A Multi-Agent System for Enforcing “Need-To-Know” Security Policies

Young-Woo Seo, Joseph Andrew Giampapa and Katia Sycara
Workshop Paper, Sixth International Bi-Conference Workshop on Agent-Oriented Information Systems (AOIS-2004), July, 2004

View Publication

Copyright notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.


We propose a multi-agent system architecture for the adaptive authorization of access to confidential information. The proposed multi-agent system provides “need-to-know” content-based authorization of requests to access confidential information. “Need-to-know” authorization is that which grants access to confidential information only if that information is necessary for the requester’s task or project. In our system, we treat the authorization task as a text classification problem in which the classifier must learn a human supervisor’s decision criteria with small amounts of labeled information, e.g. 20 to 30 “documents”, and to be capable of generalizing to other documents with a zero, or near-zero, false alarm rate. Since “need-to-know” authorizations must be determined for multiple tasks, multiple users, and multiple collections of confidential information, with quick turn-around from definition to use, the authorization agent must be adaptive and capable of learning new profiles quickly and with little impact on the productivity of the human supervisor and the human end-user. To this end, we examined five different text classification methods for solving this problem, “agentified” the best performer, and inserted it in a secure document management system context.


author = {Young-Woo Seo and Joseph Andrew Giampapa and Katia Sycara},
title = {A Multi-Agent System for Enforcing “Need-To-Know” Security Policies},
booktitle = {Sixth International Bi-Conference Workshop on Agent-Oriented Information Systems (AOIS-2004)},
year = {2004},
month = {July},
editor = {Paolo Giorgini and Michael Winikoff},
keywords = {adaptive authorization, content-based authorization, task-based authorization, need-to-know, security policy, text classification, multi-agent system},
} 2019-07-01T13:30:57-04:00