A Security Framework for WIKIs
Navy SBIR FY2006.1

Sol No.: Navy SBIR FY2006.1
Topic No.: N06-094
Topic Title: A Security Framework for WIKIs
Proposal No.: N061-094-1088
Firm: Serebrum Corporation
ISELIN, New Jersey 08830-3179
Contact: Venkata Polineni
Phone: (732) 855-8544
Web Site: www.serebrum.com
Abstract: WIKI is unusual among group communication mechanisms in that it allows the organization of contributions to be edited in addition to the content itself. WIKIs may be used to run a project development space, a document management system, a knowledge base, a group calendar or any other groupware tool, on an intranet or on the internet. Web content can be created collaboratively by using just a browser. Unfortunately, WIKIs, and other web-based groupware tools, lack provisions for security. Serebrum Corporation and the University of Connecticut propose to include mandatory-access control (MAC) and multi-level security(MLS) into the WIKI to allow for its access and content to be customized based on each user authorization (clearance) against the WIKI content (classification). This will include 1) the design of a Security Model that allows the definition and enforcement of MAC/MLS in the WIKI 2) the design of a set of Secure Web Services that handle security enforcement and allow the security for the WIKI itself to be defined by a security administrator, and 3) Security Assurance via the provable attainment of MAC via a mapping from the set of Secure Web Services to a secure operating system with EAL-6 Trusted Services Engine.
Benefits: The technologies developed under this SBIR effort have potential application in a wide range of public and commercial settings where security is inforced (military, government, financial institutions, corporate proprietary information, etc).
