CERCS Technical Reports

GIT-CERCS-10-08

Network-centric Access Control: Models and Techniques

In both commercial and defense sectors a compelling need is emerging for rapid, yet secure, dissemination of information to the concerned actors. Traditional approaches to information sharing (such as Multi-Level Security (MLS)) adopted a {\em node-centric} model wherein each user (social subjects) and each object (information object) is treated in isolation (e.g., using clearance levels for subjects and sensitivity levels for objects in MLS). Over the last two decades information sharing models have been enriched to partially account for relationships between subjects (e.g., Role-based Access Control (RBAC)), relationships between objects (e.g., Chinese-wall model), and relationships between subjects and objects (e.g., Separation of Duty (SoD) constraints). In this paper, we present a novel {\em network-centric} access control paradigm that explicitly accounts for network-effects in information flows, and yet offers scalable and flexible risk estimation regarding access control decisions. The goal of this paper is not to prescribe a risk-model for information flows; instead we enable a class of risk-models by developing scalable algorithms to estimate {\em prior} and {\em posterior} information flow likelihood using the structure of social and information networks. For instance, our network-centric access control model answers questions of the form: Does subject $s$ already have access (via her social network) to object $o$? If subject $s$ is given access to object $o$, what is the likelihood that subject $s'$ learns object $o'$ (where the subjects $s$ and $s'$ are related via the social network and the objects $o$ and $o'$ are related via the information network)? This paper makes three contributions. First, we show that several state-of-the-art access control models can be encoded using a network-centric access control paradigm, typically by encoding relationships as network edges (subject-subject, object-object and subject-object). Second, we present a suite of composable operators over social and information networks that enable scalable risk estimation for information flows. Third, we evaluate our solutions using the IBM SmallBlue dataset that was collected over a span of one year from an enterprise social network of size over 40,000.