Cross-Shares: Technology Focus Areas

• Semantic Characterization of Security Policies: Technology that expresses semantic characteristics of objects to facilitate security policies that can capture a broad spectrum of potential access control cases; this includes a semantics of security policies needed for changing and combining policies throughout their life-cycle, and for transforming policies appropriately at domain boundaries.
• Dynamic Security Policy Enforcement: Technology to support dynamic security policies, including policy transport, policy validation, and policy conflict analysis. Techniques for properly enforcing policies that have been changed.
• Automated Security Classification & Releasability Labeling: Technology for computing labels of documents based on both content and metadata. Automated methods for labeling information that has been automatically generated from other labeled documents.
• Security Pedigree Traceability: Technology to track, assess and display security pedigree associated with an object. This includes handling issues of trust of sources, pedigree age, pedigree maintenance, and revocation of authorities involved in the pedigree formation and lifecycle.
• Hierarchical and Non-Hierarchical Domain Information Sharing: Technology to facilitate information sharing across domain boundaries. This includes sharing between domains of different sensitivity levels, sharing between organizations under some common authority, and sharing between organizations that have different authorities.
• Secure Dynamic Information Storage, Transformation, Dissemination: Technologies that will store, transform and disseminate sensitive data with multiple owners. This includes finding ways to protect the access to information (based on need to know) at a level acceptable to all the various data owners, releasability policies, and appropriate discovery and subscription to data flows in other domains.
• Guard Architecture Technology Enhancements: Guard technologies that can make use of distributed web services, including both technologies that support guard evaluation by supplying trusted evidence that may involve remote query, and distributed guard components.
• Cross Domain Service Oriented Architectures: Technologies to allow service-oriented components, such as web services, to function effectively across domain boundaries while adhering to established security policies. This includes investigation of issues such as cross-domain service discovery and the aggregation of data via repeated service invocations, and methods for maintaining certification and accreditation of systems in a dynamic service-oriented environment.
• Metadata Formulation: Methods to link data and metadata within and across domains in a trustworthy manner. This includes gathering security policies for relevant domains into a standardized, appropriately accessible framework, potentially allowing for single-point configuration of multiple security domains.
• Assured Labeling for Digital Rights Management: Assured labeling technology to facilitate the enforcement of digital rights and cross-domain data protections. This includes support for directing automated controls in what can be viewed, shared, excerpted, and/or printed; support to guide users on how intellectual property should be protected; and support for guards in applying or transforming labels as appropriate.
• Assured Labeling for Tactical Environments: Assured labeling technology appropriate for environments that may have limited bandwidth, non-continuous connectivity, battery powered operation, and/or limited displays. This includes both the initial presentation of how information should be protected and follow-up user queries.
• End-User Applications, Demos, Experimentation: Applications of secure data sharing technology to demonstrate its viability and value in operationally relevant scenarios. Develop and apply phased approach for technology insertion. Adapt, convert and create applications and processes. Incorporate operational requirements and lessons learned into research. Facilitate transition opportunities via collaboration with industry partners.