External Labeling as a Framework for Access Control

Abstract

With the ever increasing volume of data existing on and passing through on-line resources together with a growing number of legitimate users of that information and potential adversaries, the need for better security and safeguards is immediate and critical. Currently, most of the security and safeguards afforded on-line information are provided externally by the infrastructure and are based on security information that is also maintained by that infrastructure. As the infrastructure increases in size and interconnection, the more insecure the movement of information throughout the infrastructure becomes. The interconnection of different infrastructures means that there is a need for greater need for coordination between the infrastructures. Unfortunately, this is not always possible. An alternative to strict reliance on the infrastructure is to include security attributes along with the objects that need to be secured. It is possible to improve the security of this information by attaching the external security labels to these objects. These external labels, which contain the required security information, are transferred as an integral part of the object’s migration throughout the infrastructure. This dissertation presents a framework for using external labels that will provide better safeguards for securing information. This framework is object based and as such is applicable to anything, virtual or real-world, that can be represented or treated as ‘an object’. It discusses how each entity within the infrastructure must be labeled to support the increase in security as well as provide the framework for assessing the user and system labels against those of the information objects. This dissertation presents and details the key features of the labeling solutions and explains the reasons why each of the features is necessary for the labeling framework to secure objects. The framework is based on securely attaching labels to the objects, while still allowing for the separation of the labels from the object. This separation must take place without the lessening the security afforded the objects. The second feature of the framework is the treatment of the object labels, themselves. The framework applies labels to the objects being protected, the users requesting access to the objects, and the end user and intermediate systems handling the objects. This provides for better management of the environment and therefore greater security for the objects. The final key feature of the framework is abstract nature of the objects and their labels. This framework places no limitation on either the objects being secured or the content of the labels. Any information that can be treated as an object can be handled by this framework. Also, any rules that can be modeled can be supported by the framework. This framework as proposed by this dissertation includes several types of labels that can be used to secure objects. This types of labels presented can be easily extended to meet the unique needs of the infrastructure without lessening the framework, itself. Additionally, this dissertation extends the use of labels to address security problems beyond simple access control. It demonstrates how object labeling can be used to secure multiple objects in a confederated manner, rather than as individual objects. Information is no longer being processed in small collections, but rather as large collections of information gathered from numerous sources. This framework is able to be managed these large collections in an effective manner. Further extensions include using labels to handle data aggregation and the avoidance of sensitivity escalation. Having access to larger collections increases the risk that too much information can be collocated or accessed at the same time. This dissertation presents tools and techniques for using the framework to minimize and control how information is aggregated in order to reduce these risks. Also, the framework can be used to insure that information aggregates don’t result in the creation of information set which are “more” sensitive than the original information.