A Model of Owner Controlled, Full-Provenance, Non-Persistent, High-Availability Information Sharing
Pages 80 - 89
Abstract
In this paper, we propose principles of information control and sharing that support ORCON (ORiginator COntrolled access control) models while simultaneously improving components of confidentiality, availability, and integrity needed to inherently support, when needed, responsibility to share policies, rapid information dissemination, data provenance, and data redaction. This new paradigm of providing unfettered and unimpeded access to information by authorized users, while at the same time, making access by unauthorized users impossible, contrasts with historical approaches to information sharing that have focused on need to know rather than need to (or responsibility to) share.
References
[1]
Nathaniel Bailey. 1721. An Universal Etymological English Dictionary. London: Printed for T. Osborne {and 27 others}.
[2]
David Elliott Bell and Leonard J. LaPadula. 1975. Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report EST-TR-75-306. Electronic Systems Division, Air Force Systems Command, Hanscom AFB, Bedford, MA.
[3]
Ken Biba. April 1977. Integrity Considerations for Secure Computer Systems. Technical Report MTR-3153. MITRE Corporation, Bedford, MA.
[4]
Matt Bishop. 2003. Computer Security: Art and Science. Addison-Wesley Professional, Boston, MA.
[5]
Roxana Geambasu, Tadayoshi Kohno, Amit Levy, and Henry M Levy. 2009. Vanish: Increasing Data Privacy with Self-Destructing Data. In Proc. of the 18th USENIX Security Symposium.
[6]
Craig Gentry. 2009. A Fully Homomorphic Encryption Scheme. Ph.D. Dissertation. Stanford University.
[7]
James Gosler. 2005. The Digital Dimension. In Transforming U.S. Intelligence, Jennifer E. Sims and Burton L. Gerber (Eds.). Georgetown University Press, 96--114.
[8]
Richard Graubart. 1989. On the Need for a Third Form of Access Control. In Proceedings of the 12th National Computer Security Conference. 296--304.
[9]
Leslie Lamport, Robert Shostak, and Marshall Pease. 1982. The Byzantine Generals Problem. ACM Transactions on Programming Languages and Systems (TOPLAS) 4, 3 (July 1982), 382--401.
[10]
Steven B. Lipner. 1982. Non-Discretionary Controls for Commercial Applications. In Proceedings of the 1982 IEEE Symposium on Security and Privacy. Oakland, CA, 2--10.
[11]
Ralph C. Merkle. 1980. Protocols for Public Key Cryptosystems. In IEEE Symposium on Security and Privacy. IEEE, 122--122.
[12]
Satoshi Nakamoto. 2009. Bitcoin: A Peer-to-Peer Electronic Cash System. http://www.bitcoin.org/bitcoin.pdf. (May 24, 2009).
[13]
Office of the Director of National Intelligence. 2008. United States Intelligence Community Information Sharing Strategy. http://www.dni.gov/reports/IC_Information_Sharing_Strategy.pdf. (Feb. 22 2008).
[14]
Jaehong Park and Ravi Sandhu. 2002. Originator Control in Usage Control. In Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks. IEEE, 60--66.
[15]
Jaehong Park and Ravi Sandhu. 2002. Towards Usage Control Models: Beyond Traditional Access Control. In Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies (SACMAT). 57--64.
[16]
Sean Peisert, Ed Talbot, and Matt Bishop. 2012. Turtles All The Way Down: A Clean-Slate, Ground-Up, First-Principles Approach to Secure Systems. In Proceedings of the 2012 New Security Paradigms Workshop (NSPW). Bertinoro, Italy, 15--26.
[17]
Sean Peisert, Ed Talbot, and Tom Kroeger. 2013. Principles of Authentication. In Proceedings of the 2013 New Security Paradigms Workshop (NSPW). Banff, Canada, 47--56.
[18]
Raluca Ada Popa, Catherine Redfield, Nickolai Zeldovich, and Hari Balakrishnan. 2012. CryptDB: Processing Queries on an Encrypted Database. Commun. ACM 55, 9 (2012), 103--111.
[19]
Raluca Ada Popa, Emily Stark, Jonas Helfer, Steven Valdez, Nickolai Zeldovich, M Frans Kaashoek, and Hari Balakrishnan. 2014. Building Web Applications on Top of Encrypted Data Using Mylar. In Proceedings of the 11th Symposium on Networked Systems Design and Implementation (NSDI). 157--172.
[20]
Adi Shamir. 1979. How to Share a Secret. Communications of the ACM (CACM) 22, 11 (1979), 612--613.
[21]
The White House. 2012. National Strategy for Information Sharing and Safeguarding. http://www.whitehouse.gov/sites/default/files/docs/2012sharingstrategy_1.pdf. (Dec. 2012).
[22]
Tom Walcott and Matt Bishop. 2004. Traducement: A Model for Record Security. ACM Transactions on Information and System Security (TISSEC) 7, 4 (Nov 2004), 576--590.
[23]
Alex Wellerstein. 2013. The Problem of Redaction. http://nuclearsecrecy.com/blog/2013/04/12/the-problem-of-redaction/. (April 12, 2013).
[24]
Andrew Chi-Chih Yao. 1986. How to Generate and Exchange Secrets. In Proceedings of the 27th Annual Symposium on Foundations of Computer Science. IEEE, 162--167.
Index Terms
- A Model of Owner Controlled, Full-Provenance, Non-Persistent, High-Availability Information Sharing
Recommendations
Development of an access control model, system architecture and approaches for resource sharing in virtual enterprise
Secure information sharing is one of key factors for success of virtual enterprise (VE). The study identifies the characteristics of a VE and analyzes the requirements of a VE access control. A Virtual Enterprise Access Control (VEAC) model is proposed ...
A Temporal Model for Group-Centric Secure Information Sharing
WISM '10: Proceedings of the 2010 International Conference on Web Information Systems and Mining - Volume 02Traditional approach to information sharing focuses on attaching attributes and policies to an object as it is disseminated from producers to consumers in a system. In contrast, group-centric sharing brings subjects and objects together in a group to ...
A Times-Based Model for Group-centric Secure Information Sharing
WCSE '10: Proceedings of the 2010 Second World Congress on Software Engineering - Volume 01In this paper, we propose a times-based model for Group-centric Secure Information Sharing(g-SIS). The traditional approach to information sharing focuses on attaching attributes and policies to an object as it is disseminated from producer to consumers ...
Comments
Information & Contributors
Information
Published In
October 2017
138 pages
ISBN:9781450363846
DOI:10.1145/3171533
Copyright © 2017 ACM.
Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.
In-Cooperation
- NSF: National Science Foundation
- ACSA: Applied Computing Security Assoc
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 October 2017
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- National Science Foundation
- Department of Energy
Conference
NSPW '17
Acceptance Rates
Overall Acceptance Rate 98 of 265 submissions, 37%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 237Total Downloads
- Downloads (Last 12 months)47
- Downloads (Last 6 weeks)3
Reflects downloads up to 23 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in