8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

Research Article

A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders

Download564 downloads
  • @INPROCEEDINGS{10.4108/icst.collaboratecom.2012.250468,
        author={khalid bijon and Tahmina Ahmed and Ravi Sandhu and Ram Krishnan},
        title={A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders},
        proceedings={8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing},
        publisher={IEEE},
        proceedings_a={COLLABORATECOM},
        year={2012},
        month={12},
        keywords={group centric collaboration; information sharing; lattice based access control},
        doi={10.4108/icst.collaboratecom.2012.250468}
    }
    
  • khalid bijon
    Tahmina Ahmed
    Ravi Sandhu
    Ram Krishnan
    Year: 2012
    A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders
    COLLABORATECOM
    ICST
    DOI: 10.4108/icst.collaboratecom.2012.250468
khalid bijon1,*, Tahmina Ahmed1, Ravi Sandhu1, Ram Krishnan1
  • 1: University of Texas at San Antonio
*Contact email: zaman.khalid@gmail.com

Abstract

For various reasons organizations need to collaborate with external consultants, e.g. domain specialists, on specific projects. Many security-oriented organizations deploy multi-level systems which enforce one directional information flow in a lattice of security labels. However, traditional lattice constructions are not suitable for accommodating external consultants, since such consultants are not “true insiders” but rather “expedient insiders” who should receive much more limited privileges than employees. An authorization model for group-centric collaboration with expedient insiders (GEI) has been recently proposed, wherein organizations create groups and replicate the organizational lattice with selected content for such collaborations [4]. Motivated by GEI, in this paper, we formulate a novel lattice construction wherein a new collaboration category is introduced for each new collaboration group, in a manner significantly different from the usual process of defining new security categories in a lattice. In particular, a collaboration category brings together only the required objects and users. We develop a formal model for lattices with collaborative compartments (LCC) comprising administrative and operational parts covering the life-cycle of such collaborations. We formally prove the equivalence of LCC and GEI, thereby precisely characterizing the information flow and security properties of GEI which heretofore had only been informally considered.