A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders

For various reasons organizations need to collaborate with external consultants, e. g. domain specialists, on specific projects. Many security-oriented organizations deploy multi-level systems which enforce one directional information flow in a lattice of security labels. However, traditional lattice constructions are not suitable for accommodating external consultants, since such consultants are not "true insiders" but rather " expedient insiders" who should receive much more limited privileges than employees. An authorization model for group-centric collaboration with expedient insiders (GEl) has been recently proposed, wherein organizations create groups and replicate the organizational lattice with selected content for such collaborations [4]. Motivated by GEl, in this paper, we formulate a novel lattice construction wherein a new collaboration category is introduced for each new collaboration group, in a manner significantly different from the usual process of defining new security categories in a lattice. In particular, a collaboration category brings together only the required objects and users. We develop a formal model for lattices with collaborative compartments (LCC) comprising administrative and operational parts covering the life-cycle of such collaborations. We formally prove the equivalence of LCC and GEl, thereby precisely characterizing the information flow and security properties of GEl which heretofore had only been informally considered. This equivalence shows that GEl can be realized via LBAC with minimal operational disruptions.