Explore the concept of Granularity Based Flow Control (GBFC) and the challenges it brings in managing information flow and security. Learn about granular computing, security models, flow control limitations, and more in this comprehensive discussion.
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
Outline Introduction Information flow control Security models and Flow control (challenges and limits) Granular computing Granularity Based Flow Control (the model) Advantages of the GBFC model Implementation example Conclusion
Introduction What was my address and phone number in 1997? Hard to recall without mistakes! Found it on a website that also provided more recent addresses, my age, my email, some possible relatives and other private information ! How did that site get my information? . Scary!! The apps on a mobile phone may have access to much more confidential data and are connected to the Internet all time
Information flow control challenges Fact: Too much Information changing frequently Challenge for : Security Policy management Fact: Too many security domains Challenge : Information tracking Fact: Too many objects and forms of flow Challenge : Real time flow control Fact: Too much changing technologies Challenge : Upgrading and End to end security Fact: Too many recipients Challenge : Information usage control
Security models and Flow control (the limits) Too permissive of the flow Permit undesirable flows that compromise confidentiality Too restrictive of the flow Prevent legitimate flow causing a problem of information availability Flow = Access Consider access control mechanisms sufficient for flow control Manage security through securing subjects and objects Secure data based on a secondary component rather than securing data itself.
Granular computing Introduced in : 1997 Fundamental components : Granules Forms of granules : subsets, classes, objects, clusters, and elements of a domain or universe Example of granules : For an image file : forms, textures, pixels, etc. For a text document : Paragraphs, Sentences or Words Implementation : Database management systems
Granularity Based Flow Control (the model) Goal : Enforce flow control and prevent information leakage Core Component : Access Control Engine (ACE) Base Implementation criteria : Granularity (Granularity Level ) Flow restriction (VFA, Refresh rate) Availability (References and Noise)
Granularity Based Flow Control (the model) Granularity criteria: Security managed through the granular classification of document components (words, sentences, paragraphs etc.) Implementation : Granularity LevelT . T is set to different values for each component of the document depending on its level of classification.
Granularity Based Flow Control (the model) Flow restriction criteria : Intended to limit or prevent information flow from authorized to non-authorized subjects. Most efficient flow control is obviously not having a flow at all Implementation : Refresh RateT . T establishes the criteria and/or the frequency applied to redraw references to classified information granules within the document.
Granularity Based Flow Control (the model) Availability criteria : Logical availability on a physical support accessible by a subject. Unavailable information is inaccessible information. Implementation : Availability RateT and Noise levelT T level of availability of granules within the document, based on the nature of the data to be replaced by references (nouns, verbs, dates, etc. ...) and on the classification level threshold to consider (S or TS ). T level of noise injection applied to the document to replace the classified unavailable information granules.
Granularity Based Flow Control (the model) Lowest Highest Examples Level of security T Document Word Word, sentence Data Type All Available None Nouns, Verbs, Dates T Classification Unclassified Top Secret (TS), (S), (C), (U) Update, Infection, system failure Event based None Maximum T Frequency Never High Monthly, daily, data types in T (Nouns, Verbs, ) T No Noise Max noise
Granularity Based Flow Control (the model) Examples: T =Word T =((Nouns, Verbs), TS) T =(Update, Infection) T =(None) T =Word T =((Nouns, Verbs, Dates), S) T =(Update, Monthly) T =(All)
Granularity Based Flow Control (the model) 1. begin 2. V:=AuthorizeAccess(S, Inf) 3. if V=False then 4. accessDenied() 5. else 6. initializeInformation(Inf) 7. load T ,T , T , T 8. while(not EOF) 9. foreach gri Inf 10. if (gri.attr classified and gri.attr <= S.attr) then 11. addRef (VFA, gri.ref) 12. updateVFA() 13. else if (gri.attr classified and gri.attr > S.attr) then 14. addRef (VFA, noise.ref) 15. updateVFA() 16. else 17. addIndex (FA, gri.idex) 18. updateFA() 19. end if 20. end for 21. buildVFA() 22. buildFA() 23. refreshRef(T , T ,T ) 24. regranulate(Inf, T ) 25. end while 26. end if 27. end GBFC Algorithm Proceedings : 33023000S136.pdf Page 5.
Advantages of the GBFC model Adaptability: Lowest Document Highest Word Examples Level of security T Word, sentence Data Type All Available None Nouns, Verbs, Dates T Classification Unclassified Top Secret (TS), (S), (C), (U) Update, Infection, system failure Monthly, daily, data types in T (Nouns, Verbs, ) Event based None Maximum T Frequency Never High T No Noise Max noise Flexible and maneuverable multi-criteria environment for optimal control of information flow.
Advantages of the GBFC model Access restriction and replications: Efficient granularity based classification Mechanism; Enforcing availability without compromising confidentiality; One information different views!
Advantages of the GBFC model Access restriction and replications: One information different views! View Based Access Control (redefined) The mirror = The ACE Virtual image (information) viewed through the mirror depends on : the actions on the mirror, and the status of the window (open, closed or semi-open).
Advantages of the GBFC model Total control: Centralized access model Permanent systems administrators full access control. Automatic isolation of classified information during security alerts (external attacks, malicious infections, imminent risk due to voluntary or involuntary leakage of data, etc.). Quick recovery after the restoration of the secure state.
Advantages of the GBFC model Loss of data: Loss of material is the leading cause of information leakage according to studies in the U.S., Europe and Asia. Source : McAfee, InfoWatch, DataLossDB GBFC offers : Centralized architecture for classified information; Classified elements protection through references to data; Traceability of lost information; Completely user-transparent framework.
Advantages of the GBFC model Implementation and compatibility: Platform independent security system Flexibility and adaptation to security environments. Effective in heterogeneous security environments or in extended networks (Internet , Cloud Computing ..) Implement s flow control for security models that don t implicitly enforce it. ACCESS CONTROL ENGINE AUTHORIZATION LEVEL IDENTIFICATION AUTHENTICATION LEVEL
Advantages of the GBFC model Noise injection: (TS) Every individual in a command center responsible for the preparation of emergency action must be familiar with the procedures in the EAP (/TS). (U) Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task (/U). (S) These individuals and programs are subject to review by the OJCS (/S). Every aspect in a database solution responsible for the system of agent toolkit integrates call familiar with the languages in the GUI. Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task. These networks and algorithms draw concept to function by the EBML.
Implementation (U) Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task (/U). (S) These individuals and programs are subject to review by the OJCS (/S). T =Word T = ((Nouns, Verbs, Abbreviations, Dates), S) T =(Update, Monthly) T =(Nouns, Verbs, Abbreviations) Form of data received by an authorized user Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task. These 2F08A829 and 2355EA66 2435F450 3D502CE9 to 324AF563 by the 25466F31.
Implementation (U) Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task (/U). (S) These individuals and programs are subject to review by the OJCS (/S). T =Word T = ((Nouns, Verbs, Abbreviations, Dates), S) T =(Update, Monthly) T =(Nouns, Verbs, Abbreviations) Real data received by a non-authorized user Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task. These networks and algorithms draw concept to function by the EBML.
Conclusion and future work The achievement : Text based GBFC model The next step : Mathematical model The goal : Generalized model (images and other media) The implementation : Demonstration prototype
