Modelling Uncertain and Time-Dependent Security Labels in MLS Systems

J.A. Clark, J.E. Tapiador, J. McDermid, P.C. Cheng, D. Agrawal, N. Ivanic, D. Slogget

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Traditional multi-level security (MLS) systems associate security clearances with subjects, security classifications with objects, and provide a clear decision mechanism as to whether an access request should be granted or not. Many organisations, especially those in the national security and intelligence arena, are increasingly viewing the inflexibility of such models as a major inhibitor for missions where there is a need to rapidly process, share and disseminate large quantities of sensitive information. One reason for such inflexibility is the fact that subject and object labels are fixed assessments of sensitivity, whereas in practice there will inevitably be some uncertainty about the potential damage caused if a document falls into the wrong hands. Furthermore, the operational reality of many modern systems dictates a temporal element to the actual sensitivity of an object. In this paper we propose to model both security labels and clearances as time-varying probability distributions. We provide practical templates to model both uncertainty and temporally characterised dependencies, and show how these features can be naturally integrated into an access control framework based on quantified risk.
Original languageEnglish
Title of host publicatione-Business and Telecommunications
Subtitle of host publication7th International Joint Conference, ICETE 2010, Athens, Greece, July 26-28, 2010, Revised Selected Papers
PublisherSpringer
Pages158-171
Number of pages14
ISBN (Electronic)978-3-642-25206-8
ISBN (Print)978-3-642-25205-1
DOIs
Publication statusPublished - 2012

Publication series

NameCommunications in Computer and Information Science
PublisherSpringer
Volume222
ISSN (Print)1865-0929

Cite this