skip to main content
research-article

Group-Centric Secure Information-Sharing Models for Isolated Groups

Published:01 November 2011Publication History
Skip Abstract Section

Abstract

Group-Centric Secure Information Sharing (g-SIS) envisions bringing users and objects together in a group to facilitate agile sharing of information brought in from external sources as well as creation of new information within the group. We expect g-SIS to be orthogonal and complementary to authorization systems deployed within participating organizations. The metaphors “secure meeting room” and “subscription service” characterize the g-SIS approach.

The focus of this article is on developing the foundations of isolated g-SIS models. Groups are isolated in the sense that membership of a user or an object in a group does not affect their authorizations in other groups. Present contributions include the following: formal specification of core properties that at once help to characterize the family of g-SIS models and provide a “sanity check” for full policy specifications; informal discussion of policy design decisions that differentiate g-SIS policies from one another with respect to the authorization semantics of group operations; formalization and verification of a specific member of the family of g-SIS models; demonstration that the core properties are logically consistent and mutually independent; and identification of several directions for future extensions.

The formalized specification is highly abstract. Besides certain well-formedness requirements that specify, for instance, a user cannot leave a group unless she is a member, it constrains only whether user-level read and write operations are authorized and it does so solely in terms of the history of group operations; join and leave for users and add, create, and remove for objects. This makes temporal logic one of the few formalisms in which the specification can be clearly and concisely expressed. The specification serves as a reference point that is the first step in deriving authorization-system component specifications from which a programmer with little security expertise could implement a high-assurance enforcement system for the specified policy.

