Information sharing and security in dynamic coalitions

Today, information sharing is critical to almost every institution. There is no more critical need for information sharing than during an international crisis, when international coalitions dynamically form. In the event of a crisis, whether it is humanitarian relief, natural disaster, combat operations, or terrorist incidents, international coalitions have an immediate need for information. These coalitions are formed with international cooperation, where each participating country offers whatever resources it can muster to support the given crisis. These situations can occur suddenly, simultaneously, and without warning. Often times, participants are coalition partners in one crisis and adversaries in another, raising difficult security issues with respect to information sharing. Our specific interest is in the Dynamic Coalition Problem (DCP), with an emphasis on the information sharing and security risks when coalitions are formed in response to a crisis. This paper defines the DCP and explores its intricate, challenging, and complex information and resource sharing, and security issues, utilizing real-world situations, which are drawn from a military domain.

[1]  S. Zdancewic,et al.  Principals in Programming Languages: A Syntactic Proof Technique , 1999, ICFP.

[2]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[3]  T. C. Ting,et al.  Towards a Definitive Paradigm for Security in Object-Oriented Systems and Applications , 1997, Journal of computing and security.

[4]  Ravi S. Sandhu,et al.  The ARBAC99 model for administration of roles , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[5]  Robbin F. Laird,et al.  The Revolution in Military Affairs: Allied Perspectives , 1999 .

[6]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[7]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[8]  Trent Jaeger On the increasing importance of constraints , 1999, RBAC '99.

[9]  T. C. Ting Application Information Security Semantics: A Case of Mental Health Delivery , 1989, DBSec.

[10]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[11]  N. Johnson The MITRE corporation , 1961, ACM National Meeting.

[12]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[13]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[14]  Ravi S. Sandhu,et al.  Role-Based Access Control , 1998, Adv. Comput..

[15]  Ronald Reagan,et al.  Executive Order 12356: National Security Information , 1982 .

[16]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[17]  T. C. Ting,et al.  Towards Information Assurance for Dynamic Coalitions , 2002 .

[18]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[19]  David F. Ferraiolo An argument for the role-based access control model , 2001, SACMAT '01.

[20]  T. C. Ting,et al.  Role-Based Security in a Distributed Resource Environment , 2000, DBSec.

[21]  Steven A. Demurjian,et al.  Security Engineering for Roles and Resources in a Distributed Environment , 2002 .

[22]  Z. M. Sikora Security and Integrity , 1997 .

[23]  T. C. Ting A User-Role Based Data Security Approach , 1988, Database Security.

[24]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.