Advertisement

Information Release Control: A Learning-Based Architecture

  • Claudio Bettini
  • X. Sean Wang
  • Sushil Jajodia
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3360)

Abstract

Modern information system applications involve collaboration in the form of information flow through organization boundaries. Indeed, organizations have vast amounts of information that is shared with other organizations and even the general public for various purposes. In addition to the standard network-level protections, systems usually use some access control mechanisms to protect data. However, access control systems are not designed to deal with deliberate and accidental release of information, to which the user has the authority to access but is not supposed to be released. Moreover, effective access control assumes a perfect categorization of information, which is increasingly difficult in a complex information system. Information release control is viewed as complementary to access control, and aims at restricting the outgoing information flow at the boundary of information systems. This paper presents a general architectural view of a release control system, and discusses the integration in the proposed architecture of a module for learning release control constraints. Continuous learning is applied to adjust the release control constraints in order to reduce both mistakenly released and mistakenly restricted documents. The paper describes in detail the process of learning keyword-based release control constraints.

Keywords

Access Control Release Control Access Control Policy Access Control Model Matching Rule 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [AF00]
    Altinel, M., Franklin, M.J.: Efficient filtering of XML documents for selective dissemination of information. In: Proceedings of 26th International Conference on Very Large Data Bases, USA, pp. 53–64 (2000)Google Scholar
  2. [ASS+99]
    Aguilera, M.K., Strom, R.E., Sturman, D.C., Astley, M., Chandra, T.D.: Matching events in a content-based subscription system. In: Proceedings of the Eighteenth Annual ACM Symposium on Principles of Distributed Computing (PODC), May 1999, pp. 53–62 (1999)Google Scholar
  3. [BC92]
    Belkin, N.J., Croft, W.B.: Information Filtering and Information Retrieval: Two Sides of the Same Coin? Communications of the ACM 35(12), 29–38 (1992)CrossRefGoogle Scholar
  4. [BFJ00]
    Brodsky, A., Farkas, C., Jajodia, S.: Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures. IEEE Trans. Knowl. Data Eng. 12(6), 900–919 (2000)CrossRefGoogle Scholar
  5. [CCC+02]
    Carney, D., Cetintemel, U., Cherniack, M., Convey, C., Lee, S., Seidman, G., Stonebraker, M., Tatbul, N., Zdonik, S.: Monitoring streams – A new class of data management applications. In: Proceedings of the 28th International Conference on Very Large DataBases (VLDB), pp. 215–226 (2002)Google Scholar
  6. [CDTW00]
    Chen, J., DeWitt, D.J., Tian, F., Wang, Y.: NiagaraCQ: a scalable continuous query system for Internet databases. In: Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data, Dallas, Texas, May 16—18, pp. 379–390 (2000)Google Scholar
  7. [CST00]
    Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Machines (and other kernel-based learning methods), Cambridge University Press, UK (2000)Google Scholar
  8. [DFFT02]
    Diao, Y., Fischer, P., Franklin, M., To, R.: Efficient and scalable filtering of xml documents. In: Proceedings of the International Conference on Data Engineering (ICDE), pp. 341–342 (2002)Google Scholar
  9. [FJL+01]
    Fabret, F., Jacobsen, H.A., Llirbat, F., Pereira, J., Ross, K.A., Shasha, D.: Filtering algorithms and implementation for very fast Publish/Subscribe systems. In: Proceedings of ACM International Conference on Management of Data (SIGMOD), pp. 115–126 (2001)Google Scholar
  10. [GL02]
    Gruninger, M., Lee, J.: Ontology: applications and design. Communications of the ACM 45(2), 39–41 (2002)CrossRefGoogle Scholar
  11. [JSSS01]
    Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2), 214–260 (2001)MATHCrossRefGoogle Scholar
  12. [Les86]
    Lesk, M.E.: Automated sense disambiguation using machine-readable dictionaries: How to tell a pinecone from an ice cream cone. In: Proceedings of the SIGDOC Conference (1986)Google Scholar
  13. [Mit97]
    Mitchell, T.M.: Machine Learning. McGraw-Hill, New York (1997)MATHGoogle Scholar
  14. [Mon01]
    Monteith, E.: Genoa TIE, advanced boundary controller experiment. In: 17th Annual Computer Security Applications Conference, ACM, New York (2001)Google Scholar
  15. [MSHR02]
    Madden, S., Shah, M., Hellerstein, J.M., Raman, V.: Continuously adaptive continuous queries over streams. In: Proceedings of the 2002 ACM SIGMOD international conference on Management of data (SIGMOD), pp. 49–60 (2002)Google Scholar
  16. [New02]
    Newcomer, E.: Understanding Web Services. Addison Wesley, Reading (2002)Google Scholar
  17. [PFJ+01]
    Pereira, J., Fabret, F., Jacobsen, H.A., Llirbat, F., Shasha, D.: Webfilter: A high-throughput XML-based publish and subscribe system. In: Proceedings of the 27th International Conference on Very Large Data Bases (VLDB), September 2001, pp. 723–725 (2001)Google Scholar
  18. [Qui96]
    Quinlan, J.R.: Learning decision tree classifiers. ACM Computing Surveys 28(1), 71–72 (1996)CrossRefGoogle Scholar
  19. [RW01]
    Rosenthal, A., Wiederhold, G.: Document release versus data access controls: Two sides of a coin? In: Proceedings of the Tenth International Conference on Information and Knowledge Management (CIKM), November 5—10, pp. 544–546 (2001)Google Scholar
  20. [Seb02]
    Sebastiani, F.: Machine learning in automated text categorization. ACM Computing Surveys 34(1), 1–47 (2002)CrossRefGoogle Scholar
  21. [Swa94]
    Swarup, V.: Automatic generation of high assurance security guard filters. In: Proc. 17thNIST-NCSC National Computer Security Conference, pp. 123–141 (1994)Google Scholar
  22. [Wie00]
    Wiederhold, G.: Protecting information when access is granted for collaboration. In: Proc. of Data and Application Security, Development and Directions, IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security, pp. 1–14 (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Claudio Bettini
    • 1
  • X. Sean Wang
    • 2
  • Sushil Jajodia
    • 3
  1. 1.DICo, University of Milan, Italy, and Center for Secure Information SystemsGeorge Mason University
  2. 2.Department of Computer ScienceUniversity of Vermont, and Center for Secure Information Systems, George Mason UniversityVermont
  3. 3.Center for Secure Information SystemsGeorge Mason University

Personalised recommendations