论文信息 - A Framework for Maximizing Utility of Sanitized Documents Based on Meta-labeling

A Framework for Maximizing Utility of Sanitized Documents Based on Meta-labeling

Document sanitization, i.e., the process of removing or generalizing sensitive information in order to reduce the security classification of the document, is widely used today in applications of information sharing. Traditional document sanitization systems focus on removal or generalization of certain words and phrases, but do not take into account the utility of the sanitized documents. This leads to a gap between the sanitized documents and the users' requirements. Proposed in this paper is a formal framework and conceptual algorithms for optimal document sanitization based on meta-labeling. Each document is associated with a meta-label, which serves to determine both the security label and the utility of the document. In the sanitization process, the system first computes a new meta-label for the sanitized version and then sanitizes the document through mediators guided by the new meta-label. Algorithms are provided to compute a new meta-label that is proven to satisfy the security requirements and provide maximal utility with respect to users' requirements, which are also represented by a meta-label.

[1] LiWu Chang Ira S. Moskowitz. A Decision Theoretical Based System for Information Downgrading , 2000 .

[2] Connolly,et al. Database Systems , 2004 .

[3] James A. Landay,et al. Privacy risk models for designing privacy-sensitive ubiquitous computing systems , 2004, DIS '04.

[4] Elisa Bertino,et al. An Extended Authorization Model for Relational Databases , 1997, IEEE Trans. Knowl. Data Eng..

[5] Claudia Keser,et al. Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[6] David M. Eyers,et al. Using trust and risk in role-based access control policies , 2004, SACMAT '04.

[7] David Ingram,et al. Risk Models for Trust-Based Access Control(TBAC) , 2005, iTrust.

[8] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[9] David A. Bell,et al. Secure computer systems: mathematical foundations and model , 1973 .

[10] P. Rohatgi,et al. Fuzzy MLS : An Experiment on Quantified Risk – Adaptive Access Control , 2007 .

[11] M. Blasgen. Database Systems , 1982, Science.

[12] Etienne J. Khayat,et al. Risk Based Security Analysis of Permissions in RBAC , 2004, WOSIS.

[13] Sushil Jajodia,et al. Toward information sharing: benefit and risk access control (BARAC) , 2006, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06).