6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Harm Schotanus et al.<br />
2.3.1 Secure labelled release<br />
Meta-information can also be used to protect, i.e. ensure that information is not shared. For example<br />
do not share objects for which the meta-information says that the creation date is the current month.<br />
Or do not share videos with a resolution higher than 640x480. Or do not share presentation files<br />
which are classified ‘NATO CONFIDENTIAL’ or higher. We address a specific case where criteria that<br />
are suitable for determining the releasability to another domain are carried in meta-information bound<br />
to an information object as secure labelled release.<br />
2.3.2 Dissemination of release information<br />
Somewhere in the middle of duty-to-share and duty-to-protect is the usage to include metainformation<br />
to inform the recipient about any restrictions or responsibilities when processing or resharing<br />
the information. We address this by the moniker disseminating release information.<br />
These developments are not without consequences or certain security challenges. Especially in the<br />
areas of binding meta-information to information and protecting the integrity of (a) this binding, (b) the<br />
information and (c) the meta-information has to be carefully designed. When meta-information is used<br />
in a sharing mechanism and a user on a local workstation can create meta-information, then the<br />
(integrity of the) workstation and its components become critical because an insecure or untrusted<br />
operating system might trick a user into sharing the wrong information. The required level of<br />
assurance depends largely on the level of security that needs to be attained but is also affected by the<br />
specific application of meta-data.<br />
There must also be a fundament to build the meta-information on, such as a system to store and<br />
manage meta-information, retrieve the meta-information given the information itself or vice versa. And<br />
there are many other related challenges in handling data, e.g. how to handle to conflicting sets of<br />
meta-information, how can meta-information be revoked or changed, and so on. These issues need to<br />
be addressed in an information management system 1 .<br />
3. Labelling: An incremental approach<br />
In the previous section we have seen that labelling has manifold purposes. The emphasis has mostly<br />
been on secure labelled release for exchanging information across different security domains. We<br />
propose an incremental approach in which partially related developments are tied together so that<br />
functionality enabled by labelling can be realised step-by-step. This has two main advantages. One, it<br />
will make the development process better organised and hence can be more efficient and costeffective.<br />
Second, users and organisations can benefit from labelling directly because the new<br />
functionality can be used as soon as the step is completed. This is also beneficial for the userexperience.<br />
To achieve this incremental approach, a clear overview is needed of which steps must be taken to<br />
realise each of the intermediate functionality whilst ensuring that the ultimate goal, which is also the<br />
most complex, can still be reached. In this section we propose a plan to achieve the secure labelled<br />
release in a series of smaller, incremental steps that add useful functionality to existing or new<br />
processes. We distinguish four phases:<br />
1. Information lifecycle management<br />
2. Disseminating cross-domain information<br />
3. Integrity protection<br />
4. Secure labelled release.<br />
3.1 Information lifecycle management<br />
In this context, labelling functionality is used to improve information management within a single<br />
information domain. A user may add additional meta-information to an information object, such as the<br />
author, title, publication date, classification – the possibilities are virtually endless. This enables<br />
various management functionality to be used on the document as discussed in Section 2, including<br />
archiving, searching, and deleting information.<br />
1<br />
An information management system comprises more aspects than a content management system that is merely a container<br />
to store and share information within a single domain.<br />
231