AN INFORMATION BASED SECURITY MODEL

The Defence Science and Technology Laboratory (Dstl)

The ways we create, store and share information are changing. New ways of keeping this information secure are needed if we want to continue working efficiently in a more open environment.

Currently, when sharing information between secure systems, security is implemented on a system by system basis, partially within the system and partially at the boundary of the system.

Existing boundary controls, whilst the best on offer today, are limited in this scenario. Although they are effective in what they do, they provide a very coarse level of access control with security properties that are managed at the system level.

A much finer grain approach is needed with security managed at the information object level, as defined by the information owner, not the system owner.

An approach to information sharing that matches a modern organisation’s needs for flexibility, security and the ability to respond quickly is essential.

Without it, organisations cannot operate at maximum efficiency, with their effectiveness or security – or both – being compromised.

This case study looks at how we took part in a research project that was awarded Best Research Poster at the Annual Symposium of the UK Information Assurance Advisory Council (IAAC).

© CSIIS 2014 – original poster at http://nxr.co/IAACposter