Secure and Flexible Information Sharing in Coalition Environments

Abstract

Secure and Flexible Information Sharing in Coalition EnvironmentsOrganizations increasingly need to share information securely and flexibly in coalition (federated) environments. Imagine a search and rescue mission involving vessels from government, private, and even foreign organizations. It is desirable to allow a vessel that wants to join the mission to gain access to information related to the mission automatically based on the context (the location and intention of the vessel) and the access control policy.One increasingly popular way of sharing information is through cloud-based storage such as Google Drive, Drop Box, iCloud, OneDrive, or Box because of its convenience. However, this solution is neither secure nor flexible. For example, many users send collaborators an email invitation with a link to the shared folder without additional authorization. If a collaborator s email account is compromised or the email is intercepted (e.g., by sniffer attack), adversaries can easily gain access to the shared folder which may contain critical information. There are also new types of attacks that use cloud storage service to launch attacks (e.g., man-in-the-cloud attack exploits cloud-based file synchronization service). More importantly, the sharing permissions need to be set manually so this solution is neither flexible nor context/situation aware. Technical merit: This project aims at developing novel techniques to support secure and flexible information sharing in coalition environments. To address the security issues, we propose ways to represent and automatically reason about context-aware secure sharing policies (e.g., to decide whether sending email invitation without further authorization violates the policy) as well astechniques to monitor data sharing activities and automatically detect abnormal patterns (e.g., manning- the-cloud attacks often demonstrate abnormal synchronization activities). Unlike most existing research that focus on security at server side (the cloud service provider), our solution focuses on client side (end users and enterprises) because users are often the weakest link. To address flexibility issues, we will develop a prototype system that supports context-awareaccess control in federated systems. Unlike most existing work that only considers contextawareness in a single organization, we will address challenges unique for federated systems including distributed trust management (members in a federated system cannot be fully trusted)and federated reasoning (the decision making process involves multiple members because each member has its own policy and contexts).Broader Impact: If the project is completed successfully, it will generate a new machine-readable representation of context-aware confidentiality policies in coalition environments, new methods to automatically enforce these policies, and new methods to monitor and detect abnormal behavior. These results will facilitate flexible and secure sharing in coalition environments. We will alsointegrate education and research and involve students (both midshipmen and UMBC students) in this project.

Document Details

Document Type

DoD Grant Award

Publication Date

Jul 10, 2018

Source ID

N000141812452

Entities

Tags