Achille Fokoue
ABSTRACT
In both the commercial and defense sectors a compelling need is emerging for highly dynamic, yet risk optimized, sharing of information across traditional organizational boundaries. Risk optimal decisions to disseminate mission critical tactical intelligence information to the pertinent actors in a timely manner is critical for a mission's success. In this paper1, we argue that traditionally decision support mechanisms for information sharing (such as Multi-Level Security (MLS)) besides being rigid and situation agnostic, do not offer explanations and diagnostics for non-shareability. This paper exploits rich security metadata and semantic knowledgebase that captures domain specific concepts and relationships to build a logic for risk optimized information sharing. We show that the proposed approach is: (i) flexible: e.g., sensitivity of tactical information decays with space, time and external events, (ii) situation-aware: e.g., encodes need-to-know based access control policies, and more importantly (iii) supports explanations for non-shareability; these explanations in conjunction with rich security metadata and domain ontology allows a sender to intelligently transform information (e.g., downgrade information, say, by deleting participant list in a meeting) with the goal of making transformed information shareable with the recipient. In this paper, we will describe an architecture for secure information sharing using a publicly available hybrid semantic reasoner and present several illustrative examples that highlight the benefits of our proposal over traditional approaches.
- SHER: Scalable highly expressive reasoner. http://www.alphaworks.ibm.com/tech/sher.Google Scholar
- F. Baader, D. Calvanese, D. McGuinness, D. Nardi, and P. Patel-Schneider. The Description Logic Handbook. Cambridge University Press, 2003. Google ScholarDigital Library
- L. Bauer, S. Garriss, and M. K. Reiter. Distributed Proving in Access Control Systems. In IEEEGoogle Scholar
- Symposium on Security and Privacy, 2005.Google Scholar
- M. Y. Becker and P. Sewell. Cassandra: Distributed Access Control Policies with Tunable Expressiveness. In POLICY, 2004.Google Scholar
- D. E. Bell and L. J. LaPadula. Secure Computer Systems: Mathematical Foundation. Technical Report 2547, vol 1, MITRE Corporation, 1973.Google Scholar
- P.-C. Cheng, P. Rohatgi, C. Keser, P. Karger, G. Wagner, and A. Reninger. Fuzzy Multi-LevelGoogle Scholar
- Security: An Experiment on Quantified Risk-Adaptive Access Control. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP 2007), pages 222--230. IEEE Computer Society, 2007. Google ScholarDigital Library
- J. Dolby, A. Fokoue, A. Kalyanpur, A. Kershenbaum, E. Schonberg, K. Srinivas, and L. Ma. Scalable semantic retrieval through summarization and refinement. In AAAI, pages 299--304, 2007. Google ScholarDigital Library
- J. Dolby, A. Fokoue, A. Kalyanpur, L. Ma, E. Schonberg, K. Srinivas, and X. Sun. Scalable grounded conjunctive query evaluation over large and expressive knowledge bases. In International Semantic Web Conference, pages 403--418, 2008. Google ScholarDigital Library
- R. Fikes, D. Ferrucci, and D. Thurman. Knowledge associates for novel intelligence (kani). In https://analysis.mitre.org/proceedings/Final Papers Files/174 Camera Ready Paper.pdf, 2005.Google Scholar
- I. Horrocks, U. Sattler, and S. Tobies. Reasoning with individuals for the description logic SHIQ. Proc. of 17th Int.Conf. on Automated Deduction, pages 482--496, 2000. Google ScholarDigital Library
- C. K. J. Karat and C. Brodie. SPARCLE Policy Management Workbench. http://domino.research.ibm.com/comm/research projects.nsf/pages/sparcle.index.html.Google Scholar
- A. Kalyanpur. Debugging and Repair of OWL-DL Ontologies. PhD thesis, University of Maryland, https://drum.umd.edu/dspace/bitstream/1903/3820/1/umi-umd-3665.pdf, 2006. Google ScholarDigital Library
- A. Kapadia, G. Sampemane, and R. H. Campbell. Know Why Your Access Was Denied: Regulating Feedback for Usable Security. In 11th ACM Conference on Computer and Communication Security (CCS), 2004. Google ScholarDigital Library
