Information Centric Security STTR

The need exists for a technology that creates an "information-centric" security architecture that augments the current "network-centric" security posture moving protection to what is really important, the INFORMATION. The purpose of this project is to: (1) develop a prototype that will achieve persistent role-based access control of an information object resident on a LAN within a protected environment that demonstrates data separability within the automated information system; (2) collect data concerning the performance and scalability of the prototype for sensitive but unclassified data; and (3) investigate the feasibility of moving the prototype model into firmware. The Info-Ops/University of Illinois NCSA team has been working on (1) conceptual design of a "key derivation engine" function based on incorporating ANSI X9.69 concepts with PKI methodologies that supports cross-domain information sharing with the capability of providing persistent access control on the data object in both a network-centric environment while sustaining the capability for a deployed tactical client-only environment; (2) defining specifications (i.e., open API) for header information supporting cross domain information sharing requirements; (3) developing a hierarchical administrative structure that is scalable and supports key management/distribution across multiple domains (communities of interest); and (4) determining the scaling factors of the conceptual model.