Securing information flows: A metadata framework

Abstract

Recently, risk-based information trading has emerged as a new paradigm for securely sharing information across traditional organizational boundaries. In this paradigm, the risk of sharing information between organizations is characterized using expected losses (due, for example, to (un)intended information disclosure) and billed to a recipient. However, within risk-based information trading systems, quantifying the risks associated with sharing information is a non-trivial task, particularly when risk calculations depend on a number of factors. In this paper we introduce a data-centric metadata framework that extends risk-based information trading approaches by allowing one or more domains to exchange sensitive information based on metadata evaluated against internal risk assessments of the domains. We present a use case of our metadata framework using a coalition military scenario, wherein information flows can be controlled and regulated by our framework whilst allowing sufficiently high-quality tactical information to be disseminated1. © 2008 IEEE.