By Topic

Towards Secure Information Sharing models for community Cyber Security

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Ravi Sandhu ; Dept. of Computer Science, Institute for Cyber Security, University of Texas at San Antonio, USA ; Ram Krishnan ; Gregory B. White

In this paper, we motivate the need for new models for Secure Information Sharing (SIS) in the specific domain of community cyber security. We believe that similar models will be applicable in numerous other domains. The term community in this context refers to a county or larger city size unit with a clearly demarcated geographical boundary aligned more or less with a governance boundary. Our choice of the community domain is based on the decade long experience of the Center for Infrastructure Assurance and Security (CIAS), now part of the Institute for Cyber Security (ICS-CIAS) at the University of Texas at San Antonio. Over the past decade ICS-CIAS has conducted cyber security preparedness exercises and training at communities throughout the nation specifically dealing with communication, incident response, disaster recovery, business continuity, security awareness and similar issues. We discuss the insights gained from these frequent exercises to illustrate the limitations of prior models for SIS, such as discretionary access control, mandatory access control and role-based access control. Specifically, we argue that these traditional models, while effective in addressing the issues that they were developed for, lack the agility to dynamically configure a system to facilitate SIS scenarios such as monitoring and response during a community cyber security incident life cycle. We discuss how our current research efforts at the Institute for Cyber Security on group-centric SIS models directly address the limitations of existing models in such scenarios.

Published in:

Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2010 6th International Conference on

Date of Conference:

9-12 Oct. 2010