Low-overhead data encryption bound by attribute-based policy. Isolate and compartmentalise information flow based on arbitrary metadata.
With CABE, data of any size can be safely encrypted for transport through untrusted and hostile environments, while being labeled according to the identity and context of the producer. CABE can support any labelling schema as needed to support mission objectives — label data according to sensitivity, compartment, or based on any other selector.
Every object is bound to its associated label metadata and encrypted before transport or storage. Decryption is gated by attribute-based access control (ABAC) policy which can be configured as needed for the mission environment. Both protected data objects and workloads accessing objects are assigned a set of metadata labels, and system policy determines which workloads can access which data according to arbitrary metadata predicates.
CABE is built on cryptographic primitives which are post-quantum safe, and state-of-the-art internet ecosystem standards such as the IETF's COSE and CBOR, providing a compact, low-overhead envelope format. CABE can scale performantly to messages which are arbitrarily large — or arbitrarily small, even a single byte.
CABE is a family of publicly-available specifications that fit together in a cohesive framework.
The core specifications are critical to any CABE system.
Base architecture, core envelope format and encoding for CABE-protected messages.
The protocol used by CABE clients to interact with a CABE Key Server and the reference architecture of CABE Key Servers.
Additional specifications provide extended functionality.
Defines an isomorphic mapping between NATO ACP240 information classification labelling and CABE Attribute Sets.
An ultra-low-overhead encryption format for efficiently transporting large numbers of small units of information — even a single byte — in the context of a CABE Base Message.
Sign up and receive more information on: