INSTITUTE FOR CYBER SECURITY © Ravi Sandhu11 Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security University of Texas at San Antonio

INSTITUTE FOR CYBER SECURITY Collaboration and Groups © Ravi Sandhu2 Group-Centric Information Sharing Collaboration Systems Rich area for theory and practice PC Meeting Merger and Acquisition Design Collaboration Trouble-shooting Collaboration Joint Proposal Research Collaboration …. Metaphor: Secure meeting room Metaphor: Subscription

INSTITUTE FOR CYBER SECURITY Collaboration & Information Sharing Collaboration requires Information Sharing  How else do you collaborate? Share but Differentiate  How much can we differentiate within a collaboration and still meaningfully call it a collaboration? 3 - Entirely bilateral sharing - Bilateral sharing with multi-step chains Too fragmented Too uniform - Equal access for all collaborators Where is the balance? © Ravi Sandhu

INSTITUTE FOR CYBER SECURITY 4 Where is the Balance? We have a proposal for Share but Differentiate “Equality” translates to the technical and semantic concept of a group with the metaphor of a secure meeting room  What is the semantics/policy of a secure meeting room? “Differentiation” translates to groups and sub-groups combined recursively … Groups within Groups within Groups … © Ravi Sandhu

INSTITUTE FOR CYBER SECURITY 5 Divide and Conquer Initial investigation: single group Read only: actually add, remove and read  We have some promising insights Read-Write:  Object model  Version constraints  Just starting to investigate Multiple groups  To be done © Ravi Sandhu

INSTITUTE FOR CYBER SECURITY Group-Centric Sharing © Ravi Sandhu6 GROUP Authz (S,O,R)? Join Leave AddRemove Subjects Objects GROUP Authz (S,O,R)? Strict Join Strict Leave Liberal Add Liberal Remove Liberal Join Liberal Leave Strict Add Strict Remove Subjects Objects

INSTITUTE FOR CYBER SECURITY Group-Centric Models © Ravi Sandhu7 Core Properties Level 1 Level 2 Core Properties  Required of any policy Additional Properties  Level 1 cannot violate Core  Level 2 cannot violate Level 1  …

INSTITUTE FOR CYBER SECURITY Core Properties © Ravi Sandhu8 GROUP Authz (S,O,R)? Join Leave Add Remove Subjects Objects (a) (b) (a) (b) 1. Overlapping Membership Property 2. Persistence Property 3. Liveness Properties 4. Safety Properties

INSTITUTE FOR CYBER SECURITY Level 1 Join Operations  Lossy Vs Lossless Lose existing authorization(s) on Join No lose on Join  Restorative Vs Non-Restorative Restore authorizations from past membership(s) No restoration from past Leave Operations  Gainful Vs Gainless Gain authorization(s) from past membership period No such gain  Restorative Vs Non-Restorative Restore authorization(s) from prior to Join No such restoration © Ravi Sandhu9 GROUP Authz (S,O,R)? Join Leave Add Remove Objects Subjects Level 1 properties for Add and Remove? Fix Level 1 Operations: Lossless Join, Gainless Leave Non-Restorative Join & Leave

INSTITUTE FOR CYBER SECURITY Level 2 © Ravi Sandhu10 Add after Join Add before Join Allow any combination of Level 2 operations

INSTITUTE FOR CYBER SECURITY 11 Read-Write Work in progress  Object Model  Version Constraint Model © Ravi Sandhu

INSTITUTE FOR CYBER SECURITY 12 Conclusion Principles:  Share but Differentiate  … Groups within Groups within Groups … Temporal aspect is critical for policy and semantics of groups for information sharing Partners in this venture  Ram Krishnan, Doctoral candidate, GMU  Jianwei Niu, Asst. Prof., UTSA CS & ICS  W. Winsborough, Assoc. Prof., UTSA CS & ICS © Ravi Sandhu

INSTITUTE FOR CYBER SECURITY Temporal Notation (Backup) © Ravi Sandhu13