A Metadata Calculus for Securing Information Flows
Abstract
Traditional approaches to information sharing use a highly conservative approach to deduce the metadata for an output object x derived from input objects y(sub 1), y(sub 2), ... , y(sub n) [e.g.: maximum over the security labels of all input objects]. Such approaches does not account for functions that explicitly down- grade the value of an object. Consequently, the security labels in traditional approaches tend to monotonically increase as newer objects are derived from existing ones. In this paper we present a novel metadata calculus for securing information flows. The metadata calculus defines a metadata vector space that supports a time varying value function that is computed as a function of the object's metadata and operators "+" (plus) and "." (dot) to compute the metadata of an output object that is derived by downgrading, transforming or fusing other objects. We also describe a concrete realization of our metadata calculus wherein the tightness of our value estimates competes in an optimization problem. We present several tradeoffs with space and accuracy and explore a spectrum of solutions ranging from conservative to risk-based value estimates.
Document Details
- Document Type
- Technical Report
- Publication Date
- Dec 01, 2008
- Accession Number
- ADA503526
Entities
People
- Dakshi Agrawal
- Mudhakar Srivatsa
- Shane Balfe
Organizations
- IBM Thomas J. Watson Research Center