Enabling fine-grained access control in information sharing with structured data formats

Tatu Niskanen; Jarno Salonen

doi:10.34190/eccws.22.1.1143

Enabling fine-grained access control in information sharing with structured data formats

BA6403 Cybersecurity engineering & automation

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

Abstract

The ongoing need for societal and industrial digital transformation requires rapidly expanding networks of interconnected organizations and dictates an increasing role for cybersecurity in information sharing. A typical setup consists of multiple stakeholders working closely together and needing efficient channels for sharing relevant information in a secure manner. This is especially prevalent with complex modern supply chains and critical information infrastructures. They often comprise of numerous co-operating organizations, people and in some cases smart devices having different levels of access to a variety of information. Granular access control plays a vital role when distributing information efficiently between stakeholders without revealing sensitive pieces of data to unwanted third parties. This article presents a novel framework for enabling fine-grained access control to share information efficiently and securely in these situations. Our motivation and use case for the framework originates from the secure sharing of cyber incident information in the maritime logistics industry. We present a novel solution to this problem by developing an information sharing platform and a meta-model, demonstrated using an implementation with structured JSON data formats, while supporting previously researched attribute-based encryption schemes. The proposed framework provides a broader context to the fine-grained data access control challenge in addition to the technical implementation.

Original language	English
Title of host publication	Proceedings of the 22nd European Conference on Cyber Warfare and Security, ECCWS 2023
Editors	Antonios Andreatos, Christos Douligeris
Publisher	Curran Associates Inc.
Pages	332-340
Number of pages	9
Volume	22
Edition	1
ISBN (Electronic)	978-1-914587-70-2
ISBN (Print)	978-1-914587-69-6
DOIs	https://doi.org/10.34190/eccws.22.1.1143
Publication status	Published - 19 Jun 2023
MoE publication type	A4 Article in a conference publication
Event	22nd European Conference on Cyber Warfare and Security, ECCWS 2023 - The Hellenic Air Force Academy (HAFA), Athens, Greece Duration: 22 Jun 2023 → 23 Jun 2023

Publication series

Series	European Conference on Information Warfare and Security, ECCWS
Volume	2023-June
ISSN	2048-8602

Conference

Conference	22nd European Conference on Cyber Warfare and Security, ECCWS 2023
Country/Territory	Greece
City	Athens
Period	22/06/23 → 23/06/23

Funding

This article is based on research and development work conducted in two Horizon 2020 projects, namely Secure Collaborative Intelligent Industrial Assets (SeCoIIA) and Cyber preparedness actions for a holistic approach and awareness raising in the MARitime logistics supply chain (Cyber-MAR). SeCoIIA aims at securing the digital transition of manufacturing industry towards more connected, collaborative, flexible and automated production techniques. Cyber-MAR aims to develop an innovative cybersecurity simulation environment for accommodating the peculiarities of the maritime sector, while being easily applicable in other transport subsectors, with the view to fully unlock the value of the use of cyber range in the maritime logistics value chain. The projects have received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 871967 and No. 833389.

Keywords

Cybersecurity
Information security
Access control
Information sharing
Incident management
Resilience

Access to Document

10.34190/eccws.22.1.1143Licence: CC BY-NC-ND

Cite this

Niskanen, Tatu ; Salonen, Jarno. / Enabling fine-grained access control in information sharing with structured data formats. Proceedings of the 22nd European Conference on Cyber Warfare and Security, ECCWS 2023. editor / Antonios Andreatos ; Christos Douligeris. Vol. 22 1. ed. Curran Associates Inc., 2023. pp. 332-340 (European Conference on Information Warfare and Security, ECCWS, Vol. 2023-June).

