Research Article
A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders
@INPROCEEDINGS{10.4108/icst.collaboratecom.2012.250468, author={khalid bijon and Tahmina Ahmed and Ravi Sandhu and Ram Krishnan}, title={A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders}, proceedings={8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing}, publisher={IEEE}, proceedings_a={COLLABORATECOM}, year={2012}, month={12}, keywords={group centric collaboration; information sharing; lattice based access control}, doi={10.4108/icst.collaboratecom.2012.250468} }
- khalid bijon
Tahmina Ahmed
Ravi Sandhu
Ram Krishnan
Year: 2012
A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders
COLLABORATECOM
ICST
DOI: 10.4108/icst.collaboratecom.2012.250468
Abstract
For various reasons organizations need to collaborate with external consultants, e.g. domain specialists, on specific projects. Many security-oriented organizations deploy multi-level systems which enforce one directional information flow in a lattice of security labels. However, traditional lattice constructions are not suitable for accommodating external consultants, since such consultants are not “true insiders” but rather “expedient insiders” who should receive much more limited privileges than employees. An authorization model for group-centric collaboration with expedient insiders (GEI) has been recently proposed, wherein organizations create groups and replicate the organizational lattice with selected content for such collaborations [4]. Motivated by GEI, in this paper, we formulate a novel lattice construction wherein a new collaboration category is introduced for each new collaboration group, in a manner significantly different from the usual process of defining new security categories in a lattice. In particular, a collaboration category brings together only the required objects and users. We develop a formal model for lattices with collaborative compartments (LCC) comprising administrative and operational parts covering the life-cycle of such collaborations. We formally prove the equivalence of LCC and GEI, thereby precisely characterizing the information flow and security properties of GEI which heretofore had only been informally considered.