Content-based Information Protection and Release (CPR) is a tool for the analysis and enforcement of access control policies in NATO operations.
The successful operation of NATO missions requires selective and secure sharing of information among coalition partners and external organizations, while avoiding the disclosure of sensitive information to untrusted users. To resolve the conflct between condentiality and availability, NATO is developing a new information sharing infrastructure, called Content-based Protection and Release. CPR is the tool at the core of the NATO information infrastructure that takes in input an access control policy, performs some secuirty analysis checks (that range from answering certain authorization queries to checking if a certain security constraints is a consequence of the policies to subsumption checks between two policies), and then translates it to XACML so that (an extensions of) the available implementations of XACML architectures can enforce the policy.
Related Publications
-
Alessandro Armando, Matteo Grasso, Sander Oudkerk, Silvio Ranise, Konrad Wrona
Content-based information protection and release in NATO operations
In: 18th ACM Symposium on Access Control Models and Technologies (SACMAT 2013) (DOI) -
Alessandro Armando, Sander Oudkerk, Silvio Ranise, Konrad Wrona
Formal Modelling of Content-Based Protection and Release for Access Control in NATO Operations
In: International Symposium on Foundations and Practice of Security (FPS 2013) (DOI, news)