Overview#
Graph analysis is powerful because it follows relationships that are not obvious in a flat case file. That same power creates risk. A traversal that starts in one investigation can accidentally reveal a protected witness, a classified source, a restricted partner node, or a tenant-private relationship if the graph engine does not enforce secrecy at every step.
The Graph Secrecy-Aware Traversal module applies tenant boundaries, case permissions, secrecy levels, node controls, and edge controls while analysts explore relationship graphs. It lets teams trace paths and discover connections without leaking nodes or relationships the user is not allowed to know exist.
Key Features#
-
Tenant Boundary Enforcement: Traversals cannot cross into another tenant's graph unless a governed sharing agreement permits it.
-
Secrecy-Level Filtering: Nodes and edges can carry secrecy requirements, and traversal results respect the user's clearance level.
-
Case Permission Checks: Investigation membership, role, case status, and evidence access can influence which graph records are visible.
-
Edge-Level Protection: Sensitive relationships can be hidden even when both connected nodes are visible.
-
Existence Protection: Restricted nodes and edges can be omitted without revealing that a hidden relationship exists.
-
Path Redaction: Paths that include restricted material can be removed, shortened, or shown with approved redaction according to policy.
-
Traversal Bounds: Depth, fan-out, timeout, and result-size controls help prevent runaway graph exploration.
-
Auditability: Traversal requests, filters, redactions, and denied paths are recorded for security and compliance review.
Use Cases#
- Classified source protection where an analyst can see a suspect network without exposing a protected informant node.
- Cross-agency investigations where shared graph views must honour each partner's tenancy, role, and agreement boundaries.
- Commission strand isolation where one inquiry strand cannot infer relationships from another restricted strand.
- Financial crime graph review where analysts trace funds while hiding sealed accounts, privileged links, or partner-only intelligence.
- Internal affairs separation where reviewer access to people, incidents, and evidence relationships is limited by assignment.
Integration#
The module connects graph traversal, investigation permissions, tenant isolation, secrecy classification, audit logging, and cross-tenant sharing policy. It is designed to make relationship exploration useful without turning the graph into an access-control bypass.
Open Standards#
- NIST RBAC / ANSI INCITS 359-2004: Role-based access concepts inform user, role, and permission checks.
- ABAC / NIST SP 800-162: Attribute-based policy concepts support clearance, case, tenant, and data-classification decisions.
- SQL:1999 Recursive Queries: Relationship traversal can use standard recursive query concepts where implemented in relational stores.
- W3C PROV-DM: Traversal results can retain provenance from source nodes, relationships, evidence, and redaction decisions.
- ISO 8601: Traversal, denial, redaction, and audit timestamps use consistent date and time formatting.
- SHA-256 (FIPS 180-4): Audit fingerprints and exported traversal reports can use standard cryptographic hashes.
- GDPR (EU Regulation 2016/679): Data minimisation and access restriction principles inform redaction and omission behaviour.
Security and Compliance#
Traversal security is enforced during graph exploration, not only after results are assembled. Restricted nodes and edges are filtered before they can shape visible paths, and every denied or redacted traversal can be reviewed by authorised security staff.
Last Reviewed: 2026-06-25 Last Updated: 2026-06-25