SBIR-STTR Award

3 Sigma Research proposes an innovative concept for interfaces to ontology-based software that will facilitate development of multi-level security aiding tools and data to ensure information assurance.  A primary example of applying this technology would be a tool to assist with the automated creation of security classification guides.  The Ontology-based Security Classification Guide Investigation (OSCG-I ) will focus on development of an approach for specifying a formal ontological open standard for the information contained in a security classification guide (SCG), including security classification rules, and validating the consistency whether a single, or multiple, ontology-based SCGs apply to a given situation;  a tool to facilitate and automate creation of SCG and the inherent security classification rules.  The innovative concepts would combine the power of ontology-based reasoning components to address the complex and dynamic needs for automated information security needs in todays ever-changing coalition environment.  The approach will include investigating the potential issues in migrating from current implementation to our new approach. The product of our research can be the ground work for a rare opportunity to truly achieve automated SCG creation and maintenance, and provide more rapid and agile responses to dynamic environments.

Benefit:
The potential of this approach positively affects every user in the enterprise.  The greatest benefit is increased information assurance in data delivery.  In addition, with an open standard interface, dynamic applications could now be developed to explore the effects of completely new ways of updating the information assurance policies throughout the enterprise; allowing information assurance (IA) managers to more effectively manage the security classification characteristics of the entire enterprise.  The product of our research can be the ground work for a rare opportunity to truly achieve automated SCG creation and maintenance, and provide more rapid and agile responses to dynamic environments.  We can envision this approach as a strong complement to cross-domain solutions.  Above any other benefit is the fact that, wherever warfighters are, secure information at the right level of detail and appropriately accessed or disseminated can greatly increase the efficiency of their activities.

Keywords:
Ontology, Security Classification, Information Assurance, Interoperability, Information Exchange, Security Ontology Fusion, Security Guards

3 Sigma Research proposes to develop and implement an innovative prototype and demonstrate a suite of tools to assist with the automated creation of security classification guides and application of the guide in classifying information. Building on the research from the Phase I Ontology-based Security Classification Guide Investigation (OSCG-I), the prototype will show that a robust and accurate ontological approach can indeed overcome the complex issues related to this problem, and instead become an opportunity. Phase I focused on two areas of feasibility, 1) development of approaches for specifying a formal ontological open standard for the information contained in a security classification guide (SCG), including security classification rules, and validating the consistency whether a single, or multiple, ontology-based SCGs apply to a given situation, and 2) tools to facilitate and automate creation of SCG and the inherent security classification rules. Phase II will focus on building an enhanced prototype suite of tools to demonstrate the benefits of automated SCG creation and maintenance to provide more rapid and agile responses to dynamic environments.

Benefit:
Our advantage over existing methods is that OSCG assists users in the creation, maintenance, and application of security classification management through the entire SCG lifecycle. This will result in increased efficiency, lower cost, and most importantly increased security. Since the ontology captures the relationships among the SCG component items, the OSCG system automatically checks for consistency within the SCG by capturing SCG components using a formally defined and verifiable ontology. Another advantage to our approach is reusability. Many SCGs have relationships and references that are similar within a hierarchy of security regulations. Our approach, further developed in Phase II, allows existing security classification regulations and documents to be easily incorporated into new SCGs. This reuse capability, along with consistency validation, will help ensure that existing and validated regulations are incorporated and propagated correctly during the SCG lifecycle. We can envision this approach as a strong complement to cross-domain solutions. Above any other benefit is that, wherever warfighters are, secure information at the right level of detail and appropriately accessed or disseminated can greatly increase the efficiency of their activities.

Keywords:
Security Classification Guide, Ontology, Security Classification, Information Assurance, Interoperability, Information Exchange, Security Ontology Fusion