SlideShare a Scribd company logo

Toward Sensitive Information Redaction in Collaborative Environments

P
Peter Gehres

The document discusses developing a wiki that allows sensitive information to be shared across classification levels while redacting information appropriately for each user's clearance. It proposes SecureWiki, which would store article content separately and replace sensitive text with tokens during rendering. This would allow a single consolidated view while obscuring details users are not cleared to see. The approach aims to enable improved collaboration in environments like government, healthcare, and corporations that involve multilevel security.

Self ImprovementTechnology
1 of 33
Download to read offline
Toward Sensitive Information Redaction in a Collaborative, Multilevel Security Environment Peter Gehres, Nathan Singleton, George Louthan, John Hale WikiSym 2010, Gdansk, Poland, July 8, 2010 Computer Science / www.isec.utulsa.edu
Overview •  Background •  Related Work •  Motivation •  SecureWiki •  Challenges •  Potential Environments •  Acknowledgments Computer Science / www.isec.utulsa.edu
Background •  Multilevel Security (MLS) –  Traditional military security model –  Each object is described by •  Sensitivity level (unclassified, confidential, secret, top secret) •  Compartments (e.g nuclear, europe, missle defense) •  Bell-La Padula –  Based on the MLS model –  Read Down –  Write Up Computer Science / www.isec.utulsa.edu
Background, cont. •  Text Redaction –  Tradtional redaction •  Black out using a marker •  Cut out using scissors –  Digital techniques •  Remove the underlying data •  Challenges: –  Metadata –  Incomplete redaction An example of traditional redaction Computer Science / www.isec.utulsa.edu
Related Work •  Intellipedia –  Based on MediaWiki –  Three distinct wikis for unclassified, confidential and secret on separate physical networks –  Problem: Many places to go for information on a single subject Computer Science / www.isec.utulsa.edu
Related Work •  Tearline Wiki –  Aggregates multiple wikis with "tear lines" between the classifications –  Problems •  Information is still segregated •  Still in testing at the NSA •  Proprietary technology From Galois Brief, “Tearline Wiki: Information collaboration across security domains” Computer Science / www.isec.utulsa.edu
Motivations •  To promote information sharing in sensitive environments –  Government –  Healthcare –  Corporate Intellectual Property •  To combine all information about a subject into a single, consolidated view by increasing granularity Computer Science / www.isec.utulsa.edu
SecureWiki - Architecture •  Store all article markup in separate data store •  Generate keys to indicate redacted text in markup •  Store keys in key store and generate tokens used to replace markup in page (mapped to a key by the key store) •  Replace tokens with markup during render of page (after checking authentication) Computer Science / www.isec.utulsa.edu
SecureWiki Architecture Diagram Computer Science / www.isec.utulsa.edu
SecureWiki - Example Excerpt from http://en.wikipedia.org/wiki/KFC Computer Science / www.isec.utulsa.edu
Initial Page Request SECRET Computer Science / www.isec.utulsa.edu
Initial Page Request SECRET Computer Science / www.isec.utulsa.edu
The “Unclassified” Recipe Computer Science / www.isec.utulsa.edu
Wiki Markup [snip] In 1983, writer [[William Poundstone]] examined the recipe in his book ''[[Big Secrets]]''. He reviewed Sanders' [[patent]] application, and advertised in college newspapers for present or former employees willing to share their knowledge. From the former he deduced that Sanders had diverged from other common fried-chicken recipes by varying the amount of oil used with the amount of chicken being cooked, and starting the cooking at a higher temperature (about {{convert|400|F|-1}}) for the first minute or so and then lowering it to {{convert|250|F|-1}} for the remainder of the cooking time. {redact 123} Following his buyout in 1964, Colonel Sanders himself expressed anger at such changes, saying: [snip] Computer Science / www.isec.utulsa.edu
SecureWiki - Example SECRET Computer Science / www.isec.utulsa.edu
SecureWiki - Example SECRET Computer Science / www.isec.utulsa.edu
SecureWiki - Example SECRET abc Computer Science / www.isec.utulsa.edu
