A group-centric model for collaboration with expedient insiders in multilevel systems

An authorization model for group-centric organizational collaboration has been recently proposed wherein multiple organizations may collaborate via groups [3]. Each group is independent of all others and adheres to the formal semantics of Group-Centric Secure Information Sharing models (g-SIS) [2], [4]. Motivated by [3], in this paper, we develop a model for group-centric collaboration in which an organization forms groups to collaborate with outside consultants on specific projects. A core principle is that such outsiders cannot fit in the existing organizational access control structure as they are not “true insiders” but rather “expedient insiders.” In our proposed model, each group duplicates the organizational access control structure in an identical but separate copy—initially without any assignment of users or objects. The group is then populated and maintained by bringing selected true insiders, expedient insiders, and objects together to enable collaboration. The formal model consists of administrative and operational parts covering the complete life-cycle. While the general concepts are applicable regardless of the specific models used for the organizational access control structure, to be concrete we consider the specific case of multilevel systems that enforce lattice-based access control [7].