Skip Supplemental Material Section

Supplemental Material

References

  1. Abrams, M., Heaney, J., King, O., LaPadula, L., Lazear, M., and Olson, I. 1991. Generalized framework for access control: Towards prototyping the ORGCON Policy. In Proceedings of the National Computer Security Conference.Google ScholarGoogle Scholar
  2. Ahn, G.-J., Mohan, B., and Hong, S.-P. 2007. Towards secure information sharing using role-based delegation. J. Netw. Comput. Appl. 30, 1, 42--59. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Atluri, V. and Warner, J. 2004. Automatic enforcement of access control policies among dynamic coalitions. In Proceedings of the International Conference on Distributed Computing and Internet Technology. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Badger, L., Sterne, D. F., Sherman, D. L., Walker, K. M., and Haghighat, S. A. 1995. Practical domain and type enforcement for UNIX. In Proceedings of the IEEE Symposium on Security and Privacy (SP’95). IEEE Computer Society, Los Alamitos, CA, 66. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Ballardie, A. 1996. Scalable multicast key distribution. http://rsync.tools.ietf.org/html.rfc1949.Google ScholarGoogle Scholar
  6. Ballardie, T. and Crowcroft, J. 1995. Multicast-specific security threats and counter-measures. In Proceedings of the Symposium on Network and Distributed System Security. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Bandhakavi, S., Zhang, C. C., and Winslett, M. 2006. Super-sticky and declassifiable release policies for flexible information dissemination control. In Proceedings of the ACM Workshop on Privacy in Electronic Society. 51--58. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Barth, A., Datta, A., Mitchell, J. C., and Nissenbaum, H. 2006. Privacy and contextual integrity: Framework and applications. In Proceedings of the IEEE Symposium on Security and Privacy. 184--198. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Bell, D. and La Padula, L. 1975. Secure computer systems: Unified exposition and multics interpretation. Tech. rep. ESD-TR-75-306, MITRE Corp.Google ScholarGoogle Scholar
  10. Berkovits, S. 1991. How to broadcast a secret. In Proceedings of the EUROCRYPT’91. 535--541. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Bertino, E., Bettini, C., and Samarati, P. 1994. A temporal authorization model. In Proceedings of the 2nd ACM Conference on Computer and Communications Security. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Bertino, E., Bonatti, P., and Ferrari, E. 2001. TRBAC: A temporal role-based access control model. ACM Trans. Info. Syst. Sec. 4, 3, 191--233. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Chadwick, D. W. and Lievens, S. F. 2008. Enforcing “sticky” security policies throughout a distributed application. In Proceedings of the Workshop on Middleware Security (MidSec’08). 1--6. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Chiou, G. and Chen, W. 1989. Secure broadcasting using the secure lock. IEEE Trans. Softw. Engin. 15, 8, 929--934. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Cimatti, A., Clarke, E., Giunchiglia, F., and Roveri, M. 2000. NuSMV: A new symbolic model checker. J. Softw. Tools Tech. Transfer, 410--425.Google ScholarGoogle Scholar
  16. Cohen, E., Thomas, R. K., Winsborough, W., and Shands, D. 2002. Models for coalition-based access control (cbac). In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT’02). ACM, New York, NY, 97--106. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Fiat, A. and Naor, M. 1994. Broadcast Encryption. In Proceedings of Crypto’93. 480--491. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Freudenthal, E., Pesin, T., Port, L., Keenan, E., and Karamcheti, V. 2002. drbac: Distributed role-based access control for dynamic coalition environments. In Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS’02). IEEE Computer Society, Los Alamitos, CA, 411. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Gong, L. 1996. Enclaves: Enabling secure collaboration over the internet. In Proceedings of the USENIX Security Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Graubart, R. 1989. On the need for a third form of access control. In Proceedings of the 12th National Computer Security Conference. 296--304.Google ScholarGoogle Scholar
  21. Harney, H., Muckenhirn, C., and Rivers, T. 1997. Group key management protocol (GKMP) architecture. Tech. rep., RFC 2094, SPARTA Inc. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Harrison, M., Ruzzo, W., and Ullman, J. 1976. Protection in operating systems. Comm. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Jaeger, T. and Tidswell, J. E. 2001. Practical safety in flexible access control models. ACM Trans. Info. Syst. Sec. 4, 2, 158--190. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Joshi, J. B. D., Bertino, E., Latif, U., and Ghafoor, A. 2005. A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Engin. 17, 1, 4--23. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Khurana, H. and Gligor, V. D. 2004. A model for access negotiations in dynamic coalitions. In Proceedings of the IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Khurana, H., Gligor, V., and Linn, J. 2002. Reasoning about joint administration of access policies for coalition resources. In Proceedings of the 22nd International Conference on Distributed Computing Systems. 429. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Kim, Y., Perrig, A., and Tsudik, G. 2000. Simple and fault-tolerant key agreement for dynamic collaborative groups. In Proceedings of the 7th ACM Conference on Computer and Communications Security. 235--244. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Krishnan, R., Sandhu, R., and Ranganathan, K. 2007. PEI models towards scalable, usable and high-assurance information sharing. In Proceedings of the Symposium on Access Control Models and Technologies (SACMAT’07). ACM, 145--150. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Krishnan, R., Sandhu, R., Niu, J., and Winsborough, W. 2009a. A conceptual framework for group-centric secure information sharing. In Proceedings of the ACM Symposium on Information, Computer and Communications Security. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Krishnan, R., Sandhu, R., Niu, J., and Winsborough, W. 2009b. Towards a framework for group-centric secure collaboration. In Proceedings of IEEE International Conference on Collaborative Computing.Google ScholarGoogle Scholar
  31. Krishnan, R., Sandhu, R., Niu, J., and Winsborough, W. H. 2009c. Foundations for group-centric secure information sharing models. In Proceedings of the ACM Symposium on Access Control Models and Technologies. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Krishnan, R., Niu, J., Sandhu, R., and Winsborough, W. 2010. Model checking code for proofs of small carrier cases. http://profsandhu.com/ram_krishnan/tissec_sacmat/index.html.Google ScholarGoogle Scholar
