Securing information flows: A metadata framework

Recently, risk-based information trading has emerged as a new paradigm for securely sharing information across traditional organizational boundaries. In this paradigm, the risk of sharing information between organizations is characterized using expected losses (due, for example, to (un)intended information disclosure) and billed to a recipient. However, within risk-based information trading systems, quantifying the risks associated with sharing information is a non-trivial task, particularly when risk calculations depend on a number of factors. In this paper we introduce a data-centric metadata framework that extends risk-based information trading approaches by allowing one or more domains to exchange sensitive information based on metadata evaluated against internal risk assessments of the domains. We present a use case of our metadata framework using a coalition military scenario, wherein information flows can be controlled and regulated by our framework whilst allowing sufficiently high-quality tactical information to be disseminated.

[1]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[2]  Ian Molloy,et al.  Trading in risk: using markets to improve access control , 2009, NSPW '08.

[3]  D. Roberts,et al.  Holistan: A Futuristic Scenario for International Coalition Operations , 2007, 2007 International Conference on Integration of Knowledge Intensive Multi-Agent Systems.

[4]  William A. Arbaugh,et al.  Toward secure key distribution in truly ad-hoc networks , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[5]  Paolo Santi,et al.  COMMIT: a sender-centric truthful and energy-efficient routing protocol for ad hoc networks with selfish nodes , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[6]  Kenneth G. Paterson,et al.  Trust management for secure information flows , 2008, CCS.

[7]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[8]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[9]  Jean-Pierre Hubaux,et al.  The quest for security in mobile ad hoc networks , 2001, MobiHoc '01.

[10]  Hector Garcia-Molina,et al.  PPay: micropayments for peer-to-peer systems , 2003, CCS '03.

[11]  Claudia Keser,et al.  Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).