The “Confidential” Recipe Computer Science / www.isec.utulsa.edu
Wiki Markup [snip] {redact 456} On February 9, 2009, the secret recipe returned to KFC's Louisville headquarters in a more secure, computerized vault. In 1983, writer [[William Poundstone]] examined the recipe in his book ''[[Big Secrets]]''. He reviewed Sanders' [[patent]] application, and advertised in college newspapers for present or former employees willing to share their knowledge. From the former he deduced that Sanders had diverged from other common fried-chicken recipes by varying the amount of oil used with the amount of chicken being cooked, and starting the cooking at a higher temperature (about {{convert|400|F|-1}}) for the first minute or so and then lowering it to {{convert|250|F|-1}} for the remainder of the cooking time. Several of Poundstone's contacts also provided samples of the seasoning mix, and a food lab found that it consisted solely of [[sugar]], [[flour]], [[salt]], [[black pepper]] and [[monosodium glutamate]] (MSG). He concluded that it was entirely possible that, in the years since Sanders sold the chain, later owners had begun skimping on the recipe to save costs [snip] Computer Science / www.isec.utulsa.edu
SecureWiki - Example SECRET Computer Science / www.isec.utulsa.edu
SecureWiki - Example SECRET Computer Science / www.isec.utulsa.edu
SecureWiki - Example SECRET def Computer Science / www.isec.utulsa.edu
Wiki Markup [snip] Before the move, KFC disclosed the following details about the recipe and its security arrangements: * The recipe, which includes exact amounts of each component, is written in pencil on a single sheet of notebook paper and signed by Sanders. * The recipe was locked in a filing cabinet with two separate combination locks. The cabinet also included vials of each of the {redact 789} herbs and spices used. * Only two executives had access to the recipe at any one time. KFC refuses to disclose the names and titles of either executive * One of the two executives said that no one had come close to guessing the contents of the secret recipe, and added that the actual recipe would include some surprises. On February 9, 2009, the secret recipe returned to KFC's Louisville headquarters in a more secure, computerized vault. [snip] [snip] Computer Science / www.isec.utulsa.edu
SecureWiki - Example SECRET Computer Science / www.isec.utulsa.edu
SecureWiki - Example SECRET Computer Science / www.isec.utulsa.edu
SecureWiki - Example SECRET Computer Science / www.isec.utulsa.edu
Final Output – “Secret” Recipe Computer Science / www.isec.utulsa.edu
Challenges •  Metadata –  A page’s existence may be classified –  Data inference •  Verification of security controls –  Certification and accreditation •  Declassifying Information –  Bell-La Padula prohibits write-down •  Implementation –  Hooks into parser –  Saving data –  Revision History? Computer Science / www.isec.utulsa.edu
Potential Environments •  Military and government •  Medical research –  Collaboration in blind/double-blind studies –  Compliance with HIPPA PII/PHI requirements •  Corporations –  Chinese Wall implementation –  Inter-departmental segregation –  Inter-corporation collaboration Computer Science / www.isec.utulsa.edu
Conclusions •  Redaction in wikis is possible with high granularity for secure environments. •  SecureWiki integrates the information into a single view based on the user's access level. •  SecureWiki has potential not only in government but also corporate, healthcare and other environments. Computer Science / www.isec.utulsa.edu
Future Work •  Develop a proof of concept –  Determine the real challenges in implementation –  Expand the workflow of the system •  Determine the wiki framework (MediaWiki?) –  Ability to add our framework without modifying (too much) core code –  Access controls –  Known vulnerabilities Computer Science / www.isec.utulsa.edu
Acknowledgements •  Mr. Philippe Beaudette, Head of Reader Relations, Wikimedia Foundation •  Dr. Rose Gamble, Professor, The University of Tulsa •  This material is based on research sponsored by DARPA under agreement number FA8750-09-1-0208. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA or the U.S. Government. Computer Science / www.isec.utulsa.edu
Questions? Computer Science / www.isec.utulsa.edu

