© Ravi Sandhu www.list.gmu.edu The Secure Information Sharing Problem and Solution Approaches Ravi Sandhu Professor of Information Security and Assurance.

Slides:



Advertisements
Similar presentations
Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
Advertisements

Variations of the Turing Machine
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Zhongxing Telecom Pakistan (Pvt.) Ltd
Cyber-Identity, Authority and Trust in an Uncertain World
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
1 PEI Models towards Scalable, Usable and High-assurance Information Sharing Ram Krishnan Laboratory for Information Security Technology George Mason University.
© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.
Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.
Information Assurance: A Personal Perspective
Stale-Safe Security Properties for Secure Information Sharing Ram Krishnan (GMU) Jianwei Niu (UT San Antonio) Ravi Sandhu (UT San Antonio) William Winsborough.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
Institute for Cyber Security
© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
© Ravi Sandhu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Distributed Systems Architectures
Chapter 7 System Models.
Chapter 7 Constructors and Other Tools. Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 7-2 Learning Objectives Constructors Definitions.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
1 Hyades Command Routing Message flow and data translation.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination. Introduction to the Business.
1 Introducing the Specifications of the Metro Ethernet Forum MEF 19 Abstract Test Suite for UNI Type 1 February 2008.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt Wants.
1 Chapter 12 File Management Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
© Tally Solutions Pvt. Ltd. All Rights Reserved Shoper 9 License Management December 09.
Impressive Star Softwares (P) Ltd. Presents Sent Item Box-Detail of Mails from Tally ( 1.0 )
© SafeNet Confidential and Proprietary Administering SafeNet StorageSecure Smart Card Module 3: Lesson 5 SafeNet StorageSecure Storage Security Course.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Exercise Session 5.
User Friendly Price Book Maintenance A Family of Enhancements For iSeries 400 DMAS from Copyright I/O International, 2006, 2007, 2008, 2010 Skip Intro.
XML and Databases Exercise Session 3 (courtesy of Ghislain Fourny/ETH)
Project Management from Simple to Complex
CS 6143 COMPUTER ARCHITECTURE II SPRING 2014 ACM Principles and Practice of Parallel Programming, PPoPP, 2006 Panel Presentations Parallel Processing is.
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..
Jim Haywood (Product Manager for Statutory Returns) Adopted from Care - Spring Release 2014.
Defect Tolerance for Yield Enhancement of FPGA Interconnect Using Fine-grain and Coarse-grain Redundancy Anthony J. YuGuy G.F. Lemieux September 15, 2005.
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
Copyright © 2013 by John Wiley & Sons. All rights reserved. HOW TO CREATE LINKED LISTS FROM SCRATCH CHAPTER Slides by Rick Giles 16 Only Linked List Part.
Page 1 of 43 To the ETS – Bidding Query by Map Online Training Course Welcome This training module provides the procedures for using Query by Map for a.
GEtServices Services Training For Suppliers Requests/Proposals.
Chapter 2 Entity-Relationship Data Modeling: Tools and Techniques
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
Essential Cell Biology
PSSA Preparation.
Chapter 11 Creating Framed Layouts Principles of Web Design, 4 th Edition.
Chapter 13 The Data Warehouse
Chapter 13 Web Page Design Studio
Energy Generation in Mitochondria and Chlorplasts
Introduction to ikhlas ikhlas is an affordable and effective Online Accounting Solution that is currently available in Brunei.
© Paradigm Publishing, Inc Excel 2013 Level 2 Unit 2Managing and Integrating Data and the Excel Environment Chapter 6Protecting and Sharing Workbooks.
Know About E-CTLT Teachers Panel and working area.
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
INSTITUTE FOR CYBER SECURITY 1 Enforcement Architecture and Implementation Model for Group-Centric Information Sharing © Ravi Sandhu Ram Krishnan (George.
Presentation transcript:

© Ravi Sandhu The Secure Information Sharing Problem and Solution Approaches Ravi Sandhu Professor of Information Security and Assurance George Mason University

© Ravi Sandhu 2 Three Themes Secure Information Sharing (IS) Share but Protect Mother of all Security Problems Trusted Computing (TC) Policy-Enforcement- Implementation Layers (PEI) & Usage Control Models (UCON) Work in Progress

