TY - GEN
T1 - Modelling Uncertain and Time-Dependent Security Labels in MLS Systems
AU - Clark, J.A.
AU - Tapiador, J.E.
AU - McDermid, J.
AU - Cheng, P.C.
AU - Agrawal, D.
AU - Ivanic, N.
AU - Slogget, D.
PY - 2012
Y1 - 2012
N2 - Traditional multi-level security (MLS) systems associate security clearances with subjects, security classifications with objects, and provide a clear decision mechanism as to whether an access request should be granted or not. Many organisations, especially those in the national security and intelligence arena, are increasingly viewing the inflexibility of such models as a major inhibitor for missions where there is a need to rapidly process, share and disseminate large quantities of sensitive information. One reason for such inflexibility is the fact that subject and object labels are fixed assessments of sensitivity, whereas in practice there will inevitably be some uncertainty about the potential damage caused if a document falls into the wrong hands. Furthermore, the operational reality of many modern systems dictates a temporal element to the actual sensitivity of an object. In this paper we propose to model both security labels and clearances as time-varying probability distributions. We provide practical templates to model both uncertainty and temporally characterised dependencies, and show how these features can be naturally integrated into an access control framework based on quantified risk.
AB - Traditional multi-level security (MLS) systems associate security clearances with subjects, security classifications with objects, and provide a clear decision mechanism as to whether an access request should be granted or not. Many organisations, especially those in the national security and intelligence arena, are increasingly viewing the inflexibility of such models as a major inhibitor for missions where there is a need to rapidly process, share and disseminate large quantities of sensitive information. One reason for such inflexibility is the fact that subject and object labels are fixed assessments of sensitivity, whereas in practice there will inevitably be some uncertainty about the potential damage caused if a document falls into the wrong hands. Furthermore, the operational reality of many modern systems dictates a temporal element to the actual sensitivity of an object. In this paper we propose to model both security labels and clearances as time-varying probability distributions. We provide practical templates to model both uncertainty and temporally characterised dependencies, and show how these features can be naturally integrated into an access control framework based on quantified risk.
UR - http://www.scopus.com/inward/record.url?scp=84857620663&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-25206-8_10
DO - 10.1007/978-3-642-25206-8_10
M3 - Conference contribution
SN - 978-3-642-25205-1
T3 - Communications in Computer and Information Science
SP - 158
EP - 171
BT - e-Business and Telecommunications
PB - Springer
ER -