Recommended

Quantum Introduction
Quantum IntroductionQuantum Introduction
Quantum IntroductionQuantum
 
WellnessShield web presentation
WellnessShield web presentationWellnessShield web presentation
WellnessShield web presentationWellness Shield
 
Doc1
Doc1Doc1
Doc1gfffdf
 
Smart Cart By Cartour
Smart Cart By CartourSmart Cart By Cartour
Smart Cart By CartourBright Wang
 
Devry cis 560 week 2 case study 1 stuxnet new
Devry cis 560 week 2 case study 1 stuxnet newDevry cis 560 week 2 case study 1 stuxnet new
Devry cis 560 week 2 case study 1 stuxnet newmerlincarterr
 
Devry cis 560 week 2 case study 1 stuxnet new
Devry cis 560 week 2 case study 1 stuxnet newDevry cis 560 week 2 case study 1 stuxnet new
Devry cis 560 week 2 case study 1 stuxnet newFaarooqkhaann
 
Adoption of Cloud Computing in Scientific Research
Adoption of Cloud Computing in Scientific ResearchAdoption of Cloud Computing in Scientific Research
Adoption of Cloud Computing in Scientific ResearchYehia El-khatib
 
Intro to RDM
Intro to RDMIntro to RDM
Intro to RDMSarah Jones
 

Recommended

Quantum Introduction
Quantum IntroductionQuantum Introduction
Quantum IntroductionQuantum
 
WellnessShield web presentation
WellnessShield web presentationWellnessShield web presentation
WellnessShield web presentationWellness Shield
 
Doc1
Doc1Doc1
Doc1gfffdf
 
Smart Cart By Cartour
Smart Cart By CartourSmart Cart By Cartour
Smart Cart By CartourBright Wang
 
Devry cis 560 week 2 case study 1 stuxnet new
Devry cis 560 week 2 case study 1 stuxnet newDevry cis 560 week 2 case study 1 stuxnet new
Devry cis 560 week 2 case study 1 stuxnet newmerlincarterr
 
Devry cis 560 week 2 case study 1 stuxnet new
Devry cis 560 week 2 case study 1 stuxnet newDevry cis 560 week 2 case study 1 stuxnet new
Devry cis 560 week 2 case study 1 stuxnet newFaarooqkhaann
 
Adoption of Cloud Computing in Scientific Research
Adoption of Cloud Computing in Scientific ResearchAdoption of Cloud Computing in Scientific Research
Adoption of Cloud Computing in Scientific ResearchYehia El-khatib
 
Intro to RDM
Intro to RDMIntro to RDM
Intro to RDMSarah Jones
 
Data Storage Access and Security.pptx
Data Storage Access and Security.pptxData Storage Access and Security.pptx
Data Storage Access and Security.pptxAJAYVISHALRP
 
Vizi tech usa product presentation
Vizi tech usa product presentationVizi tech usa product presentation
Vizi tech usa product presentationjoeparlier
 
Utilising Cloud Computing for Research through Infrastructure, Software and D...
Utilising Cloud Computing for Research through Infrastructure, Software and D...Utilising Cloud Computing for Research through Infrastructure, Software and D...
Utilising Cloud Computing for Research through Infrastructure, Software and D...David Wallom
 
DatoConference2015
DatoConference2015DatoConference2015
DatoConference2015Debora Donato
 
Chem4Word Wade
Chem4Word WadeChem4Word Wade
Chem4Word WadeAlex Wade
 
ExLibris National Library Meeting @ IFLA-Helsinki - Aug 15th 2012
ExLibris National Library Meeting @ IFLA-Helsinki - Aug 15th 2012ExLibris National Library Meeting @ IFLA-Helsinki - Aug 15th 2012
ExLibris National Library Meeting @ IFLA-Helsinki - Aug 15th 2012Lee Dirks
 
ELIXIR
ELIXIRELIXIR
ELIXIRRafael C. Jimenez
 
Data Management for Undergraduate Researchers
Data Management for Undergraduate ResearchersData Management for Undergraduate Researchers
Data Management for Undergraduate ResearchersRebekah Cummings
 
DBpedia Tutorial - Feb 2015, Dublin
DBpedia Tutorial - Feb 2015, DublinDBpedia Tutorial - Feb 2015, Dublin
DBpedia Tutorial - Feb 2015, Dublinm_ackermann
 
Cookies
CookiesCookies
CookiesCreative Secondary School
 
Container Mythbusters
Container MythbustersContainer Mythbusters
Container Mythbustersinside-BigData.com
 
Big Data and the Future of Publishing
Big Data and the Future of PublishingBig Data and the Future of Publishing
Big Data and the Future of PublishingAnita de Waard
 
