In both the commercial and defense sectors a compelling need is emerging for rapid, yet secure, dissemination of information to the concerned actors. For example, in a commercial setting, the ability of multiple partners to come together, share sensitive business information and coordinate activities to rapidly respond to business opportunities is becoming a key driver for success. Similarly, in a military setting, traditional wars between armies of nation-states are being replaced by highly dynamic missions where teams of soldiers, strategists, logisticians, and support personnel, fight against elusive enemies that easily blend into the civilian population. Securely disseminating mission critical tactical intelligence to the pertinent people in a timely manner will be a critical factor in a mission's success.
Within a single organization, it is possible to allow sharing of information while managing the risk of information disclosure by appropriately labeling (or classifying) information with its secrecy characteristics and performing an in-depth security assessment of its systems and users to create controls necessary to protect information commensurate with its label. Such a security/risk assessment will typically comprise a number of stakeholders and be carried out in a number of stages, including: system characterization, threat and vulnerability identification, control analysis, likelihood determination and impact analysis. Subsequently, policies can be put in place that will permit information to be shared within different parts of the organizations, provided that the recipient has necessary controls in place to protect the information. However, such an approach may not be viable for information sharing across organizations as one organization will typically not permit another to perform a security assessment of its internal systems, controls and people. In dynamic settings, where systems and processes evolve rapidly and there are transient needs for sharing tactical, time-sensitive information across organizational boundaries, a new approach of securing information flows is required.
Recently, new approaches based on risk estimation and economic mechanisms have been proposed for enabling the sharing of information in uncertain environments [P.-C. Cheng and P. Rohatgi and C. Keser and P. A. Karger and G. M. Wagner and A. S. Reninger in a referenced entitled “Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control,” in Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP 2007), 2007, pp. 222-230, Jason Program Office in a reference entitled “HORIZONTAL INTEGRATION: Broader Access Models for Realizing Information Dominance,” MITRE Corporation, Special Report JSR-04-13, 2004, and, M. Srivatsa and D. Agrawal and S. Balfe in a reference entitled “Trust Management for Secure Information Flows,” in Proceedings of 15th ACM Conference on Computer and Communication Security (CCS), 2008. These approaches are based on the idea that the sender constantly updates the estimate of the risk of information disclosure when providing information to a receiver based on the secrecy of the information to be divulged and the sender's estimate on the trustworthiness of the recipient. The sender then “charges” the recipient for this estimated risk. The recipient, in turn, can decide which type of information is most useful to him and “pay” (using its line of risk credit) only to access those pieces of information. However, past work is largely empirical in estimating the risk of information disclosure and in addition, it fails to holistically model the uncertainty in detecting information leakage.
As an alternative to economic mechanisms, in order to encourage behavioral conformity in ad-hoc groups one can also employ incentive mechanisms which have received a lot of attention in recent years. To date, the goal of such works has been to either reward “good” behavior, or punish “bad” behavior. In one conventional technique, for example, entities exchange tokens as a means of charging for/rewarding service usage/provision. Entities which behave correctly and forward packets are rewarded with additional tokens which, in turn, may be spent on forwarding their own packets. However, these approaches also fail to model the uncertainty in detecting good/bad behavior when making appropriate reward/punishment decisions.
There currently exists an increase in demand for solutions that allow for rapid yet secure sharing of information.
It would be highly desirable to provide a system and method that enables the generation of a decision theoretic model for securing such information flows by reducing the risk of data leakage.