Adobe portable document format (pdf) [227 KB]Graphics enhanced version of this site
A Multi-Agent System for Enforcing ``Need-To-Know'' Security Policies
Y. Seo, J.A. Giampapa, and K. Sycara
Sixth International Bi-Conference Workshop on Agent-Oriented Information Systems (AOIS-2004), July, 2004.
Jump to: Download | Abstract | Notes | Text Reference | BibTeX Reference
Adobe portable document format (pdf) [227 KB]
Copyright notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
We propose a multi-agent system architecture for the adaptive authorization of access to confidential information. The proposed multi-agent system provides ``need-to-know'' content-based authorization of requests to access confidential information. ``Need-to-know'' authorization is that which grants access to confidential information only if that information is necessary for the requester's task or project. In our system, we treat the authorization task as a text classification problem in which the classifier must learn a human supervisor's decision criteria with small amounts of labeled information, e.g. 20 to 30 ``documents'', and to be capable of generalizing to other documents with a zero, or near-zero, false alarm rate. Since ``need-to-know'' authorizations must be determined for multiple tasks, multiple users, and multiple collections of confidential information, with quick turn-around from definition to use, the authorization agent must be adaptive and capable of learning new profiles quickly and with little impact on the productivity of the human supervisor and the human end-user. To this end, we examined five different text classification methods for solving this problem, ``agentified'' the best performer, and inserted it in a secure document management system context.
Sponsor: Advanced Research and Development Activity
Grant ID: CTA, Inc. Subcontract BAA 03-02-CMU
Associated center: CIMDS
Associated lab/group: Intelligent Software Agents
Number of pages: 15
Note: http://www.aois.org/
Y. Seo, J.A. Giampapa, and K. Sycara, "A Multi-Agent System for Enforcing ``Need-To-Know'' Security Policies," Sixth International Bi-Conference Workshop on Agent-Oriented Information Systems (AOIS-2004), July, 2004.
@inproceedings{Seo_2004_4689,
author = "Young-Woo Seo and Joseph Andrew Giampapa and Katia Sycara",
title = "A Multi-Agent System for Enforcing ``Need-To-Know'' Security Policies",
booktitle = "Sixth International Bi-Conference Workshop on Agent-Oriented Information Systems (AOIS-2004)",
month = "July",
year = "2004",
note = "http://www.aois.org/"
}