‘Just how (re)usable is Research Data? A legal perspective’ - A poster summar...
‘Just how (re)usable is Research Data? A legal perspective’ - A poster summar...‘Just how (re)usable is Research Data? A legal perspective’ - A poster summar...
‘Just how (re)usable is Research Data? A legal perspective’ - A poster summar...OpenAIRE
 
Development Has Moved On: Test data needs to catch up with containers
Development Has Moved On: Test data needs to catch up with containersDevelopment Has Moved On: Test data needs to catch up with containers
Development Has Moved On: Test data needs to catch up with containersCuriosity Software Ireland
 
Data 101 - An Introduction to Research Data Management
Data 101 - An Introduction to Research Data ManagementData 101 - An Introduction to Research Data Management
Data 101 - An Introduction to Research Data Managementlmfederer
 
Erau webinar-applied information technologies
Erau webinar-applied information technologiesErau webinar-applied information technologies
Erau webinar-applied information technologiesERAUWebinars
 
Oscon 2011 Practicing Open Science
Oscon 2011 Practicing Open ScienceOscon 2011 Practicing Open Science
Oscon 2011 Practicing Open ScienceMarcus Hanwell
 
Datat and donuts: how to write a data management plan
Datat and donuts: how to write a data management planDatat and donuts: how to write a data management plan
Datat and donuts: how to write a data management planC. Tobin Magle
 
San diego-supercomputing-sc17-user-group
San diego-supercomputing-sc17-user-groupSan diego-supercomputing-sc17-user-group
San diego-supercomputing-sc17-user-groupinside-BigData.com
 
Service and Support for Science IT -Peter Kunzst, University of Zurich
Service and Support for Science IT -Peter Kunzst, University of ZurichService and Support for Science IT -Peter Kunzst, University of Zurich
Service and Support for Science IT -Peter Kunzst, University of ZurichMind the Byte
 
E J Waggoner against Kellogg's Pantheism 8.pptx
E J Waggoner against Kellogg's Pantheism 8.pptxE J Waggoner against Kellogg's Pantheism 8.pptx
E J Waggoner against Kellogg's Pantheism 8.pptxJackieSparrow3
 
Module-2-Lesson-2-COMMUNICATION-AIDS-AND-STRATEGIES-USING-TOOLS-OF-TECHNOLOGY...
Module-2-Lesson-2-COMMUNICATION-AIDS-AND-STRATEGIES-USING-TOOLS-OF-TECHNOLOGY...Module-2-Lesson-2-COMMUNICATION-AIDS-AND-STRATEGIES-USING-TOOLS-OF-TECHNOLOGY...
Module-2-Lesson-2-COMMUNICATION-AIDS-AND-STRATEGIES-USING-TOOLS-OF-TECHNOLOGY...JeylaisaManabat1
 

More Related Content

Similar to Toward Sensitive Information Redaction in Collaborative Environments

Data Storage Access and Security.pptx
Data Storage Access and Security.pptxData Storage Access and Security.pptx
Data Storage Access and Security.pptxAJAYVISHALRP
 
Vizi tech usa product presentation
Vizi tech usa product presentationVizi tech usa product presentation
Vizi tech usa product presentationjoeparlier
 
Utilising Cloud Computing for Research through Infrastructure, Software and D...
Utilising Cloud Computing for Research through Infrastructure, Software and D...Utilising Cloud Computing for Research through Infrastructure, Software and D...
Utilising Cloud Computing for Research through Infrastructure, Software and D...David Wallom
 
Chem4Word Wade
Chem4Word WadeChem4Word Wade
Chem4Word WadeAlex Wade
 
ExLibris National Library Meeting @ IFLA-Helsinki - Aug 15th 2012
ExLibris National Library Meeting @ IFLA-Helsinki - Aug 15th 2012ExLibris National Library Meeting @ IFLA-Helsinki - Aug 15th 2012
ExLibris National Library Meeting @ IFLA-Helsinki - Aug 15th 2012Lee Dirks
 
Data Management for Undergraduate Researchers
Data Management for Undergraduate ResearchersData Management for Undergraduate Researchers
Data Management for Undergraduate ResearchersRebekah Cummings
 
DBpedia Tutorial - Feb 2015, Dublin
DBpedia Tutorial - Feb 2015, DublinDBpedia Tutorial - Feb 2015, Dublin
DBpedia Tutorial - Feb 2015, Dublinm_ackermann
 
