Abstract:
With the ever increasing volume of data existing on and passing through on-line
resources together with a growing number of legitimate users of that information and
potential adversaries, the need for better security and safeguards is immediate and
critical. Currently, most of the security and safeguards afforded on-line information are
provided externally by the infrastructure and are based on security information that is
also maintained by that infrastructure. As the infrastructure increases in size and
interconnection, the more insecure the movement of information throughout the
infrastructure becomes. The interconnection of different infrastructures means that there
is a need for greater need for coordination between the infrastructures. Unfortunately,
this is not always possible.
An alternative to strict reliance on the infrastructure is to include security attributes along
with the objects that need to be secured. It is possible to improve the security of this
information by attaching the external security labels to these objects. These external labels, which contain the required security information, are transferred as an integral part
of the object’s migration throughout the infrastructure. This dissertation presents a
framework for using external labels that will provide better safeguards for securing
information. This framework is object based and as such is applicable to anything,
virtual or real-world, that can be represented or treated as ‘an object’. It discusses how
each entity within the infrastructure must be labeled to support the increase in security as
well as provide the framework for assessing the user and system labels against those of
the information objects.
This dissertation presents and details the key features of the labeling solutions and
explains the reasons why each of the features is necessary for the labeling framework to
secure objects. The framework is based on securely attaching labels to the objects, while
still allowing for the separation of the labels from the object. This separation must take
place without the lessening the security afforded the objects. The second feature of the
framework is the treatment of the object labels, themselves. The framework applies
labels to the objects being protected, the users requesting access to the objects, and the
end user and intermediate systems handling the objects. This provides for better
management of the environment and therefore greater security for the objects. The final
key feature of the framework is abstract nature of the objects and their labels. This
framework places no limitation on either the objects being secured or the content of the
labels. Any information that can be treated as an object can be handled by this
framework. Also, any rules that can be modeled can be supported by the framework.
This framework as proposed by this dissertation includes several types of labels that can be used to secure objects. This types of labels presented can be easily extended to meet
the unique needs of the infrastructure without lessening the framework, itself.
Additionally, this dissertation extends the use of labels to address security problems
beyond simple access control. It demonstrates how object labeling can be used to secure
multiple objects in a confederated manner, rather than as individual objects. Information
is no longer being processed in small collections, but rather as large collections of
information gathered from numerous sources. This framework is able to be managed
these large collections in an effective manner. Further extensions include using labels to
handle data aggregation and the avoidance of sensitivity escalation. Having access to
larger collections increases the risk that too much information can be collocated or
accessed at the same time. This dissertation presents tools and techniques for using the
framework to minimize and control how information is aggregated in order to reduce
these risks. Also, the framework can be used to insure that information aggregates don’t
result in the creation of information set which are “more” sensitive than the original
information.