© Ravi Sandhu 3 Basic premise Software alone cannot provide an adequate foundation for trust Old style Trusted Computing (1970 – 1990s) Multics system Capability-based computers –Intel 432 vis a vis Intel 8086 Trust with security kernel based on military-style security labels –Orange Book: eliminate trust from applications Whats new (2000s) Hardware and cryptography-based root of trust –Trust within a platform –Trust across platforms Rely on trust in applications –No Trojan Horses or –Mitigate Trojan Horses and bugs by legal and reputational recourse What is Trusted Computing (TC)? Massive paradigm shift Prevent information leakage by binding information to Trusted Viewers on the client How best to leverage this technology?

© Ravi Sandhu 4 What is Information Sharing? The mother of all security problems Share but protect Requires controls on the client Server-side controls do not scale to high assurance Bigger than (but includes) Retail DRM (Digital Rights Management) Enterprise DRM

© Ravi Sandhu 5 What is Information Sharing? Strength of Enforcement Content type and valueWeakMediumStrong Sensitive and proprietaryPassword-protected documentsSoftware-based client controls for documents Hardware based trusted viewers, displays and inputs Revenue drivenIEEE, ACM digital libraries protected by server access controls DRM-enabled media players such as for digital music and eBooks Dongle-based copy protection, hardware based trusted viewers, displays and inputs Sensitive and revenueAnalyst and business reports protected by server access controls Software-based client controls for documents Hardware based trusted viewers, displays and inputs Roshan Thomas and Ravi Sandhu, Towards a Multi-Dimensional Characterization of Dissemination Control. POLICY04.

FunctionalityStrength of enforcement SimpleComplexWeak/MediumStrong Legally enforceable versus system enforced rights. Reliance on legal enforcement; Limited system enforced controls. Strong system- enforceable rights, revocable rights. Dissemination chains and flexibility. Limited to one-step disseminations. Flexible, multi-step, and multi-point.Mostly legal enforcement;System enforceable controls. Object types supported.Simple, read-only and single- version objects. Support for complex, multi-version objects. Support for object sensitivity/confidentiality. Reliance on legally enforceable rights. System supported and enforceable rights and sanitization on multiple versions. Persistence and modifiability of rights and licenses. Immutable, persistent and viral on all disseminated copies. Not viral and modifiable by recipient.Reliance on legally enforceable rights. System enforceable. Online versus offline access and persistent client-side copies No offline access and no client- side copies. Allows offline access to client-side copies. Few unprotected copies are tolerated. No unprotected copies are tolerated. Usage controlsControl of basic dissemination.Flexible, rule-based usage controls on instances. Some usage abuse allowed.No potential for usage abuse. Preservation of attribution. Recipient has legal obligation to give attribution to disseminator. System-enabled preservation and trace- back of the attribution chain back to original disseminator. Attribution can only be legally enforced. Attribution is system enforced. RevocationSimple explicit revocations.Complex policy-based revocation.No timeliness guarantees.Guaranteed to take immediate effect. Support for derived and value-added objects. Not supported.Supported.Reliance on legally enforceable rights. System enforceable rights for derived and valued-added objects. Integrity protection for disseminated objects. Out of band or non-crypto based validation. Cryptographic schemes for integrity validation. Off-line validation.High-assurance cryptographic validation. AuditAudit support for basic dissemination operations. Additional support for the audit of instance usage. Offline audit analysis.Real-time audit analysis and alerts. PaymentSimple payment schemes (if any). Multiple pricing models and payment schemes including resale. Tolerance of some revenue loss. No revenue loss; Objective is to maximize revenue. With current state of knowledge the information sharing space is too complex to characterize in a comprehensive manner Look for sweet spots that are of practical interest and where progress (and killer products) can be made Roshan Thomas and Ravi Sandhu, Towards a Multi-Dimensional Characterization of Dissemination Control. POLICY04.