Big Data and the Future of Publishing
Big Data and the Future of PublishingBig Data and the Future of Publishing
Big Data and the Future of PublishingAnita de Waard
 
‘Just how (re)usable is Research Data? A legal perspective’ - A poster summar...
‘Just how (re)usable is Research Data? A legal perspective’ - A poster summar...‘Just how (re)usable is Research Data? A legal perspective’ - A poster summar...
‘Just how (re)usable is Research Data? A legal perspective’ - A poster summar...OpenAIRE
 
Development Has Moved On: Test data needs to catch up with containers
Development Has Moved On: Test data needs to catch up with containersDevelopment Has Moved On: Test data needs to catch up with containers
Development Has Moved On: Test data needs to catch up with containersCuriosity Software Ireland
 
Data 101 - An Introduction to Research Data Management
Data 101 - An Introduction to Research Data ManagementData 101 - An Introduction to Research Data Management
Data 101 - An Introduction to Research Data Managementlmfederer
 
Erau webinar-applied information technologies
Erau webinar-applied information technologiesErau webinar-applied information technologies
Erau webinar-applied information technologiesERAUWebinars
 
Oscon 2011 Practicing Open Science
Oscon 2011 Practicing Open ScienceOscon 2011 Practicing Open Science
Oscon 2011 Practicing Open ScienceMarcus Hanwell
 
Datat and donuts: how to write a data management plan
Datat and donuts: how to write a data management planDatat and donuts: how to write a data management plan
Datat and donuts: how to write a data management planC. Tobin Magle
 
San diego-supercomputing-sc17-user-group
San diego-supercomputing-sc17-user-groupSan diego-supercomputing-sc17-user-group
San diego-supercomputing-sc17-user-groupinside-BigData.com
 
Service and Support for Science IT -Peter Kunzst, University of Zurich
Service and Support for Science IT -Peter Kunzst, University of ZurichService and Support for Science IT -Peter Kunzst, University of Zurich
Service and Support for Science IT -Peter Kunzst, University of ZurichMind the Byte
 

Similar to Toward Sensitive Information Redaction in Collaborative Environments (20)

Data Storage Access and Security.pptx
Data Storage Access and Security.pptxData Storage Access and Security.pptx
Data Storage Access and Security.pptx
 
Vizi tech usa product presentation
Vizi tech usa product presentationVizi tech usa product presentation
Vizi tech usa product presentation
 
Utilising Cloud Computing for Research through Infrastructure, Software and D...
Utilising Cloud Computing for Research through Infrastructure, Software and D...Utilising Cloud Computing for Research through Infrastructure, Software and D...
Utilising Cloud Computing for Research through Infrastructure, Software and D...
 
DatoConference2015
DatoConference2015DatoConference2015
DatoConference2015
 
Chem4Word Wade
Chem4Word WadeChem4Word Wade
Chem4Word Wade
 
ExLibris National Library Meeting @ IFLA-Helsinki - Aug 15th 2012
ExLibris National Library Meeting @ IFLA-Helsinki - Aug 15th 2012ExLibris National Library Meeting @ IFLA-Helsinki - Aug 15th 2012
ExLibris National Library Meeting @ IFLA-Helsinki - Aug 15th 2012
 
ELIXIR
ELIXIRELIXIR
ELIXIR
 
Data Management for Undergraduate Researchers
Data Management for Undergraduate ResearchersData Management for Undergraduate Researchers
Data Management for Undergraduate Researchers
 
DBpedia Tutorial - Feb 2015, Dublin
DBpedia Tutorial - Feb 2015, DublinDBpedia Tutorial - Feb 2015, Dublin
DBpedia Tutorial - Feb 2015, Dublin
 
Cookies
CookiesCookies
Cookies
 
Container Mythbusters
Container MythbustersContainer Mythbusters
Container Mythbusters
 
Big Data and the Future of Publishing
Big Data and the Future of PublishingBig Data and the Future of Publishing
Big Data and the Future of Publishing
 
‘Just how (re)usable is Research Data? A legal perspective’ - A poster summar...
‘Just how (re)usable is Research Data? A legal perspective’ - A poster summar...‘Just how (re)usable is Research Data? A legal perspective’ - A poster summar...
‘Just how (re)usable is Research Data? A legal perspective’ - A poster summar...
 
