• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>4th ACM symposium on information, computer and communications security 2009 >A Conceptual Framework for Group-Centric Secure Information Sharing
【24h】

A Conceptual Framework for Group-Centric Secure Information Sharing

机译:以组为中心的安全信息共享的概念框架

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

In this paper, we propose a conceptual framework for developing a family of models for Group-Centric information sharing. The traditional approach to information sharing, characterized as Dissemination-Centric in this paper, focuses on attaching attributes and policies to an object (sometimes called "sticky policies") as it is disseminated from producers to consumers in a system. In contrast, Group-Centric sharing envisions bringing the subjects and objects together in a group to facilitate sharing. The metaphor is that of a secure meeting room where participants and information come together to "share" information for some common purpose. Another metaphor is that of the subscription model where, depending on policy, joining users may or may not be authorized to access past content. We argue that in such contexts, and in accordance with different application use cases, authorizations are influenced by the temporal ordering of subject and object group membership and by the precise nature of membership operations. For instance some subjects may only get future information added to the group while others may also be able to access previously added information. We develop a lattice of models based on variations of these basic membership operations, and discuss usage scenarios to illustrate practical applications of this lattice. Two principles guide Group-Centric models. First, "share but differentiate" which promotes sharing while differentiating user authorizations depending on temporal aspect of membership. Next, "groups within groups" which advocates relationships (such as a hierarchy) between multiple groups. In this paper, we confine our attention to read accesses in a single group.
机译:在本文中,我们提出了一个概念框架,用于开发一组以组为中心的信息共享模型。本文中以“传播为中心”为特征的传统信息共享方法着重于将属性和策略附加到对象(有时称为“粘性策略”)上,因为它是从生产者向系统中的消费者传播的。相比之下,以组为中心的共享设想将主题和对象组合在一起以促进共享。隐喻是一个安全的会议室,参与者和信息聚集在一起以出于某些共同目的“共享”信息。另一个隐喻是订阅模型的隐喻,其中,根据策略,加入用户可能会或可能未被授权访问过去的内容。我们认为,在这种情况下,并根据不同的应用程序使用案例,授权受主体和客体组成员资格的时间顺序以及成员资格操作的确切性质的影响。例如,某些主题可能只会将将来的信息添加到该组中,而其他主题可能还能够访问以前添加的信息。我们基于这些基本成员资格操作的变体开发了一个模型网格,并讨论了使用场景以说明该网格的实际应用。两项原则指导以小组为中心的模型。首先,“共享但有所区别”在促进共享的同时,根据成员资格的时间方面来区分用户授权。接下来,“组内的组”提倡多个组之间的关系(例如层次结构)。在本文中,我们将注意力集中在单个组中的读取访问上。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号