Protecting Identifiers in Cross-Domain Environments
ARMY RESEARCH LAB ABERDEEN PROVING GROUND MD
Pagination or Media Count:
Unique identification of objects and their associated data representations have received significant attention in the past 10 years. Developing an efficient identifier allocation and tracking scheme that transparently spans security domains requires finesse. It is not uncommon for information to be created in a lower security domain and copied to a higher domain. The rigor by which the data is maintained varies widely, as does the resulting difficulty in maintaining consistency of the data and its identifiers. But identifier uniqueness and traceability is not the biggest concern. In the age of the Internet, it is easy to pull together disparate pieces of information to build a picture not intended for public release. Previous practices such as data masking are no longer satisfactory. It is easy to believe that because an identifier is an unintelligent number that it can be passed around without compromise. This paper will describe the policy and technical logic behind a policy of managing identifiers and presents the argument that identifiers, even unintelligent ones, must be treated with the same care as the data they identify.
- Computer Systems Management and Standards