© Ravi Sandhu 7 Classic Approaches to Information Sharing Discretionary Access Control (DAC), Lampson 1971 Fundamentally broken Controls access to the original but not to copies (or extracts) Mandatory Access Control (MAC), Bell-LaPadula 1971 Solves the problem for coarse-grained sharing –Thorny issues of covert channels, inference, aggregation remain but can be confronted Does not scale to fine-grained sharing –Super-exponential explosion of security labels is impractical –Fallback to DAC for fine-grained control (as per the Orange Book) is pointless Originator Control (ORCON), Graubart 1989 Propagated access control lists: let copying happen but propagate ACLs to copies (or extracts) Not very successful

© Ravi Sandhu 8 Modern Approach to Information Sharing Prevent leakage by binding information to Trusted Viewers on the client Use a mix of cryptographic and access control techniques Cryptography and Trusted Computing primitives enable encapsulation of content in a Trusted Viewer Trusted Viewer cannot see plaintext unless it has the correct keys Access control enables fine-grained control and flexible policy enforcement by the Trusted Viewer Trusted Viewer will not display plaintext (even though it can) unless policy requirements are met Enables policy flexibility and policy-mechanism separation Without use of hardware-rooted Trusted Computing assurance of client-side controls is very weak

© Ravi Sandhu 9 PEI Models Framework

© Ravi Sandhu 10 Scoping Information Sharing Problem: Objective Layer Scoping the Problem Read-only (versus read-write) Document-level controls (versus query-level control) Superdistribution (encrypt once, access wherever authorized) Support for off-line access without advance set-up (with usage limits) Scoping the Solution Two-phase enforcement –Enroll TPM (Trusted Platform Module) and LaGrande equipped client computer into a Group –Within the Group impose additional policy-based controls Required to support super-distribution Supports fine-grained controls and policy flexibility Limits instant and pre- emptive revocation

© Ravi Sandhu 11 PEI Models Framework

© Ravi Sandhu 12 Various states of a member in a group Initial state: Never been a member State I Currently a member State II Past member State III enrolldis- enroll enroll

© Ravi Sandhu 13 Access policies for State I Initial state: Never been a member State I Currently a member State II Past member State III enrolldis- enroll 1. Straight-forward. User has no access to any group documents. enroll

© Ravi Sandhu 14 Access policies for State II Initial state: Never been a member State I Currently a member State II Past member State III enrolldis- enroll 1. Access to current documents only (or) 2. Access to current documents and past documents 3. Access can be further restricted with rate and/or usage limits 4. Access can be further restricted on basis of individual user credentials enroll

© Ravi Sandhu 15 Access policies for State III Initial state: Never been a member State I Currently a member State II Past member State III enrolldis- enroll 1. Past member loses access to all documents (or) 2. can access any document created during his membership (or) 3. can access documents he accessed during membership (or) 4. can access all documents created before he left the group (this includes the ones created before his join time) 5. all subject to possible additional rate, usage and user credential restrictions enroll

© Ravi Sandhu 16 Access policies for State II.re-enroll Initial state: Never been a member State I Currently a member State II Past member State III enrolldis- enroll 1. No rejoin of past members is allowed, rejoin with new ID (or) 2. Past members rejoin the group just like any other user who has never been a member 3. The same access policies defined during his prior membership should again be enforced (or) 4. access policies could vary between membership cycles enroll

© Ravi Sandhu 17 Use-case 1 Access policies: II.1, III.1, II.re-enroll.1 Intels ViiV: A typical scenario in libraries, book-stores, cafes, etc. a.A master system could be ViiV enabled which subscribes to various kinds of channels from its content providers b.Many devices can in-turn subscribe to this master device and receive content and thus form a group c.When a device leaves the group, it loses access to all the downloaded content. Leaving the group could be determined by various mechanisms depending on context and available technology (location, network connectivity, etc.). Many universities and corporations allow access to their content as long as one is within their network. Once the user leaves the network, the user loses access to the content.

© Ravi Sandhu 18 Use-case 2 Access policies: II.1, III.2, II.re-enroll.1: Project out-sourcing: –A financial organization could recruit a software-consulting firm to provide software solutions. This forms a temporary group. –The incoming members (from the software firm) cannot access any past documents. These could be design documents that were created in collaboration with a different external organization. –When they finish the project and leave the group, they can continue to have access to the documents exchanged during their membership for future reference and to add to their profile. This is dependant on financial institutions policy.

