Secure information sharing enabled by Trusted Computing and PEI models

The central goal of secure information sharing is to "share but protect" where the motivation to "protect" is to safeguard the sensitive content from unauthorized disclosure (in contrast to protecting the content to avoid loss of revenue as in retail Digital Rights Management). This elusive goal has been a major driver for information security for over three decades. Recently, the need for secure information sharing has dramatically increased with the explosion of the Internet and the convergence of outsourcing, offshoring and B2B collaboration in the commercial arena and the real-world demonstration of the tragic consequences of lack of information sharing in the national security arena. As technology has made the "share" aspect ever easier so has it increased the difficulty of enforcing the "protect" aspect. The central contribution of this paper is to show that the emergence of industrial strength Trusted Computing (TC) technology offers a range of novel solutions to the long-standing problem of secure information sharing. To this end we introduce a new framework of three layered models to analyze requirements and develop solutions, and demonstrate the application of this framework in context of TC and secure information sharing. The three layers are policy models (topmost), enforcement models (middle), and implementation models (bottom). Hence the name PEI models. At the policy model layer the secure information sharing space is divided into three categories called password based, device based, and credential based. For each of these policy categories various enforcement and implementation models can be developed. While we believe the PEI framework is relevant to security problems beyond secure information sharing, our goal in this paper is to demonstrate its application in this particular arena and identify questions for future research in this context. An essential benefit of PEI is that the three layers allow us to focus on the more important issues at a higher level of abstraction at the policy and enforcement layers, while leaving deep detail to the implementation layer. This paper focusses on the policy and enforcement layers with only passing mention of the implementation layer.