1 / 12

Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor

Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security University of Texas at San Antonio www.ics.utsa.edu www.profsandhu.com. 1. Collaboration and Groups. Collaboration Systems. Group-Centric Information Sharing.

Download Presentation

Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security University of Texas at San Antonio www.ics.utsa.edu www.profsandhu.com 1

  2. Collaboration and Groups Collaboration Systems Group-Centric Information Sharing Metaphor: Subscription • PC Meeting • Merger and Acquisition • Design Collaboration • Trouble-shooting Collaboration • Joint Proposal • Research Collaboration • …. Rich area for theory and practice Metaphor: Secure meeting room

  3. Collaboration & Information Sharing • Collaboration requires Information Sharing • How else do you collaborate? • Share but Differentiate • How much can we differentiate within a collaboration and still meaningfully call it a collaboration? - Entirely bilateral sharing Too fragmented - Bilateral sharing with multi-step chains Where is the balance? Too uniform - Equal access for all collaborators

  4. Where is the Balance? We have a proposal for Share but Differentiate “Equality” translates to the technical and semantic concept of a group with the metaphor of a secure meeting room What is the semantics/policy of a secure meeting room? “Differentiation” translates to groups and sub-groups combined recursively … Groups within Groups within Groups …

  5. Divide and Conquer Initial investigation: single group Read only: actually add, remove and read We have some promising insights Read-Write: Object model Version constraints Just starting to investigate Multiple groups To be done

  6. Group-Centric Sharing Subjects Subjects Strict Leave Strict Join Leave Join GROUP Authz (S,O,R)? Liberal Join LiberalLeave GROUP Authz (S,O,R)? Strict Add Strict Remove Add Remove Liberal Add Liberal Remove Objects Objects

  7. Group-Centric Models • Core Properties • Required of any policy • Additional Properties • Level 1 cannot violate Core • Level 2 cannot violate Level 1 • … Level 2 Level 1 Core Properties

  8. Core Properties Subjects 1. Overlapping Membership Property Leave Join GROUP Authz (S,O,R)? 2. Persistence Property 3. Liveness Properties (a) Add Remove Objects (b) 4. Safety Properties (a) (b)

  9. Level 1 Subjects • Join Operations • Lossy Vs Lossless • Lose existing authorization(s) on Join • No lose on Join • Restorative Vs Non-Restorative • Restore authorizations from past membership(s) • No restoration from past • Leave Operations • Gainful Vs Gainless • Gain authorization(s) from past membership period • No such gain • Restorative Vs Non-Restorative • Restore authorization(s) from prior to Join • No such restoration Leave Join GROUP Authz (S,O,R)? Add Remove Objects Level 1 properties for Add and Remove? Fix Level 1 Operations: Lossless Join, Gainless Leave Non-Restorative Join & Leave

  10. Level 2 Allow any combination of Level 2 operations Add after Join Add before Join

  11. Read-Write Work in progress Object Model Version Constraint Model

  12. Conclusion Principles: Share but Differentiate … Groups within Groups within Groups … Temporal aspect is critical for policy and semantics of groups for information sharing Partners in this venture Ram Krishnan, Doctoral candidate, GMU Jianwei Niu, Asst. Prof., UTSA CS & ICS W. Winsborough, Assoc. Prof., UTSA CS & ICS

More Related