image

MetaSAFE™—Managing Security Metadata

Modern defense strategy and execution is increasingly net-centric and distributed, allowing for new information flows that cross system, domain, and community of interest boundaries. But these new data flows introduce security risks as sensitive information passes outside of the domain where it was created. To mitigate this risk, the originators of information must assert control over the dissemination of sensitive information, and the receivers of information must verify that this sensitive information was disseminated by trustworthy and valid sources. In both cases, detailed and accurate metadata must be provided with the assurance that it cannot be compromised to misrepresent the associated information.

ATC-NY developed the Metadata Security Assertion Framework and Evaluation system (MetaSAFE) to enable a guard or other security device to manage the creation and verification of security metadata. MetaSAFE provides secure association of information with its metadata, and a secure trail of assertions, signed by trusted sources, verifying the metadata. MetaSAFE enables a guard or other security device to evaluate information intended for another domain in an automated or semi-automated way. It also formalizes and expedites the process of classification and release of information between domains in a high assurance way. The security metadata will state the security level and security modification history for its associated information object. MetaSAFE can evaluate this metadata to verify that it was securely recorded and that the authors of the metadata have not misrepresented themselves. Once the information object's metadata has passed MetaSAFE verification, a security device can go ahead, trusting the security assertions, and evaluate whether to let the information pass and with what kind of filtering. The receiving application can also use MetaSAFE to make similar kinds of evaluations to verify that this metadata, created in a different domain, meets local criteria for trustworthiness.



© 2010 Architecture Technology Corporation
Send comments to: webmaster@atcorp.com