Trusted Emergency Management
Research rept. 16 Oct 2006-16 Oct 2007
NAVAL POSTGRADUATE SCHOOL MONTEREY CA CENTER FOR INFORMATION SYSTEMS SECURITY STUDIES AND RESEARCH
Pagination or Media Count:
The ability for emergency first responders to access sensitive information for which they have not been pre-vetted can save lives and property. We describe a trusted emergency management solution for ensuring that sensitive information is protected from unauthorized access, while allowing for extraordinary access to be authorized under the duress of an emergency. Our solution comprises an emergency access control policy, an operational model and a scalable system security architecture. The operational model involves end users who are on call as first responders, providers of critical information, and a coordinating authority. Extraordinary access to information is allowed to occur only during emergencies, and only in a confined emergency partition, which is unavailable before the emergency and can be completely purged after the emergency. As all information remains within its assigned partition, after the emergency the system can meaningfully enforce its pre-emergency access control policy. A major component of the architecture is the end-user device, and we describe mechanisms on the device for secure storage of data, and for management of emergency state, to indicate feasibility.
- Computer Systems Management and Standards
- Command, Control and Communications Systems