A Multi-Agent System for Enforcing ``Need-To-Know'' Security Policies

Young-Woo Seo, Joseph Andrew Giampapa, and Katia Sycara
Sixth International Bi-Conference Workshop on Agent-Oriented Information Systems (AOIS-2004), July, 2004.


Download
  • Adobe portable document format (pdf) (228KB)
Copyright notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.

Abstract
We propose a multi-agent system architecture for the adaptive authorization of access to confidential information. The proposed multi-agent system provides ``need-to-know'' content-based authorization of requests to access confidential information. ``Need-to-know'' authorization is that which grants access to confidential information only if that information is necessary for the requester's task or project. In our system, we treat the authorization task as a text classification problem in which the classifier must learn a human supervisor's decision criteria with small amounts of labeled information, e.g. 20 to 30 ``documents'', and to be capable of generalizing to other documents with a zero, or near-zero, false alarm rate. Since ``need-to-know'' authorizations must be determined for multiple tasks, multiple users, and multiple collections of confidential information, with quick turn-around from definition to use, the authorization agent must be adaptive and capable of learning new profiles quickly and with little impact on the productivity of the human supervisor and the human end-user. To this end, we examined five different text classification methods for solving this problem, ``agentified'' the best performer, and inserted it in a secure document management system context.

Keywords
adaptive authorization, content-based authorization, task-based authorization, need-to-know, security policy, text classification, multi-agent system

Notes
Sponsor: Advanced Research and Development Activity
Associated Center(s) / Consortia: Center for Integrated Manfacturing Decision Systems
Associated Lab(s) / Group(s): Advanced Agent - Robotics Technology Lab
Number of pages: 15
Note: http://www.aois.org/

Text Reference
Young-Woo Seo, Joseph Andrew Giampapa, and Katia Sycara, "A Multi-Agent System for Enforcing ``Need-To-Know'' Security Policies," Sixth International Bi-Conference Workshop on Agent-Oriented Information Systems (AOIS-2004), July, 2004.

BibTeX Reference
@inproceedings{Seo_2004_4689,
   author = "Young-Woo Seo and Joseph Andrew Giampapa and Katia Sycara",
   editor = "Paolo Giorgini and Michael Winikoff",
   title = "A Multi-Agent System for Enforcing ``Need-To-Know'' Security Policies",
   booktitle = "Sixth International Bi-Conference Workshop on Agent-Oriented Information Systems (AOIS-2004)",
   month = "July",
   year = "2004",
   Notes = "http://www.aois.org/"
}