A Model of Owner Controlled, Full-Provenance, Non-Persistent, High-Availability Information Sharing

In this paper, we propose principles of information control and sharing that support ORCON (ORiginator COntrolled access control) models while simultaneously improving components of confidentiality, availability, and integrity needed to inherently support, when needed, responsibility to share policies, rapid information dissemination, data provenance, and data redaction. This new paradigm of providing unfettered and unimpeded access to information by authorized users, while at the same time, making access by unauthorized users impossible, contrasts with historical approaches to information sharing that have focused on need to know rather than need to (or responsibility to) share.

[1]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[2]  Matt Bishop,et al.  Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems , 2012, NSPW '12.

[3]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[4]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[5]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[6]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[7]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[8]  Hari Balakrishnan,et al.  Building Web Applications on Top of Encrypted Data Using Mylar , 2014, NSDI.

[9]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[10]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[11]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[12]  Jaehong Park,et al.  Originator Control in Usage Control , 2002, POLICY.

[13]  Matt Bishop,et al.  Traducement: A model for record security , 2004, TSEC.

[14]  Steven B. Lipner,et al.  Non-Discretionery Controls for Commercial Applications , 1982, 1982 IEEE Symposium on Security and Privacy.

[15]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[16]  Sean Peisert,et al.  Principles of authentication , 2013, NSPW '13.

[17]  Hari Balakrishnan,et al.  CryptDB: processing queries on an encrypted database , 2012, CACM.

[18]  Adi Shamir,et al.  How to share a secret , 1979, CACM.