- D. Koller, A. Y. Levy, and A. Pfeffer. P-classic: A tractable probablistic description logic. In AAAI/IAAI, pages 390--397, 1997. Google ScholarDigital Library
- T. Lukasiewicz. Probabilistic description logics for the semantic web. In http://www.kr.tuwien.ac.at/staff/lukasiew/rr0605.pdf, 2007.Google Scholar
- C. F. M. Y. Becker and A. D. Gordon. Design and Semantics of a Decentralized Authorization Language. In 20th IEEE Computer Security Foundations Symposium (CSFW), 2007. Google ScholarDigital Library
- Y. Ma, P. Hitzler, and Z. Lin. Paraconsistent reasoning for expressive and tractable description logics. In Description Logics, 2008.Google Scholar
- C. McCollum and J. M. L. Notargiacomo. Beyond the Pale of MAC and DAC-Defining New Forms of Access Control. In Proceedings of the 1990 IEEE Symposium on Security and Privacy (S&P 1990), pages 190--200. IEEE Computer Society, 1990.Google Scholar
- A. Myers and B. Liskov. Complete Safe Inforamtion Flow with Decentralized Labels. In Proceedings of the 1998 IEEE Symposium on Security and Privacy (S&P 1998), pages 186--197. IEEE Computer Society, 2001.Google Scholar
- J. P. Office. HORIZONTAL INTEGRATION: Broader Access Models for Realizing Information Dominance. Special Report JSR-04-13, MITRE Corporation, 2004.Google Scholar
- D. Roberts, G. Lock, and D. Verma. Holistan: A Futuristic Scenario for International Coalition Operations. In In 4th IntlConference on Knowledge Systems for Coalition Operations (KSCO), 2007.Google ScholarCross Ref
- M. Srivatsa, D. Agrawal, and S. Balfe. A metadata calculus for securing information flows. In Proceedings of 26st Army Science Conference (ASC), 2008.Google Scholar
- M. Srivatsa, P. Rohatgi, S. Balfe, and S. Reidt. Securing information flows: A metadata framework. In Proceedings of 1st IEEE Workshop on Quality of Information for Sensor Networks (QoISN), 2008.Google ScholarCross Ref
- U. Straccia. A fuzzy description logic. In AAAI/IAAI, pages 594--599, 1998. Google ScholarDigital Library
- U. Straccia. Towards a fuzzy description logic for the semantic web. In ESWC, pages 167--181, 2005. Google ScholarDigital Library
- N. Swamy, B. J. Corcoran, and M. Hicks. Fable: A language for enforcing user-defined security policies. In IEEE Symposium on Security and Privacy, 2008. Google ScholarDigital Library
- N. Swamy and M. Hicks. Verified enforcement of automaton-based information release policies. In Proceedings of 2008 ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), 2008. Google ScholarDigital Library
- J. Vaughan and S. Zdancewic. A Cryptographic Decentralized Label Model. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (S&P 2007), pages 192--206. IEEE Computer Society, 2007. Google ScholarDigital Library
- M. Winslett, C. C. Zhang, and P. A. Bonatti. PeerAccess: A Logic for Distributed Authorization. In 12th ACM Conference on Computer and Communication Security (CCS), 2005 Google ScholarDigital Library
Index Terms
- A decision support system for secure information sharing
Recommendations
Performance evaluation of semantic reasoners
COMAD '13: Proceedings of the 19th International Conference on Management of DataAs the performance of semantic reasoners change significantly with regard to all included characteristics, and therefore requires assessment and evaluation before selecting an appropriate reasoner for a given application. There are number of inference ...
Semantic SenseLab: Implementing the vision of the Semantic Web in neuroscience
Objective: Integrative neuroscience research needs a scalable informatics framework that enables semantic integration of diverse types of neuroscience data. This paper describes the use of the Web Ontology Language (OWL) and other Semantic Web ...
Formal semantics-preserving translation from fuzzy ER model to fuzzy OWL DL ontology
Ontology is an important part of the W3C standards for the Semantic Web, and how to quickly and cheaply construct Web ontologies has become a key technology to enable the Semantic Web. However, information imprecision and uncertainty exist in many real-...
Comments