Development Has Moved On: Test data needs to catch up with containers
Development Has Moved On: Test data needs to catch up with containersDevelopment Has Moved On: Test data needs to catch up with containers
Development Has Moved On: Test data needs to catch up with containers
 
Data 101 - An Introduction to Research Data Management
Data 101 - An Introduction to Research Data ManagementData 101 - An Introduction to Research Data Management
Data 101 - An Introduction to Research Data Management
 
Erau webinar-applied information technologies
Erau webinar-applied information technologiesErau webinar-applied information technologies
Erau webinar-applied information technologies
 
Oscon 2011 Practicing Open Science
Oscon 2011 Practicing Open ScienceOscon 2011 Practicing Open Science
Oscon 2011 Practicing Open Science
 
Datat and donuts: how to write a data management plan
Datat and donuts: how to write a data management planDatat and donuts: how to write a data management plan
Datat and donuts: how to write a data management plan
 
San diego-supercomputing-sc17-user-group
San diego-supercomputing-sc17-user-groupSan diego-supercomputing-sc17-user-group
San diego-supercomputing-sc17-user-group
 
Service and Support for Science IT -Peter Kunzst, University of Zurich
Service and Support for Science IT -Peter Kunzst, University of ZurichService and Support for Science IT -Peter Kunzst, University of Zurich
Service and Support for Science IT -Peter Kunzst, University of Zurich
 

Recently uploaded

E J Waggoner against Kellogg's Pantheism 8.pptx
E J Waggoner against Kellogg's Pantheism 8.pptxE J Waggoner against Kellogg's Pantheism 8.pptx
E J Waggoner against Kellogg's Pantheism 8.pptxJackieSparrow3
 
Module-2-Lesson-2-COMMUNICATION-AIDS-AND-STRATEGIES-USING-TOOLS-OF-TECHNOLOGY...
Module-2-Lesson-2-COMMUNICATION-AIDS-AND-STRATEGIES-USING-TOOLS-OF-TECHNOLOGY...Module-2-Lesson-2-COMMUNICATION-AIDS-AND-STRATEGIES-USING-TOOLS-OF-TECHNOLOGY...
Module-2-Lesson-2-COMMUNICATION-AIDS-AND-STRATEGIES-USING-TOOLS-OF-TECHNOLOGY...JeylaisaManabat1
 
Inspiring Through Words Power of Inspiration.pptx
Inspiring Through Words Power of Inspiration.pptxInspiring Through Words Power of Inspiration.pptx
Inspiring Through Words Power of Inspiration.pptxShubham Rawat
 
Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...
Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...
Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...Authentic No 1 Amil Baba In Pakistan
 
南新罕布什尔大学毕业证学位证成绩单-学历认证
南新罕布什尔大学毕业证学位证成绩单-学历认证南新罕布什尔大学毕业证学位证成绩单-学历认证
南新罕布什尔大学毕业证学位证成绩单-学历认证kbdhl05e
 
(南达科他州立大学毕业证学位证成绩单-永久存档)
(南达科他州立大学毕业证学位证成绩单-永久存档)(南达科他州立大学毕业证学位证成绩单-永久存档)
(南达科他州立大学毕业证学位证成绩单-永久存档)oannq
 

Recently uploaded (6)

E J Waggoner against Kellogg's Pantheism 8.pptx
E J Waggoner against Kellogg's Pantheism 8.pptxE J Waggoner against Kellogg's Pantheism 8.pptx
E J Waggoner against Kellogg's Pantheism 8.pptx
 
Module-2-Lesson-2-COMMUNICATION-AIDS-AND-STRATEGIES-USING-TOOLS-OF-TECHNOLOGY...
Module-2-Lesson-2-COMMUNICATION-AIDS-AND-STRATEGIES-USING-TOOLS-OF-TECHNOLOGY...Module-2-Lesson-2-COMMUNICATION-AIDS-AND-STRATEGIES-USING-TOOLS-OF-TECHNOLOGY...
Module-2-Lesson-2-COMMUNICATION-AIDS-AND-STRATEGIES-USING-TOOLS-OF-TECHNOLOGY...
 
Inspiring Through Words Power of Inspiration.pptx
Inspiring Through Words Power of Inspiration.pptxInspiring Through Words Power of Inspiration.pptx
Inspiring Through Words Power of Inspiration.pptx
 
Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...
Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...
Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...
 
