RESEARCH POSTER WIN AT UK INFORMATION ASSURANCE CONFERENCE

October 2014

We have won the award for the best research poster at this year’s Annual Symposium of the UK Information Assurance Advisory Council (IAAC). The poster showed how a future Information Based Security paradigm could be applied and also recommended activities to enable the realisation of it.

The poster is a summary of a scoping study report from a cross-sector research project that Nexor is a partner in. CSIIS was established by the Defence Science and Technology Laboratory (Dstl) on behalf of the UK Ministry of Defence.

A consortium led by QinetiQ, called Sirius, that comprises over 40 organisations provides the experience and research capability for CSIIS. The selected Sirius members who worked collaboratively on this particular research project were Airbus Defence and Space, BAES, HW Comms, Nexor, QinetiQ and Thales.

The research considered how currently, when sharing information between secure systems, security is currently implemented on a system by system basis.

This is partially within the system and partially at the boundary of the system. Modern working environments include devices that do not belong to the organisation (so called Bring Your Own Device – BYOD); application servers that are outside the organisation’s control (the cloud); and the need to directly access partner systems (coalition interoperability).

Existing boundary controls, while the best on offer today, are limited in this scenario. Although they are effective in what they do, they provide a very coarse level of access control with security properties that are managed at the system level.

With today’s systems a much finer grain approach is needed with security managed at the information object level, as defined by the information owner, not the system owner.

A copy of the poster showing the current scenario and the proposed solution is available on the IAAC website.

You can also find out more about Nexor’s involvement in CSIIS by reading this case study.