Abstract

Design.
Advisors
Date of Issue
2009-03
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
The ability for emergency first responders to access sensitive information for which they have not been pre-vetted can save lives and property. We describe a trusted emergency management solution for ensuring that sensitive information is protected from unauthorized access, while allowing for extraordinary access to be authorized under the duress of an emergency. Our solution comprises an emergency access control policy, an operational model and a scalable system security architecture. The operational model involves endusers who are on call as first responders, providers of critical information, and a coordinating authority. Extraordinary access to information is allowed to occur only during emergencies, and only in a confined emergency partition, which is unavailable before the emergency and can be completely purged after the emergency. As all information remains within its assigned partition, after the emergency the system can meaningfully enforce its pre-emergency access control policy. A major component of the architecture is the end-user device, and we describe mechanisms on the device for secure storage of data, and for management of emergency state, to indicate feasibility.

Date

2009

Authors

Timothy Levin, Cynthia Irvine, Terry Benzel, Thuy Nguyen, Paul Clark, Ganesha Bhaskara

Publisher

Monterey, California. Naval Postgraduate School