Annual Conference of ITA ACITA 2009

1. B-Splines and Weak Homomorphism Value Arithmetic State of the art Metadata Calculus Metadata Size Vs Tightness B-Splines Secure Information Flow Operation encounters situation where information within data X,Y may be very useful • Strong homomorphism • Impossible to achieve strong homomorphism without incurring metadata expansion • Optimal expansion rate depends on decay function • Linear and exponential decay function • x = y1 + y2 => |x| = |y1| + |y2| • |x|: size of metadata vector x • x = y1 + y2 + …+ yn => |x| ~ 2n-1 * |yi| • Optimal metadata expansion rate is exponential • Weak homomorphism • x = y1 + y2 => Гx ≥ Гy1 + Гy2 • x = a.y1  Гx = a * Гy1 • Weak homomorphism results in conservative value estimation • Constructively show that one can achieve weak homomorphism without metadata expansion • Trade off tightness of value estimates with metadata size using B-splines • Overtly conservative security calculus • x = g(y1, y2, …, yn) • label(x) = Max(label(y1), label(y2), …, label(yn)) • Does not consider downgrading transforms • Monotonicity problem: eventually most derived objects are labeled top secret • => most legitimate accesses are denied (or delayed due to manual intervention) • “MLS has a tendency to inhibit legitimate information flows” [MITRE06] • Strict obligation enforcement across domains is infeasible • Cannot mediate access to information once it leaves the domain • Digital Rights Management (DRM) is a hard problem! • Tracking provenance across semantic transform(s) • Value arithmetic • Info loss and gain (entropy based metrics) • x = f(y1, y2, …, yn) • x = g(y1, y2, …, yn) • g is homomorphic to f: preserves info downgrade and fusion semantics • Empirical Value Computation • Γx(t) = ∑ Γyi(t) * 2-(I(yi|x,B)-I(x|yi)) • yi = {y1, …, yi-1, yi+1, …, yn) • B: background/public knowledge • Self information I(y|x): minimum number of information bits required to learn y given x • Notation • Object x • Metadata vector xЄ M (vector space) • Value function Г: M  (F  F) • x = (10, 2) • Гx = 10-2*t; Гx = 10*e-2*t • Г maps metadata vector to a time decaying value function • Assumptions • 0 ≤ Гx < ∞, for all t • Object x is contained in object y => Гx ≤ Гy, for all t • Гx is continuous and differentiable in t and ∂Гx/∂t ≤ 0, for all t • Removing a control point does not violate weak homomorphism • Algebraic result: convex hull CP-p > CP • CP > Гx ^ S(P-p) > CP-p => S(P-p) > Гx • Note: S(P-p) may not completely dominate S(P) • Minimum curvature heuristics • Remove a control point pi such that |π-θ| is minimum, where θ is angle pi-1pipi+1 • Operators +: M x M -> M and .: F x M -> M • Strong homomorphism • x = y1 + y2  Гx = Гy1 + Гy2 • x = a.y1  Гx = a * Гy1 • Properties • Commutative: y1 + y2 = y2 + y1 • Associative: (y1 + y2) + y3 = y1 + (y2 + y3) • Distributive + in M: a.(y1 + y2) = a.y1 + a.y2 • Distributive . in M: a.(b.y1) = (a*b).y1 • Distributed + in F: (a + b).y1 = a.y1 + b.y1 • Zero Vector 0: 0 + y1 = y1 • Scalar 1: 1.y1 = y1 • Deducing output metadata • x = f(y1, y2, …, yn) • Γx(t) = ∑ Γyi(t) * 2-(I(yi|x,B)-I(x|yi)) • x = ∑yi . 2-(I(yi|x,B)-I(x|yi)) • How to use B-splines? • Slow-decreasing value functions • f is decreasing • Derivative of f is non-decreasing • Linear and exponential decay functions are slow-decreasing • Basic algebraic result • One can always construct a convex hull dominating slow decreasing functions • Construct a B-spline over the control points of the convex hull • Weak homomorphism follows from strong convex hull property • Spline > convex hull > value function • Detailed proofs in paper • MLS-like access control • Label information with sensitivity level (e.g.: unclassified, classified, secret and top secret) • Entities have security clearance level • Clearance level ≥ sensitivity level ? • Static security labels and entity credentials • Fails to consider dynamic security attributes such as time sensitivity of tactical information • In a tactical mission entity credentials (e.g.: trust, allegiance, need-to-know, etc) and strategies may dynamically evolve • Rigid access control • Boolean 0/1 access control decision • Does not adequately capture risk due to information sharing • Does not support expressive reasoning: Why is an object not sharable? What form of the object may be shareable? • Spline • Parametric curve defined by piece wise polynomials over a finite set of control points {pi}: S(p1, p2, …, pn) • B-Spline (basis spline) • Spline with minimal support (most compact) • Applications in computer graphics – smoothing • We use a special kind of B-spline clamped uniform cubic B-spline • Strong convex hull property of B-splines • B-Spline is guaranteed to be contained within the convex hull of its control poly-line • Homomorphic + and . operators on B-splines • S(p11, p21, …, pn1) + S(p12, p22, …, pn2) = S(p11 + p12, p21 + p22, …, pn1 + pn2) • a . S(p1, p2, …, pn) = S(a*p1, a*p2, …, a*pn) • Need for information flows across traditional organizational boundaries • Military Coalitions • Multiple countries and multiple teams (special forces Vs search & rescue) • Share tactical intelligence and reconnaissance information • Business-to-Government • SEC: securities and exchange commission • EDGAR: Electronic Data Gathering, Analysis, and Retrieval system • XBRL: eXtensible Business Reporting Language • Business-to-Business • Collaborations (e.g.: Supply Chain Management) • Web services (e.g.: mash up) FLOW Data X COLLABORATION Annual Conference of ITA ACITA 2009 Data Y • Risk of (not) sharing information • Risk of unauthorized information disclosure (e.g.: leak secrets, mission failure, etc) • Risk of not sharing information (e.g.: mission failure, loss of life, loss in business, etc) • Risk is inevitable: How to systematically manage risk? • How to quantify risk? • Value of object * Probability of leakage? • How to enable risk-based information sharing? • How to control overall risk? A Metadata Algebra for Sharing Tactical Information Support dynamic attributes, information downgrade and fusion Mudhakar Srivatsa†, Dakshi Agrawal† and Steffen Reidt‡ IBM T. J. Watson Research Center† Royal Holloway, University of London‡ Rigid; overtly conservative; and fails to adequately capture dynamic security attributes arising in tactical missions Delivering right information to the right person at the right time Support automated deduction of output object metadata • Future Work • Background information and uncertainty: domain-specific models with P7 • Disinformation: extend using belief calculus (e.g., Dempster-Shafer) • Bootstrapping: deducing the value of human authored documents – open problem in NLP Metadata calculus enables scalable solutions for deducing security metadata Enrich security metadata and calculus to meet new requirements