A Security Contextualisation Framework for Digital Long-Term Preservation

Nowadays a growing amount of information not only exists in digital form but was actually born-digital. Digital long-term preservation becomes continuously important and is tackled by several international and national projects like the US National Digital Information Infrastructure and Preservation Program or the EU FP7 SHAMAN Integrated Project. The very essence of long-term preservation is the preserved data, which in turn requires an appropriate security model, which is so far often neglected in the preservation community. To address this problem, we extend the security relevant parts of the Open Archival Information System (OAIS) standard, in which security aspects are underspecified, by a conceptual framework for hierarchical security policy development based on given use-cases for a long- term archival system. The corresponding policies are then distributed and implemented by applying an iterative procedure to turn them into rules before these are then finally enforced. In this paper we describe how to construct a corresponding context model and derive such policies using the iterative approach to assure the system and data security.

[1]  Jana Dittmann,et al.  Ensuring integrity and authenticity for images in digital long-term preservation , 2010, Photonics Europe.

[2]  Martin Pilgram,et al.  Consultative Committee For Space Data Systems , 2009 .

[3]  R. Baskerville,et al.  An information security meta‐policy for emergent organizations , 2002 .

[4]  Jim Boyle,et al.  Accept-Ranges : bytes Content-Length : 55967 Connection : close Content-Type : text / plain Internet Draft , 2012 .

[5]  G. Klyne,et al.  Composite Capability/Preference Profiles (CC/PP) : Structure and Vocabularies , 2001 .

[6]  J. Fridrich Digital Image Forensics Using Sensor Noise , .

[7]  Matthias Hemmje,et al.  Modeling Context for Digital Preservation , 2010, Smart Information and Knowledge Management.

[8]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[9]  Jana Dittmann,et al.  Extending the Clark-Wilson security model for digital long-term preservation use-cases , 2010, Electronic Imaging.

[10]  Claudia Linnhoff-Popien,et al.  A Context Modeling Survey , 2004 .

[11]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[12]  Jana Dittmann,et al.  A context model for microphone forensics and its application in evaluations , 2011, Electronic Imaging.

[13]  Burkhard Stiller,et al.  AAA: a survey and a policy-based architecture and framework , 2002 .

[14]  J. Fridrich,et al.  Digital image forensics , 2009, IEEE Signal Processing Magazine.

[15]  Dinesh C. Verma,et al.  A policy framework for integrated and differentiated services in the Internet , 1999, IEEE Netw..

[16]  Elisa Bertino,et al.  A Trust-Based Context-Aware Access Control Model for Web-Services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[17]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[18]  Kun Yang,et al.  Policy-based active Grid management architecture , 2002, Proceedings 10th IEEE International Conference on Networks (ICON 2002). Towards Network Superiority (Cat. No.02EX588).

[19]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[20]  Jadwiga Indulska,et al.  A survey of context modelling and reasoning techniques , 2010, Pervasive Mob. Comput..