© Ravi Sandhu 19 Use-case 3 Access policies: II.2, III.1, II.re-enroll.1: An employee in a company can access all the current documents. When he employee quits, he should lose access to all documents. DoD projects / contracts have a multi tiered structure. A member of a contracting company may be authorized to access certain set of documents only for the duration of the project – once the project is over, the contractors right to use the document is automatically voided. In a supply chain situation, there are lots of partners and suppliers who will send quotes for a given proposal. They need to have access to the proposal and related content. But once the quote/response is submitted, their membership context for that particular or group of proposals ceases and they shouldnt have access to any of the older content that they had access to.

© Ravi Sandhu 20 Use-case 4 Access policies: II.2, III.2, II.re-enroll.1: Collaborative product development: –In the case of several automobile models, there are product twins – models from the same company that resemble each other, except for the division's brand name and price tag. –In such instances, there could be either a loose collaboration (e.g. shared design team, parts ordering/manufacturing but different factories) or a tight collaboration (e.g. joint manufacturing of two different models). –In either case, the members from different parties join hands and share documents actively. –They will need access to both old documents and current documents. Even after the collaboration period, they will need access to the old documents for further refinement and production.

© Ravi Sandhu 21 Various states of an object (document) in a group Initial state: Never been a group doc State I Currently a group doc State II Past group doc State III addremove add

© Ravi Sandhu 22 Access policies for State I Initial state: Never been a group doc State I Currently a group doc State II Past group doc State III addremove 1. Straight-forward. No access to group members. add

© Ravi Sandhu 23 Access policies for State II Initial state: Never been a group doc State I Currently a group doc State II Past group doc State III addremove 1. Access allowed only to current group members 2. Access allowed to current and past group members add

© Ravi Sandhu 24 Access policies for State III Initial state: Never been a group doc State I Currently a group doc State II Past group doc State III addremove 1. No one can access 2. Any one can access 3. Past members can access add

© Ravi Sandhu 25 Access policies for State II.re-add Initial state: Never been a group doc State I Currently a group doc State II Past group doc State III addremove 1. Cannot be re-added. 2.When a document is re-added, it will be treated as a new document that is added into the group. 3.Only current members can access. 4.Past members and current members can access add

© Ravi Sandhu 26 Policy Models Idealized policy: Instant revocation Pre-emptive revocation Enforcement models will specify degree of approximation (among other details)

© Ravi Sandhu 27 Policy Models Group membership control Group-admins enroll and dis-enroll members Group-admins add/remove documents. For concreteness we assume specific group-level policies Members cannot access documents created prior to joining Past-members can access documents created during (most recent) membership Past documents cannot be accessed by anybody Documents cannot be re-added The PEI models have specific points where such policies are enforced and remain robust to changes in policy details

© Ravi Sandhu 28 Usage Control: The UCON Model unified model integrating authorization obligation conditions and incorporating continuity of decisions mutability of attributes

© Ravi Sandhu 29 UCON Policy Model Operations that we need to model: Document read by a member. Adding/removing a member to/from the group Adding/removing a document to/from the group Member attributes Member: boolean TS-join: join time TS-leave: leave time Document attributes D-Member: boolean D-TS-join: join time D-TS-leave: leave time

© Ravi Sandhu 30 Policy model: member enroll/dis-enroll Initial state: Never been a member State I Currently a member State II Past member State III enrolldis- enroll member TS-join TS-leave null True time of join null enroll False time of join time of leave dis-enroll enroll enroll, dis-enroll: authorized to Group-Admins UCON elements: Pre-Authorization, attribute predicates, attribute mutability enroll

© Ravi Sandhu 31 Policy model: document add/remove Initial state: Never been a group doc State I Currently a group doc State II Past group doc State III add remove D-member D-TS-join D-TS-leave null True time of join null add False time of join time of leave remove add, remove : authorized to Group-Admins add UCON elements: Pre-Authorization, attribute predicates, attribute mutability add

© Ravi Sandhu 32 Policy model: document read (S,O,read) Pre-authorization check member(S) null AND D-member(O) null AND TS-join(S) null AND D-TS-join(O) null AND –TS-leave(S) = null AND TS-join(S) D-TS-join(O) OR –TS-leave(S) null AND TS-join(S) D-TS-join(O) TS-leave(O) Ongoing-authorization check: terminate if D-TS-leave(O) null Details depend on details of group-level policy UCON elements: Pre-Authorization, attribute predicates, attribute mutability Ongoing-authorization

