External Object Trust Zone Mapping for Information Clustering ! Yanjun Zuo 1 , Brajendra Panda 1 1 Department of Computer Science and Computer Engineering University of Arkansas, Fayetteville, AR 72701 Abstract. In a loosely-coupled system various objects may be imported from different sources and the integrity levels of these objects can vary widely. Like downloaded information from the World Wide Web, these imported objects should be carefully organized and disseminated to different trust zones, which meet the security requirements of different groups of internal applications. Assigning an object to a trust zone is called trust zone mapping, which is essentially a form of information clustering and is designed to guide internal applications when they are using objects from different zones. We developed methods to perform trust zone mapping based on objects’ trust attribute values. The defined threshold selection operators allow internal applications to best express their major security concerns while tolerating unimportant issues to certain degrees. As two major trust attributes, the primary and secondary trust values are explained and we illustrate how to calculate each of them. 1 Introduction Information assurance is a major concern for participating subjects in a loosely- coupled system such as a virtual organization, a federated system, or a dynamic coalition since various objects may be imported from different sources and the qualities of these external objects can vary widely. Conventional computer security and information assurance mechanisms, such as access control [8][9][10] and information flow models [11][12][13][14], have limitations when being applied to these semi-open systems since they are originally designed under a closed-world assumption and users must be known in advance. This assumption may not be valid for semi-open systems whose members dynamically join and leave the systems. Clustering imported objects in a secured manner is important to facilitate information assurance and comply with the internal security polices of a computing system. One important aspect of information assurance is to disseminate data to different zones based on their security characteristics. All the members of a trust zone share the required trust features as defined for that trust zone. Component-based approach provides a way to study an object’s trust attributes. In [1], the authors developed a formal model to represent object component information and use this information to reason on an object’s trustworthiness. Some ! This work was supported in part by US AFOSR under grant FA9550-04-1-0429. Zuo Y. and Panda B. (2005). External Object Trust Zone Mapping for Information Clustering!. In Proceedings of the 3rd International Workshop on Security in Information Systems, pages 196-206 DOI: 10.5220/0002569301960206 Copyright c  SciTePress