南新罕布什尔大学毕业证学位证成绩单-学历认证
南新罕布什尔大学毕业证学位证成绩单-学历认证南新罕布什尔大学毕业证学位证成绩单-学历认证
南新罕布什尔大学毕业证学位证成绩单-学历认证
 
(南达科他州立大学毕业证学位证成绩单-永久存档)
(南达科他州立大学毕业证学位证成绩单-永久存档)(南达科他州立大学毕业证学位证成绩单-永久存档)
(南达科他州立大学毕业证学位证成绩单-永久存档)
 

Toward Sensitive Information Redaction in Collaborative Environments

  • 1. Toward Sensitive Information Redaction in a Collaborative, Multilevel Security Environment Peter Gehres, Nathan Singleton, George Louthan, John Hale WikiSym 2010, Gdansk, Poland, July 8, 2010 Computer Science / www.isec.utulsa.edu
  • 2. Overview •  Background •  Related Work •  Motivation •  SecureWiki •  Challenges •  Potential Environments •  Acknowledgments Computer Science / www.isec.utulsa.edu
  • 3. Background •  Multilevel Security (MLS) –  Traditional military security model –  Each object is described by •  Sensitivity level (unclassified, confidential, secret, top secret) •  Compartments (e.g nuclear, europe, missle defense) •  Bell-La Padula –  Based on the MLS model –  Read Down –  Write Up Computer Science / www.isec.utulsa.edu
  • 4. Background, cont. •  Text Redaction –  Tradtional redaction •  Black out using a marker •  Cut out using scissors –  Digital techniques •  Remove the underlying data •  Challenges: –  Metadata –  Incomplete redaction An example of traditional redaction Computer Science / www.isec.utulsa.edu
  • 5. Related Work •  Intellipedia –  Based on MediaWiki –  Three distinct wikis for unclassified, confidential and secret on separate physical networks –  Problem: Many places to go for information on a single subject Computer Science / www.isec.utulsa.edu
  • 6. Related Work •  Tearline Wiki –  Aggregates multiple wikis with "tear lines" between the classifications –  Problems •  Information is still segregated •  Still in testing at the NSA •  Proprietary technology From Galois Brief, “Tearline Wiki: Information collaboration across security domains” Computer Science / www.isec.utulsa.edu
  • 7. Motivations •  To promote information sharing in sensitive environments –  Government –  Healthcare –  Corporate Intellectual Property •  To combine all information about a subject into a single, consolidated view by increasing granularity Computer Science / www.isec.utulsa.edu
  • 8. SecureWiki - Architecture •  Store all article markup in separate data store •  Generate keys to indicate redacted text in markup •  Store keys in key store and generate tokens used to replace markup in page (mapped to a key by the key store) •  Replace tokens with markup during render of page (after checking authentication) Computer Science / www.isec.utulsa.edu
  • 9. SecureWiki Architecture Diagram Computer Science / www.isec.utulsa.edu
  • 10. SecureWiki - Example Excerpt from http://en.wikipedia.org/wiki/KFC Computer Science / www.isec.utulsa.edu
  • 11. Initial Page Request SECRET Computer Science / www.isec.utulsa.edu
  • 12. Initial Page Request SECRET Computer Science / www.isec.utulsa.edu
  • 13. The “Unclassified” Recipe Computer Science / www.isec.utulsa.edu
  • 14. Wiki Markup [snip] In 1983, writer [[William Poundstone]] examined the recipe in his book ''[[Big Secrets]]''. He reviewed Sanders' [[patent]] application, and advertised in college newspapers for present or former employees willing to share their knowledge. From the former he deduced that Sanders had diverged from other common fried-chicken recipes by varying the amount of oil used with the amount of chicken being cooked, and starting the cooking at a higher temperature (about {{convert|400|F|-1}}) for the first minute or so and then lowering it to {{convert|250|F|-1}} for the remainder of the cooking time. {redact 123} Following his buyout in 1964, Colonel Sanders himself expressed anger at such changes, saying: [snip] Computer Science / www.isec.utulsa.edu
  • 15. SecureWiki - Example SECRET Computer Science / www.isec.utulsa.edu
  • 16. SecureWiki - Example SECRET Computer Science / www.isec.utulsa.edu
  • 17. SecureWiki - Example SECRET abc Computer Science / www.isec.utulsa.edu
  • 18. The “Confidential” Recipe Computer Science / www.isec.utulsa.edu
