INSTITUTE FOR CYBER SECURITY

© Ravi Sandhu 11

Group-Centric Information Sharing

Ravi SandhuExecutive Director and Endowed Professor

Institute for Cyber SecurityUniversity of Texas at San Antonio

www.ics.utsa.eduwww.profsandhu.com

INSTITUTE FOR CYBER SECURITY Collaboration and Groups

© Ravi Sandhu 2

Group-CentricInformation

Sharing

CollaborationSystems

Rich area for theory and practice

• PC Meeting• Merger and Acquisition• Design Collaboration• Trouble-shooting Collaboration• Joint Proposal• Research Collaboration• ….

Metaphor: Secure meeting room

Metaphor: Subscription

INSTITUTE FOR CYBER SECURITY Collaboration & Information Sharing

Collaboration requires Information Sharing How else do you collaborate?

Share but Differentiate How much can we differentiate within a

collaboration and still meaningfully call it a collaboration?

3

- Entirely bilateral sharing

- Bilateral sharing with multi-step chainsToo fragmented

Too uniform - Equal access for all collaborators

Where is the balance?

© Ravi Sandhu

INSTITUTE FOR CYBER SECURITY

4

Where is the Balance?

We have a proposal for Share but Differentiate

“Equality” translates to the technical and semantic concept of a group with the metaphor of a secure meeting room What is the semantics/policy of a secure

meeting room? “Differentiation” translates to groups

and sub-groups combined recursively … Groups within Groups within Groups

…© Ravi Sandhu

INSTITUTE FOR CYBER SECURITY

5

Divide and Conquer Initial investigation: single group Read only: actually add, remove and

read We have some promising insights

Read-Write: Object model Version constraints Just starting to investigate

Multiple groups To be done

© Ravi Sandhu

INSTITUTE FOR CYBER SECURITY Group-Centric Sharing

© Ravi Sandhu 6

GROUP

Authz (S,O,R)?

Join Leave

Add Remove

Subjects

Objects

GROUP

Authz (S,O,R)?

Strict Join

Strict Leave

Liberal Add

Liberal Remove

LiberalJoin

LiberalLeave

StrictAdd

StrictRemove

Subjects

Objects

INSTITUTE FOR CYBER SECURITY Group-Centric Models

© Ravi Sandhu 7

Core Properties

Level 1

Level 2

Core Properties Required of any policy

Additional Properties Level 1 cannot violate Core Level 2 cannot violate Level

1 …

INSTITUTE FOR CYBER SECURITY Core Properties

© Ravi Sandhu 8

GROUP

Authz (S,O,R)?

Join Leave

Add Remove

Subjects

Objects

(a)

(b)

(a)

(b)

1. Overlapping Membership Property

2. Persistence Property

3. Liveness Properties

4. Safety Properties

INSTITUTE FOR CYBER SECURITY Level 1 Join Operations

Lossy Vs Lossless Lose existing authorization(s) on Join No lose on Join

Restorative Vs Non-Restorative Restore authorizations from past

membership(s) No restoration from past

Leave Operations Gainful Vs Gainless

Gain authorization(s) from past membership period

No such gain Restorative Vs Non-Restorative

Restore authorization(s) from prior to Join

No such restoration

© Ravi Sandhu 9

GROUP

Authz (S,O,R)?

Join Leave

Add RemoveObjects

Subjects

Level 1 properties for Add and Remove?

Fix Level 1 Operations:Lossless Join, Gainless LeaveNon-Restorative Join & Leave

INSTITUTE FOR CYBER SECURITY Level 2

© Ravi Sandhu 10

Add after Join

Add before Join

Allow any combination of Level 2 operations

INSTITUTE FOR CYBER SECURITY

11

Read-Write Work in progress

Object Model Version Constraint Model

© Ravi Sandhu

INSTITUTE FOR CYBER SECURITY

12

Conclusion Principles:

Share but Differentiate … Groups within Groups within Groups …

Temporal aspect is critical for policy and semantics of groups for information sharing

Partners in this venture Ram Krishnan, Doctoral candidate, GMU Jianwei Niu, Asst. Prof., UTSA CS & ICS W. Winsborough, Assoc. Prof., UTSA CS &

ICS

© Ravi Sandhu