ITR-RESCUE is part of the California Institute for Telecommunications and Information Technology (Calit2) and its IT infrastructure is provided by Responsphere |
 |
 |
Project Lead: M. Winslett (UIUC)
Project Participants:K. Seamons (BYU), S. Pasco (UCSD), N. Ashish (UCI), J. Sutton (UC-B), K. Tierney (UC-B).
Other Project Members: 2.5 Students, 0.5 Post-doc, 0.5 Programmer
The objective of PISA is to understand data sharing and privacy policies of organizations and individuals; and devise scalable IT solutions to represent and enforce such policies to enable seamless information sharing across all entities involved in a disaster. We will design, develop, and evaluate a flexible, customizable, dynamic, robust, scalable, policy-driven architecture for information sharing that ensures the right information flows to the right person at the right time with minimal manual human intervention and automated enforcement of information-sharing policies. The information management community has already noted the importance and the difficulty of undertaking such an effort1.
We propose a policy-driven approach to information collection and dissemination to determine what, when, and where information is collected. Policies determine what can be done with collected information under given conditions, including accepting user requests to view information (pull dissemination), who should automatically be sent information (push dissemination) and in what manner (customized dissemination) the processes that can be applied to information (e.g., can/must it be integrated with information from another source), and obligations that result from performing these actions on information (e.g., logging of access).
(1) Design an architecture that will provide efficient enforcement of policies at run time even in the presence of fine-grained policies, many users, many policies, many data sources, and heavy load; (2) Develop policy languages that are sufficiently expressive while still retaining formal semantics; (3) Ease of policy understanding, analysis, and update; (4) Resilience against attack, and (5) User acceptance.
PISA will focus on understanding policy needs and designing an appropriate architecture for the following usage scenarios: (1) A derailment with accompanying chemical spill in Champaign, Illinois. (2) Redirecting surveillance cameras and other sensors in hallways at Champaign Central High School and/or Champaign’s Marketplace Mall during response to a hostage situation. The Champaign city manager, city IT director, and first responders have committed to participating in such a study and specifically requested the derailment scenario. Scenarios will include roundtable discussions directed by RESCUE sociologists between city officials, first responders, and other stakeholders, and will focus on the city’s response to disasters of each type. Both scenarios will deploy an architecture that makes use of the SAMI event database, RESCUE Enterprise Service Bus being developed to enable data sharing in loosely coupled environments, and an extensive store of GIS data for Champaign. The appropriate information sources to use in the scenarios will be identified by city personnel, first responders, and other stakeholders. The types of information sources and the requirements for the runtime environment will determine the appropriate architecture for policy enforcement and will drive our choice of approach to the other grand challenges of PISA. Suitable extensions will be made to the RESCUE Enterprise Service Bus to facilitate its usage in diverse set of organizations and sharing scenarios including the scenarios considered to drive the policy research.
We will develop the first techniques and tools for scalable policy management and new attacks and attack defenses for attribute-based authorization systems (two important research areas in their infancy). Policy languages are a young but very active area of research, yet researchers rarely use the proposed languages in real scenarios; lessons learned and language extensions that we propose from doing so will guide future policy language research. Our work on policy management will build on top of our ongoing effort on developing a RESCUE Enterprise Service Bus aimed at creating a data sharing system that can support dynamic coalitions. We will obtain insights into disaster management in medium-size cities and gain understanding into the factors affecting user acceptance of new IT for disasters.
Policy-driven architectures are an emerging concept applicable across the entire spectrum of security and privacy issues and applications. Lessons learned in the PISA effort will carry over to many scenarios outside of disaster response. PISA will have an impact on the City of Champaign, which is quite worried about the possibility of derailments with chemical spills. The city intends to pursue additional funding for further development of any technology from the RESCUE project that looks very useful for Champaign; this may have a spillover effect for other cities. PISA is an excellent opportunity to learn more about the sociology of disaster management in medium-size cities - clearly different from that of large cities; lessons learned may be helpful for the hundreds of midsize cities in the US that face a variety of types of disasters.
This material is based upon work supported by the National Science Foundation under Award Numbers 0331707 and 0331690. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
© 2005 The Regents of the University of California
All Rights Reserved