  • 19. Wiki Markup [snip] {redact 456} On February 9, 2009, the secret recipe returned to KFC's Louisville headquarters in a more secure, computerized vault. In 1983, writer [[William Poundstone]] examined the recipe in his book ''[[Big Secrets]]''. He reviewed Sanders' [[patent]] application, and advertised in college newspapers for present or former employees willing to share their knowledge. From the former he deduced that Sanders had diverged from other common fried-chicken recipes by varying the amount of oil used with the amount of chicken being cooked, and starting the cooking at a higher temperature (about {{convert|400|F|-1}}) for the first minute or so and then lowering it to {{convert|250|F|-1}} for the remainder of the cooking time. Several of Poundstone's contacts also provided samples of the seasoning mix, and a food lab found that it consisted solely of [[sugar]], [[flour]], [[salt]], [[black pepper]] and [[monosodium glutamate]] (MSG). He concluded that it was entirely possible that, in the years since Sanders sold the chain, later owners had begun skimping on the recipe to save costs [snip] Computer Science / www.isec.utulsa.edu
  • 20. SecureWiki - Example SECRET Computer Science / www.isec.utulsa.edu
  • 21. SecureWiki - Example SECRET Computer Science / www.isec.utulsa.edu
  • 22. SecureWiki - Example SECRET def Computer Science / www.isec.utulsa.edu
  • 23. Wiki Markup [snip] Before the move, KFC disclosed the following details about the recipe and its security arrangements: * The recipe, which includes exact amounts of each component, is written in pencil on a single sheet of notebook paper and signed by Sanders. * The recipe was locked in a filing cabinet with two separate combination locks. The cabinet also included vials of each of the {redact 789} herbs and spices used. * Only two executives had access to the recipe at any one time. KFC refuses to disclose the names and titles of either executive * One of the two executives said that no one had come close to guessing the contents of the secret recipe, and added that the actual recipe would include some surprises. On February 9, 2009, the secret recipe returned to KFC's Louisville headquarters in a more secure, computerized vault. [snip] [snip] Computer Science / www.isec.utulsa.edu
  • 24. SecureWiki - Example SECRET Computer Science / www.isec.utulsa.edu
  • 25. SecureWiki - Example SECRET Computer Science / www.isec.utulsa.edu
  • 26. SecureWiki - Example SECRET Computer Science / www.isec.utulsa.edu
  • 27. Final Output – “Secret” Recipe Computer Science / www.isec.utulsa.edu
  • 28. Challenges •  Metadata –  A page’s existence may be classified –  Data inference •  Verification of security controls –  Certification and accreditation •  Declassifying Information –  Bell-La Padula prohibits write-down •  Implementation –  Hooks into parser –  Saving data –  Revision History? Computer Science / www.isec.utulsa.edu
  • 29. Potential Environments •  Military and government •  Medical research –  Collaboration in blind/double-blind studies –  Compliance with HIPPA PII/PHI requirements •  Corporations –  Chinese Wall implementation –  Inter-departmental segregation –  Inter-corporation collaboration Computer Science / www.isec.utulsa.edu
  • 30. Conclusions •  Redaction in wikis is possible with high granularity for secure environments. •  SecureWiki integrates the information into a single view based on the user's access level. •  SecureWiki has potential not only in government but also corporate, healthcare and other environments. Computer Science / www.isec.utulsa.edu
  • 31. Future Work •  Develop a proof of concept –  Determine the real challenges in implementation –  Expand the workflow of the system •  Determine the wiki framework (MediaWiki?) –  Ability to add our framework without modifying (too much) core code –  Access controls –  Known vulnerabilities Computer Science / www.isec.utulsa.edu
  • 32. Acknowledgements •  Mr. Philippe Beaudette, Head of Reader Relations, Wikimedia Foundation •  Dr. Rose Gamble, Professor, The University of Tulsa •  This material is based on research sponsored by DARPA under agreement number FA8750-09-1-0208. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA or the U.S. Government. Computer Science / www.isec.utulsa.edu
  • 33. Questions? Computer Science / www.isec.utulsa.edu