You are here


Content-based Information Protection and Release (CPR) is a tool for the analysis and enforcement of access control policies in NATO operations. 

The successful operation of NATO missions requires selective and secure sharing of information among coalition partners and external organizations, while avoiding the disclosure of sensitive information to untrusted users. To resolve the conflct between condentiality and availability, NATO is developing a new information sharing infrastructure, called Content-based Protection and Release.  CPR is the tool at the core of the NATO information infrastructure that takes in input an access control policy, performs some secuirty analysis checks (that range from answering certain authorization queries to checking if a certain security constraints is a consequence of the policies to subsumption checks between two policies), and then translates it to XACML so that (an extensions of) the available implementations of XACML architectures can enforce the policy.

Relevant papers

  1. A. Armando, S. Oudkerk, S. Ranise, K. Wrona, "Formal Modeling of Content-based Protection and Release for Access Control in NATO Operation", In FPS'13: Proceedings of the 6th International Symposium on Foundations and Practice of Security, Springer LNCS vol. 8352, pp. 227-244, 2014.
  2. A. Armando, M. Grasso, S. Oudkerk, S. Ranise, K. Wrona, "Content-based information protection and release in NATO operations", In SACMAT '13: Proceedings of the 18th ACM symposium on Access control models and technologies, ACM, New York, NY, USA, pp. 261-264, 2013.