A Trust Domains Taxonomy for Securely Sharing Information: A Preliminary Investigation

TL;DR

This paper empirically investigates a trust domains taxonomy for secure information sharing, demonstrating its components and applying it to a cloud-based conference system that ensures strong privacy and confidentiality.

Contribution

It validates and refines a trust domains taxonomy for secure sharing, incorporating key elements and demonstrating its application in a novel cloud-based system.

Findings

Role, Policy, Action, Control, Evidence, Asset should be included in the taxonomy.

ConfiChair provides strong privacy and confidentiality guarantees.

The taxonomy effectively guides secure information sharing in collaborative systems.

Abstract

Information sharing has become a vital part in our day-to-day life due to the pervasiveness of Internet technology. In any given collaboration, information needs to flow from one participant to another. While participants may be interested in sharing information with one another, it is often necessary for them to establish the impact of sharing certain kinds of information. This is because certain information could have detrimental effects when it ends up in wrong hands. For this reason, any would-be participant in a given collaboration may need to establish the guarantees that the collaboration provides, in terms of protecting sensitive information, before joining the collaboration as well as evaluating the impact of sharing a given piece of information with a given set of entities. In order to address this issue, earlier work introduced a trust domains taxonomy that aims at managing trust-related issues in information sharing. This paper attempts to empirically investigate the proposed taxonomy through a possible scenario (e.g. the ConfiChair system). The study results determined that Role, Policy, Action, Control, Evidence and Asset elements should be incorporated into the taxonomy for securely sharing information among others. Additionally, the study results showed that the ConfiChair, a novel cloud-based conference management system, offers strong privacy and confidentiality guarantees.