MetaSAFE™—Managing Security Metadata

Modern defense strategy and execution is increasingly net-centric and distributed, allowing for new information flows that cross system, domain, and community of interest boundaries. But these new data flows introduce security risk as sensitive information passes outside of the domain where it was created. To mitigate this risk, the originators of information must assert control over the dissemination of sensitive information, and the receivers of information must validate that this sensitive information was disseminated by trustworthy and valid sources. In both cases, detailed and accurate metadata must be provided with the assurance that it cannot be compromised to misrepresent the associated information.

ATC-NY is developing the Metadata Security Assertion Framework and Evaluation system (MetaSAFE) to enable a guard or other security device to manage the creation and validation of security metadata. MetaSAFE will provide secure association of information with its metadata, and a secure trail of assertions, signed by trusted sources, validating the metadata. The metadata will provide assertions about the classification of the information as well as the security pedigree of the information. Building upon existing ATC-NY pedigree technology, MetaSAFE will provide the most balanced volume- and time-efficient representation of these security assertions. MetaSAFE will enable a guard or other security device to evaluate information intended for another domain. The security metadata will state the security level and security modification history for its associated information object. MetaSAFE will evaluate this metadata to validate that it was securely recorded and has not been misrepresented. Once the object's metadata has passed MetaSAFE validation, a security device can go ahead, trusting the security assertions, and evaluate whether to let the information pass and with what kind of filtering. The receiving application can also use MetaSAFE to make similar kinds of evaluations to validate that this metadata, created in a different domain, meets local criteria for trustworthiness.