  33. Lamport, L. 1977. Proving the correctness of multiprocess programs. IEEE Trans. Softw. Engin. 3, 2, 125--143. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Lampson, B. W. 1973. A note on the confinement problem. Comm. ACM 16, 10, 613--615. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Li, N., Mitchell, J. C., and Winsborough, W. H. 2002. Design of a role-based trust-management framework. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Lipton, R. and Snyder, L. 1977. A linear time algorithm for deciding subject security. J. ACM. 24, 3. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. McCollum, C., Messing, J., and Notargiacomo, L. 1990. Beyond the pale of MAC and DAC: Defining new forms of access control. In Proceedings of the IEEE Symposium on Security and Privacy. 190--200.Google ScholarGoogle Scholar
  38. Mittra, S. 1997. Iolus: A framework for scalable secure multicasting. ACM SIGCOMM Comp. Comm. Rev. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Mont, M. C., Pearson, S., and Bramhall, P. 2003. Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In Proceedings of the International Workshop on Databases and Expert System Applications. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. ODRL. 2005. The open digital rights language initiative. www.odrl.net.Google ScholarGoogle Scholar
  41. Phillips Jr., C. E., Ting, T., and Demurjian, S. A. 2002. Information sharing and security in dynamic coalitions. In Proceedings of the ACM Symposium on Access Control Models and Technologies. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Pnueli, A. 1977. The temporal logic of programs. In Proceedings of the 18th IEEE Symposium on Foundations of Computer Science. 46--67. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Rafaeli, S. and Hutchison, D. 2003. A survey of key management for secure group communication. ACM Comput. Surv. 309--329. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Saltzer, J. and Schroeder, M. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278--1308.Google ScholarGoogle ScholarCross RefCross Ref
  45. Saltzer, J. H. 1974. Protection and the control of information sharing in multics. Comm. ACM 17, 7, 388--402. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Sandhu, R. 1988a. The schematic protection model: Its definition and analysis for acyclic attenuating schemes. J. ACM 35, 2, 404--432. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Sandhu, R. 1988b. The ntree: A two dimension partial order for protection groups. ACM Trans. Comput. Syst. 6, 2, 197--222. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Sandhu, R. 1992. The typed access matrix model. In Proceedings of the IEEE Symposium on Security and Privacy. 122. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Sandhu, R. 1996. Roles versus groups. In Proceedings of the ACM Workshop on Role Based Access Control. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Sandhu, R. 2009. The PEI framework for application-centric security. In Proceedings of 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing.Google ScholarGoogle ScholarCross RefCross Ref
  51. Sandhu, R. S. and Share, M. E. 1986. Some owner based schemes with dynamic groups in the schematic protection model. In Proceedings of the IEEE Symposium on Security and Privacy.Google ScholarGoogle Scholar
  52. Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. 1996. Role-based access control models. IEEE Comput. 38--47. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Sandhu, R., Bhamidipati, V., and Munawer, Q. 1999. The ARBAC97 model for role-based administration of roles. ACM Trans. Info. Syst. Sec. 2, 1, 105--135. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Sandhu, R., Ranganathan, K., and Zhang, X. 2006. Secure information sharing enabled by trusted computing and PEI models. In Proceedings of the ACM Symposium on Information, Computer and Communications Security. 2--12. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Sandhu, R., Krishnan, R., Niu, J., and Winsborough, W. 2010. Group-centric models for secure and agile information sharing. In Proceedings of the 5th International Conference, on Mathematical Methods, Models, and Architectures for Computer Network Security (MMM-ACNS’10). Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. Shands, D., Yee, R., Jacobs, J., and Sebes, E. 2001. Secure virtual enclaves: Supporting coalition use of distributed application technologies. ACM Trans. Info. Syst. Sec. 4, 2, 103--133. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Stinson, D. 1997. On some methods for unconditionally secure key distribution and broadcast encryption. Des. Codes Cryptog. 12, 3, 215--243. Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. TCG. 2007. TCG specification architecture overview. http://www.trustedcomputinggroup.org.Google ScholarGoogle Scholar
  59. Warner, J., Atluri, V., Mukkamala, R., and Vaidya, J. 2007. Using semantics for automatic enforcement of access control policies among dynamic coalitions. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT’07). 235--244. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. White, G. and Granado, N. 2009. Developing a community cyber security incident response capability. In Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS’09). 1--9. Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. Wikipedia. 2009. Analog hole.Google ScholarGoogle Scholar
  62. Wong, C. K., Gouda, M., and Lam, S. S. 1998. Secure group communications using key graphs. IEEE/ACM Trans. Netw. 68--79. Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. XrML. 2001. eXtensible rights Markup Language. www.xrml.org.Google ScholarGoogle Scholar
  64. Zeilenga, K., Ed. et al. 2006. Lightweight Directory Access Protocol (LDAP): Tech. Spec. Road Map. http://www.potaroo.net/ietf/idref/draft-zeilenga-ldap-assert/.Google ScholarGoogle Scholar

Index Terms

  1. Group-Centric Secure Information-Sharing Models for Isolated Groups

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Information and System Security
        ACM Transactions on Information and System Security  Volume 14, Issue 3
        November 2011
        133 pages
        ISSN:1094-9224
        EISSN:1557-7406
        DOI:10.1145/2043621
        Issue’s Table of Contents

        Copyright © 2011 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 1 November 2011
        • Accepted: 1 February 2011
        • Revised: 1 October 2010
        • Received: 1 March 2010
        Published in tissec Volume 14, Issue 3

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Research
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!