© Ravi Sandhu 33 PEI Models Framework

© Ravi Sandhu 34 Enforcement Models Design Principle Do not inject new policy Focus on trade-offs for instant and pre-emptive revocation versus off-line access Faithful Enforcement w/o Off-line Access (Faithful Model): We need continuous online touch (at start of every access and during access) Continuous on-line touch can only be approximated Usage-limited Off-line Access (Approximate Model): We need online touch periodically after some duration (at start of every access and during access) –Duration between online touches can be based on time, but time is not practical for TPM-based TC –Duration between online touches can be based on usage count, which is practical for TPM-based TC

© Ravi Sandhu 35 Enforcement Architecture Group-AdminMember Joining Member Control Center (CC) 7 Faithful Model: steps 3 and 4 are coupled Approximate Model: steps 3 and 4 are de-coupled D-Member 6 Member enroll and dis-enroll (steps 1-2, 5) Document add and remove (step 6, 7) Read policy enforcement (step 3) Attribute update (step 4) Two sets of attributes Authoritative: as known to the CC Local: as known on a members computer

© Ravi Sandhu 36 UCON Enforcement Models Member attributes Member-a, Member-l: boolean TS-join-a, TS-join-l: join time TS-leave-a, TS-leave-l: leave time Document attributes D-Member-a, D-Member-l: boolean D-TS-join-a, D-TS-join-l: join time D-TS-leave-a, D-TS-leave-l: leave time Additional Member attributes for Approximate model: refresh_count: decremented on every access refresh_count_reset: refresh_count is reset to this value when it hits 0

© Ravi Sandhu 37 Faithful model highlights enroll a member: two steps Step 1: Group-admin issues enrollment token to Joining Member Step 2: Joining Member presents token to CC and receives group membership credential –Group key (symmetric key) –Local attribute values dis-enroll a member Updates authoritative attributes at CC Takes effect on local attributes at next update add a document Updates authoritative attributes at CC remove a document Updates authoritative attributes at CC Propagated to clients as DRLs (Document Revocation List)

© Ravi Sandhu 38 Faithful model highlights: (S,O,read) Pre-Obligation Local attributes of S and O are updated based on authoritative values from CC Local DRL updated from authoritative DRL at CC Pre-Condition Requires connectivity to enable updates Pre-Authorization Based on just updated local attributes of S and O and DRL Ongoing-Obligation Local attributes of S and O continuously updated based on authoritative values from CC Local DRL continuously updated from authoritative DRL at CC Ongoing-Condition Requires connectivity to enable updates Ongoing-Authorization Based on continuously updated local attributes of S and O and DRL UCON elements: Requires full power of UCON

© Ravi Sandhu 39 Approximate model highlights enroll a member: two steps Step 1: Group-admin issues enrollment token to Joining Member Step 2: Joining Member presents token to CC and receives group membership credential –Group key (symmetric key) –Local attribute values dis-enroll a member Updates authoritative attributes at CC Takes effect on local attributes at next update add a document Updates authoritative attributes at CC remove a document Updates authoritative attributes at CC Propagated to clients as DRLs (Document Revocation List) Different from Faithful model

© Ravi Sandhu 40 Approximate model highlights: (S,O,read) Pre-Obligation Local attributes of S and O are periodically updated based on authoritative values from CC Pre-Condition Requires connectivity to enable updates when required Pre-Authorization Based on just updated local attributes of S and O Ongoing-Obligation Local attributes of S and O are continuously periodically updated based on authoritative values from CC Ongoing-Condition Requires connectivity to enable updates when required Ongoing-Authorization Based on continuously periodically updated local attributes of S and O UCON elements: Requires full power of UCON

© Ravi Sandhu 41 PEI Models Framework Out of scope for this talk

© Ravi Sandhu 42 Conclusion Information sharing is an important security problem and a potential growth area Trusted computing is a good fit for solving some sweet spots in this space The PEI models framework is useful in closing the policy-implementation gap UCON is a useful framework for stating policy and enforcement models

© Ravi Sandhu 43 Q&A Secure Information Sharing (IS) Share but Protect Mother of all Security Problems Trusted Computing (TC) Policy-Enforcement- Implementation Layers (PEI) & Usage Control Models (UCON) Work in Progress