@inproceedings{df185279591b46f785b9af4d6931b7fc,

title = "Enabling fine-grained access control in information sharing with structured data formats",

abstract = "The ongoing need for societal and industrial digital transformation requires rapidly expanding networks of interconnected organizations and dictates an increasing role for cybersecurity in information sharing. A typical setup consists of multiple stakeholders working closely together and needing efficient channels for sharing relevant information in a secure manner. This is especially prevalent with complex modern supply chains and critical information infrastructures. They often comprise of numerous co-operating organizations, people and in some cases smart devices having different levels of access to a variety of information. Granular access control plays a vital role when distributing information efficiently between stakeholders without revealing sensitive pieces of data to unwanted third parties. This article presents a novel framework for enabling fine-grained access control to share information efficiently and securely in these situations. Our motivation and use case for the framework originates from the secure sharing of cyber incident information in the maritime logistics industry. We present a novel solution to this problem by developing an information sharing platform and a meta-model, demonstrated using an implementation with structured JSON data formats, while supporting previously researched attribute-based encryption schemes. The proposed framework provides a broader context to the fine-grained data access control challenge in addition to the technical implementation.",

keywords = "Cybersecurity, Information security, Access control, Information sharing, Incident management, Resilience",

author = "Tatu Niskanen and Jarno Salonen",

note = "Funding Information: This article is based on research and development work conducted in two Horizon 2020 projects, namely Secure Collaborative Intelligent Industrial Assets (SeCoIIA) and Cyber preparedness actions for a holistic approach and awareness raising in the MARitime logistics supply chain (Cyber-MAR). SeCoIIA aims at securing the digital transition of manufacturing industry towards more connected, collaborative, flexible and automated production techniques. Cyber-MAR aims to develop an innovative cybersecurity simulation environment for accommodating the peculiarities of the maritime sector, while being easily applicable in other transport subsectors, with the view to fully unlock the value of the use of cyber range in the maritime logistics value chain. The projects have received funding from the European Union{\textquoteright}s Horizon 2020 research and innovation programme under grant agreement No. 871967 and No. 833389. Publisher Copyright: {\textcopyright} 2023 Curran Associates Inc.. All rights reserved.; 22nd European Conference on Cyber Warfare and Security, ECCWS 2023 ; Conference date: 22-06-2023 Through 23-06-2023",

year = "2023",

month = jun,

day = "19",

doi = "10.34190/eccws.22.1.1143",

language = "English",

isbn = "978-1-914587-69-6",

volume = "22",

series = "European Conference on Information Warfare and Security, ECCWS",

publisher = "Curran Associates Inc.",

pages = "332--340",

editor = "Antonios Andreatos and Christos Douligeris",

booktitle = "Proceedings of the 22nd European Conference on Cyber Warfare and Security, ECCWS 2023",

address = "United States",

edition = "1",

}

Niskanen, T & Salonen, J 2023, Enabling fine-grained access control in information sharing with structured data formats. in A Andreatos & C Douligeris (eds), Proceedings of the 22nd European Conference on Cyber Warfare and Security, ECCWS 2023. 1 edn, vol. 22, Curran Associates Inc., European Conference on Information Warfare and Security, ECCWS, vol. 2023-June, pp. 332-340, 22nd European Conference on Cyber Warfare and Security, ECCWS 2023, Athens, Greece, 22/06/23. https://doi.org/10.34190/eccws.22.1.1143

Enabling fine-grained access control in information sharing with structured data formats. / Niskanen, Tatu; Salonen, Jarno.
Proceedings of the 22nd European Conference on Cyber Warfare and Security, ECCWS 2023. ed. / Antonios Andreatos; Christos Douligeris. Vol. 22 1. ed. Curran Associates Inc., 2023. p. 332-340 (European Conference on Information Warfare and Security, ECCWS, Vol. 2023-June).

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Enabling fine-grained access control in information sharing with structured data formats

AU - Niskanen, Tatu

AU - Salonen, Jarno

N1 - Funding Information: This article is based on research and development work conducted in two Horizon 2020 projects, namely Secure Collaborative Intelligent Industrial Assets (SeCoIIA) and Cyber preparedness actions for a holistic approach and awareness raising in the MARitime logistics supply chain (Cyber-MAR). SeCoIIA aims at securing the digital transition of manufacturing industry towards more connected, collaborative, flexible and automated production techniques. Cyber-MAR aims to develop an innovative cybersecurity simulation environment for accommodating the peculiarities of the maritime sector, while being easily applicable in other transport subsectors, with the view to fully unlock the value of the use of cyber range in the maritime logistics value chain. The projects have received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 871967 and No. 833389. Publisher Copyright: © 2023 Curran Associates Inc.. All rights reserved.

