Project Overview
The SAW project encompasses a broad spectrum of issues concerning the specification and realization of security wrappers for protection of sensitive or proprietary local information, while permitting dissemination of data that needs to be shared. By employing such wrappers, organizations can share their information with others selectively, with the assurance that information to be protected will neither be improperly and directly accessed, nor indirectly disclosed through other released information. A key goal of SAW technology is to bring a substantial level of automation to trusted information sharing, thereby reducing organizations' reliance on manual, often paper-based, methods for information release that can be cumbersome and costly. SAW technology will form the basis of an automated tool kit for generation of composable security wrappers. Databases wrapped by SAWs can then combine to form scalable, secure information systems.
In the SAW architecture, external accesses are handled via the wrapper, while internal accesses are unaffected. In this way, only external accesses incur any added expense or delay resulting from the SAW's security mechanisms. The SAW for each database or organization is specified and maintained by the security officer, who is responsible for ensuring that the security policy of the organization is enforced. From the security officer's point of view, creating a SAW involves specifying, with the help of the SAW tool kit, the security policy of the underlying database. From this specification, the SAW tool kit generates a wrapper for the database. Thus, the SAW tool kit is effectively a wrapper generator easily customizable to the different security policies that may need to be enforced in component databases. The language of security constraints permitted in a SAW specification attempts to strike a reasonable balance between expressiveness of security requirements and efficiency of analysis.
The figure below illustrates a typical application of SAW technology. A prime contractor and several subcontractors form a team to design and manufacture a complex system. Each contractor in the collaboration needs data from other members and must supply some data to other members of the team. Since each contractor maintains proprietary information in its database, it is not possible to simply open the database for access by other team members. At the same time, manual approaches to information requests, approvals, and releases would cause significant delays and additional costs in the project. To alleviate this problem, each contractor wraps its database with a SAW, which allows the contractor to specify precisely who may retrieve what information under which circumstances, even if the underlying database does not directly support such selective release of information. SAWs operate on top of an existing secure communications infrastructure, such as Secure Socket Layer (SSL), that provides for data secrecy and integrity, and authentication of data requesters and suppliers.
![[Sample SAW application]](/projects/saw/sawapp.gif)
The SAW consists of a variety of techniques and tools to provide mandatory enforcement of its security policy on external accesses, addressing four key issues in information-system security: access control, composability and scalability, auditing, and assurance. Tools provided by SAW also allow validation of design drawings and other multimedia objects, items that have not been the focus of past security tools, but are becoming an increasingly large fraction of information interchange.
The SAW security mediator enforces mandatory access control to guarantee that all requests for information, and any data released as a result, meet the requirements of the data holder's security policy. It provides uniform query and security interfaces to permit direct composition and interoperation of wrapped databases. These interfaces allow composed systems to be analyzed to determine whether and how interoperation may lead to compromises of local security constraints. The SAW also provides for selective auditing of information requests and releases, so that potential compromises resulting from sequences of requests can be detected and prevented. Finally, the SAW addresses assurance through security policy transformation. Rather than enforcing security policies itself, the SAW transforms its security policies into those enforceable by internal databases, when possible.