16th Annual Computer Security Applications Conference
December 11-15, 2000
New Orleans, Louisiana

Security Architectures for Controlled Digital Information Dissemination

Jaehong Park & Ravi Sandhu
George Mason University

James Schifalacqua
SI International, Inc.

Besides securing transmission of digital information at lower layers, several application-level security solutions for controlled dissemination of digital information have been developed using cryptographic, watermarking or use-control technologies. These dissemination control solutions have been designed for different business purposes. Little research, if any, identifies security architectures for controlling or tracking digital information dissemination in general. The identification of such will provide a foundation for developing appropriate security solutions for organizationsí secure dissemination of digital information, and provide a better understanding of current application-level security solutions.

In this paper, we identify eight application-level security architectures based on the following three elements: Virtual Machine, Control Set, and Distribution Style. Some of the architectures provide control and tracking capabilities for dissemination and usage of digital information, while others provide only tracking capability. We describe the architectures and compare their capabilities, merits, and demerits. In addition, we review briefly some of the required mechanisms, including watermarking and use-control technologies. Also, we relate some of commercial solutions to our security architectures in order to provide insight on the current availability of our solutions architectures.

Read Paper Read Paper (in PDF)