PY - 2023/6/19

Y1 - 2023/6/19

N2 - The ongoing need for societal and industrial digital transformation requires rapidly expanding networks of interconnected organizations and dictates an increasing role for cybersecurity in information sharing. A typical setup consists of multiple stakeholders working closely together and needing efficient channels for sharing relevant information in a secure manner. This is especially prevalent with complex modern supply chains and critical information infrastructures. They often comprise of numerous co-operating organizations, people and in some cases smart devices having different levels of access to a variety of information. Granular access control plays a vital role when distributing information efficiently between stakeholders without revealing sensitive pieces of data to unwanted third parties. This article presents a novel framework for enabling fine-grained access control to share information efficiently and securely in these situations. Our motivation and use case for the framework originates from the secure sharing of cyber incident information in the maritime logistics industry. We present a novel solution to this problem by developing an information sharing platform and a meta-model, demonstrated using an implementation with structured JSON data formats, while supporting previously researched attribute-based encryption schemes. The proposed framework provides a broader context to the fine-grained data access control challenge in addition to the technical implementation.

AB - The ongoing need for societal and industrial digital transformation requires rapidly expanding networks of interconnected organizations and dictates an increasing role for cybersecurity in information sharing. A typical setup consists of multiple stakeholders working closely together and needing efficient channels for sharing relevant information in a secure manner. This is especially prevalent with complex modern supply chains and critical information infrastructures. They often comprise of numerous co-operating organizations, people and in some cases smart devices having different levels of access to a variety of information. Granular access control plays a vital role when distributing information efficiently between stakeholders without revealing sensitive pieces of data to unwanted third parties. This article presents a novel framework for enabling fine-grained access control to share information efficiently and securely in these situations. Our motivation and use case for the framework originates from the secure sharing of cyber incident information in the maritime logistics industry. We present a novel solution to this problem by developing an information sharing platform and a meta-model, demonstrated using an implementation with structured JSON data formats, while supporting previously researched attribute-based encryption schemes. The proposed framework provides a broader context to the fine-grained data access control challenge in addition to the technical implementation.

KW - Cybersecurity

KW - Information security

KW - Access control

KW - Information sharing

KW - Incident management

KW - Resilience

UR - http://www.scopus.com/inward/record.url?scp=85167585175&partnerID=8YFLogxK

U2 - 10.34190/eccws.22.1.1143

DO - 10.34190/eccws.22.1.1143

M3 - Conference article in proceedings

SN - 978-1-914587-69-6

VL - 22

T3 - European Conference on Information Warfare and Security, ECCWS

SP - 332

EP - 340

BT - Proceedings of the 22nd European Conference on Cyber Warfare and Security, ECCWS 2023

A2 - Andreatos, Antonios

A2 - Douligeris, Christos

PB - Curran Associates Inc.

T2 - 22nd European Conference on Cyber Warfare and Security, ECCWS 2023

Y2 - 22 June 2023 through 23 June 2023

ER -

Niskanen T, Salonen J. Enabling fine-grained access control in information sharing with structured data formats. In Andreatos A, Douligeris C, editors, Proceedings of the 22nd European Conference on Cyber Warfare and Security, ECCWS 2023. 1 ed. Vol. 22. Curran Associates Inc. 2023. p. 332-340. (European Conference on Information Warfare and Security, ECCWS, Vol. 2023-June). doi: 10.34190/eccws.22.1.1143

Enabling fine-grained access control in information sharing with structured data formats

Abstract

Publication series

Conference

Funding

Keywords

Access to Document

Other files and links

Fingerprint

How to Enhance the Sharing of Cyber Incident Information via Fine-Grained Access Control

SeCoIIA: Secure Collaborative Intelligent Industrial Assets

Cyber-MAR: Cyber preparedness actions for a holistic approach and awareness raising in the MARitime logistics supply chain

Cite this

Enabling fine-grained access control in information sharing with structured data formats

Abstract

Publication series

Conference

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Research output

How to Enhance the Sharing of Cyber Incident Information via Fine-Grained Access Control

Projects

SeCoIIA: Secure Collaborative Intelligent Industrial Assets

Cyber-MAR: Cyber preparedness actions for a holistic approach and awareness raising in the MARitime logistics supply chain

Cite this