@conference { ,
	title = {Securing the Dissemination of Emergency Response Data with an Integrated Hardware-Software Architecture},
	year = {2009},
	month = {April 6-8},
	pages = {133-156},
	address = {Oxford, U.K.},
	abstract = {During many crises, access to sensitive emergency-support information is required to save lives and property. For example, for effective evacuations first responders need the names and addresses of non-ambulatory residents. Yet, currently, access to such information may not be possible because government policy makers and third-party data providers lack confidence that today?s IT systems will protect their data. Our approach to the management of emergency information provides first responders with temporary, transient access to sensitive information, and ensures that the information is revoked after the emergency. The following contributions are presented: a systematic analysis of the basic forms of trusted communication supported by the architecture; a comprehensive method for secure, distributed emergency state management; a method to allow a userspace application to securely display data; a multifaceted system analysis of the confinement of emergency information and the secure and complete revocation of access to that information at the closure of an emergency.},
	author = {Timothy Levin and Jeffrey Dwoskin and Ganesha Bhaskara and Thuy Nguyen and Paul Clark and Ruby B. Lee and Cynthia Irvine and Terry Benzel}
}

@conference { ,
	title = {A security architecture for transient trust},
	year = {2008},
	month = {October 31},
	pages = {1-8},
	address = {Alexandria, Virginia},
	abstract = {In extraordinary situations, certain individuals may require access to information for which they are not normally authorized. For example, to facilitate rescue of people trapped inside of a burning building, firefighters may need its detailed floor plan - information that may not typically be accessible to emergency responders. Thus, it is necessary to provide transient trust so that such sensitive information is available to selected individuals only during the emergency. The architecture presented here is designed to support transient trust. It encompasses pre-positioned, updateable domains for use exclusively during emergencies along with a set of "normal" domains with different sensitivity levels. Allocated to partitions, these domains are entered via a high integrity trusted path service located in a separate trusted partition. Interaction among subjects in different partitions is controlled by a high assurance separation kernel, and efficient use of devices is achieved through the application of a three-part device model. The resulting architecture enforces mandatory security policies, yet ensures secure and revocable access to a class of information during declared emergencies.},
	author = {Cynthia E. Irvine and Timothy E. Levin and Paul C. Clark and Thuy D. Nguyen}
}