Overview#
Graph analysis is powerful because it finds relationships that are not visible in a flat record list. That same power creates risk if a traversal crosses into a case, country, clearance, or source that the analyst is not allowed to see. Secrecy-Aware Graph Traversal keeps relationship analysis useful while preserving need-to-know boundaries.
The module applies clearance, case visibility, country, organisation, and source restrictions during traversal rather than after results are assembled. Analysts receive a coherent graph view made only from material they are authorised to inspect, with audit evidence showing how access was evaluated.
Key Features#
- Traversal-Time Filtering: Nodes and relationships are checked before they enter the analyst's result set.
- Clearance-Aware Expansion: Classification and secrecy labels restrict how far an analyst can traverse into sensitive material.
- Case Visibility Enforcement: Membership and case-scope rules apply to profiles, evidence, relationships, and derived graph views.
- Country and Jurisdiction Controls: National handling restrictions can prevent traversal across protected boundaries.
- Source Protection: Sensitive sources and collection methods remain hidden unless the analyst has the required handling permission.
- Partial Graph Results: Analysts still receive authorised relationships even when higher-classification material is suppressed.
- Access Decision Audit: Suppressed and allowed decisions can be recorded for compliance and troubleshooting without disclosing hidden content.
Use Cases#
- Coalition Intelligence Sharing: Allied analysts search a shared graph but only see nodes and relationships permitted by their clearance and national handling caveats.
- Law Enforcement Case Deconfliction: Investigators discover shared entities across authorised cases without revealing protected source cases.
- Financial Crime Link Analysis: Analysts traverse account, company, and person relationships while respecting data-sharing agreements.
- Protected Source Handling: Sensitive informant-linked relationships are excluded from general graph exploration while remaining available to authorised handlers.
- Oversight and Accreditation: Security teams verify that graph analysis does not become a path around case-level access controls.
Integration#
Secrecy-aware traversal connects to entity profiles, investigation graphs, case visibility, role-based access control, classification labels, audit logging, and briefing exports. It supports visual graph exploration, entity enrichment, timeline construction, and cross-case deconfliction while preserving the same access rules that apply to source records.
Open Standards#
- Traffic Light Protocol, FIRST: Sharing labels can influence whether graph relationships are visible or exported.
- STIX 2.1: Cyber and intelligence entities can align with STIX object and relationship conventions.
- W3C PROV-DM: Relationship derivation and access decisions can be represented as provenance records.
- ISO/IEC 27001:2022: Access control, information classification, and logging controls frame the governance model.
- OAuth 2.0 and JWT Bearer Token: Authenticated context carries role, organisation, and clearance claims used by traversal policy.
- ISO 8601: Access decisions and relationship timestamps use standard date-time formatting.
Last Reviewed: 2026-06-26 Last Updated: 2026-06-26