Framework for managing metadata security tags as the basis for making security decisions

• Main Author: Aposporis, Panagiotis.
• Other Authors: Lewis, Ted G.
• Published: Monterey, California. Naval Postgraduate School 2012
• Online Access: http://hdl.handle.net/10945/4336

This thesis presents an analysis of a capability to employ CAPCO (Controlled Access Program Coordination Office) compliant Metadata security tags as the basis for making security decisions. My research covers all the security aspects of the related technologies, such as XML, Web Services, Java API's for XML, .NET Architecture to help determine how security conscious enterprises such as the Intelligence Community can implement this approach in the real insecure world, with commercial off-the-self products, to meet their needs. There were many concerns about using the XML Metadata Label Tags as the basis for making security decisions, due to an un -trusted environment. By using appropriate trusted parts, when really necessary, and new technologies , we can find secure solutions for creating, storing and disseminating XML documents. Besides the theoretical research, this thesis also presents a prototype development of a Web Service that can handle most of the tasks (save, save locally, review etc), which are required to securely manage XML documents. In order to implement the above Web Service, open -source products, such as Java and Apache Tomcat Web Server, are used. These are not only available free, easily testable and commonly used, but they pro vide us with a great interoperability among almost all the platforms. The implementation can also be done by using other competitive technologies or platforms or can even use similar or related commercial products.