6th International ICST Conference on Collaborative Computing: Networking, Applications, Worksharing

Research Article

Towards Secure Information Sharing models for community Cyber Security

Download153 downloads
  • @INPROCEEDINGS{10.4108/icst.collaboratecom.2010.3,
        author={Ravi Sandhu and Ram Krishnan and Gregory B. White},
        title={Towards Secure Information Sharing models for community Cyber Security},
        proceedings={6th International ICST Conference on Collaborative Computing: Networking, Applications, Worksharing},
        publisher={IEEE},
        proceedings_a={COLLABORATECOM},
        year={2011},
        month={5},
        keywords={Authorization Communities Computational modeling Computer security Mathematical model},
        doi={10.4108/icst.collaboratecom.2010.3}
    }
    
  • Ravi Sandhu
    Ram Krishnan
    Gregory B. White
    Year: 2011
    Towards Secure Information Sharing models for community Cyber Security
    COLLABORATECOM
    ICST
    DOI: 10.4108/icst.collaboratecom.2010.3
Ravi Sandhu1,*, Ram Krishnan2,*, Gregory B. White1,*
  • 1: Dept. of Computer Science, Institute for Cyber Security, University of Texas at San Antonio
  • 2: Dept. of Electrical and Computer Engineering, Institute for Cyber Security, University of Texas at San Antonio
*Contact email: ravi.sandhu@utsa.edu, ram.krishnan@utsa.edu, greg.white@utsa.edu

Abstract

In this paper, we motivate the need for new models for Secure Information Sharing (SIS) in the specific domain of community cyber security. We believe that similar models will be applicable in numerous other domains. The term community in this context refers to a county or larger city size unit with a clearly demarcated geographical boundary aligned more or less with a governance boundary. Our choice of the community domain is based on the decade long experience of the Center for Infrastructure Assurance and Security (CIAS), now part of the Institute for Cyber Security (ICS-CIAS) at the University of Texas at San Antonio. Over the past decade ICS-CIAS has conducted cyber security preparedness exercises and training at communities throughout the nation specifically dealing with communication, incident response, disaster recovery, business continuity, security awareness and similar issues. We discuss the insights gained from these frequent exercises to illustrate the limitations of prior models for SIS, such as discretionary access control, mandatory access control and role-based access control. Specifically, we argue that these traditional models, while effective in addressing the issues that they were developed for, lack the agility to dynamically configure a system to facilitate SIS scenarios such as monitoring and response during a community cyber security incident life cycle. We discuss how our current research efforts at the Institute for Cyber Security on group-centric SIS models directly address the limitations of existing models in such scenarios.