Redirection policies for mission-based information sharing

When an access decision function denies a data access request by a mission participant in a mission-critical situation, the mission often suffers. In this paper, we propose a sharing control mechanism that computes and executes requests that are mission-related to denied requests. We extend the Flexible Authorization Framework (FAF)with predicates and hierarchies that permit us to specify authorization rules over denied requests and mission-specific relationships. We illustrate our techniques using a prototypical information sharing scenario, namely an emergency first-responder scenario.

[1]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[2]  Ninghui Li,et al.  Safety in automated trust negotiation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[3]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[4]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[5]  Gail-Joon Ahn,et al.  Proceedings of the tenth ACM symposium on Access control models and technologies , 2003 .

[6]  Roshan K. Thomas,et al.  Flexible team-based access control using contexts , 2001, SACMAT '01.

[7]  David M. Eyers,et al.  Securing Publish/Subscribe for Multi-domain Systems , 2005, Middleware.

[8]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[9]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[10]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[11]  Simon N. Foley,et al.  Synchronisation in Trust Management Using Push Authorisation , 2006, STM.

[12]  Elisa Bertino,et al.  Privacy Protection , 2022 .

[13]  David M. Eyers,et al.  Role-based access control for publish/subscribe middleware architectures , 2003, DEBS '03.

[14]  Sushil Jajodia,et al.  Maintaining privacy on derived objects , 2005, WPES '05.

[15]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[16]  Anne-Marie Kermarrec,et al.  The many faces of publish/subscribe , 2003, CSUR.

[17]  Michael A. Jaeger Self-organizing publish/subscribe , 2005, DSM '05.