Information Release Control: A Learning-Based Architecture

Modern information system applications involve collaboration in the form of information flow through organization boundaries. Indeed, organizations have vast amounts of information that is shared with other organizations and even the general public for various purposes. In addition to the standard network-level protections, systems usually use some access control mechanisms to protect data. However, access control systems are not designed to deal with deliberate and accidental release of information, to which the user has the authority to access but is not supposed to be released. Moreover, effective access control assumes a perfect categorization of information, which is increasingly difficult in a complex information system. Information release control is viewed as complementary to access control, and aims at restricting the outgoing information flow at the boundary of information systems. This paper presents a general architectural view of a release control system, and discusses the integration in the proposed architecture of a module for learning release control constraints. Continuous learning is applied to adjust the release control constraints in order to reduce both mistakenly released and mistakenly restricted documents. The paper describes in detail the process of learning keyword-based release control constraints.

[1]  Gio Wiederhold,et al.  Protecting Information when Access is Granted for Collaboration , 2000, DBSec.

[2]  Nicholas J. Belkin,et al.  Information filtering and information retrieval: two sides of the same coin? , 1992, CACM.

[3]  J. Roy,et al.  Understanding Web services , 2001 .

[4]  J. Ross Quinlan,et al.  Learning decision tree classifiers , 1996, CSUR.

[5]  Michael E. Lesk,et al.  Automatic sense disambiguation using machine readable dictionaries: how to tell a pine cone from an ice cream cone , 1986, SIGDOC '86.

[6]  Samuel Madden,et al.  Continuously adaptive continuous queries over streams , 2002, SIGMOD '02.

[7]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[8]  Arnon Rosenthal,et al.  Document release versus data access controls: two sides of the same coin? , 2001, CIKM '01.

[9]  Eric Monteith Genoa TIE, advanced boundary controller experiment , 2001, Seventeenth Annual Computer Security Applications Conference.

[10]  David J. DeWitt,et al.  NiagaraCQ: a scalable continuous query system for Internet databases , 2000, SIGMOD 2000.

[11]  Michael J. Franklin,et al.  Efficient Filtering of XML Documents for Selective Dissemination of Information , 2000, VLDB.

[12]  Marcos K. Aguilera,et al.  Matching events in a content-based subscription system , 1999, PODC '99.

[13]  Nello Cristianini,et al.  An Introduction to Support Vector Machines and Other Kernel-based Learning Methods , 2000 .

[14]  Dennis Shasha,et al.  WebFilter: A High-throughput XML-based Publish and Subscribe System , 2001, VLDB.

[15]  Michael Gruninger,et al.  Ontology Applications and Design - Introduction. , 2002 .

[16]  Michael Gruninger,et al.  ONTOLOGY Applications and Design , 2002 .

[17]  Yanlei Diao,et al.  YFilter: efficient and scalable filtering of XML documents , 2002, Proceedings 18th International Conference on Data Engineering.

[18]  Dennis Shasha,et al.  Filtering algorithms and implementation for very fast publish/subscribe systems , 2001, SIGMOD '01.

[19]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[20]  Fabrizio Sebastiani,et al.  Machine learning in automated text categorization , 2001, CSUR.

[21]  Michael Stonebraker,et al.  Monitoring Streams - A New Class of Data Management Applications , 2002, VLDB.