--243. Google Scholar
Digital Library
- TCG. 2007. TCG specification architecture overview. http://www.trustedcomputinggroup.org.Google Scholar
- Warner, J., Atluri, V., Mukkamala, R., and Vaidya, J. 2007. Using semantics for automatic enforcement of access control policies among dynamic coalitions. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT’07). 235--244. Google Scholar
Digital Library
- White, G. and Granado, N. 2009. Developing a community cyber security incident response capability. In Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS’09). 1--9. Google Scholar
Digital Library
- Wikipedia. 2009. Analog hole.Google Scholar
- Wong, C. K., Gouda, M., and Lam, S. S. 1998. Secure group communications using key graphs. IEEE/ACM Trans. Netw. 68--79. Google Scholar
Digital Library
- XrML. 2001. eXtensible rights Markup Language. www.xrml.org.Google Scholar
- Zeilenga, K., Ed. et al. 2006. Lightweight Directory Access Protocol (LDAP): Tech. Spec. Road Map. http://www.potaroo.net/ietf/idref/draft-zeilenga-ldap-assert/.Google Scholar
Index Terms
Group-Centric Secure Information-Sharing Models for Isolated Groups
Recommendations
A Temporal Model for Group-Centric Secure Information Sharing
WISM '10: Proceedings of the 2010 International Conference on Web Information Systems and Mining - Volume 02Traditional approach to information sharing focuses on attaching attributes and policies to an object as it is disseminated from producers to consumers in a system. In contrast, group-centric sharing brings subjects and objects together in a group to ...
Foundations for group-centric secure information sharing models
SACMAT '09: Proceedings of the 14th ACM symposium on Access control models and technologiesWe develop the foundations for a theory of Group-Centric Secure Information Sharing (g-SIS), characterize a specific family of models in this arena and identify several directions in which this theory can be extended. Traditional approach to information ...
A Times-Based Model for Group-centric Secure Information Sharing
WCSE '10: Proceedings of the 2010 Second World Congress on Software Engineering - Volume 01In this paper, we propose a times-based model for Group-centric Secure Information Sharing(g-SIS). The traditional approach to information sharing focuses on attaching attributes and policies to an object as it is disseminated from producer to consumers ...






Comments