Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing the Assured Information Sharing Lifecycle Tim Finin UMBC 22 June 2009 use acquire discover.

Published byPrudence Wiggins Modified over 8 years ago

Similar presentations

Presentation on theme: "Managing the Assured Information Sharing Lifecycle Tim Finin UMBC 22 June 2009 use acquire discover."— Presentation transcript:

1 Managing the Assured Information Sharing Lifecycle Tim Finin UMBC 22 June 2009 http://aisl.umbc.edu/show/resource/id/504/ use acquire discover

2 06/22/09 2008 MURI project University of Maryland, Baltimore County (Lead Inst.) T. Finin (Lead), A. Joshi, H. Kargupta, A. Sherman, Y. Yesha Purdue University E. Bertino (Lead), N. Li, C. Clifton, E. Spafford University of Texas at Dallas B. Thuraisingham (Lead), M. Kantarcioglu, L. Khan, A. Bensoussan, N. Berg University of Illinois at Urbana Champaign J. Han (Lead), C. Zhai University of Texas at San Antonio R. Sandhu (Lead), J. Massaro, S. Xu University of Michigan L. Adamic (Lead) Summer 2008 start

3 06/22/09 Motivation for AIS 9/11 and related events illustrated problems in managing sensitive information Managing Web information & services with appropriate security, privacy and simplicity is increasingly important and challenging Autonomous devices (mobile phones, rout- ers & medical equipment) need to share, too Moving to EMRs is a national goal, but raises many privacy issues Business needs better models for DRM

4 06/22/09 Many underlying problems prevent/hinder sharing Sharing takes effort and maybe has risks. Why should I bother? How can I constrain how shared information is used? How do I know what information is available? Do I understand what the information means? Is the information accurate and timely? How can I safely let others know what can share? What privacy will I have in sharing information? We’re under attack and I need this information to prevent a disaster!

5 06/22/09 Misunderstanding Policy Here’s a conclusion from a study prepared in 2004 for the 9/11 Commission “The information sharing failures in the summer of 2001 were not the result of legal barriers but of the failure of individuals to understand that the barriers did not apply to the facts at hand. Simply put, there was no legal reason why the informa-tion could not have been shared.” Legal Barriers to Information Sharing: The Erection of a Wall Between Intelligence and Law Enforcement InvestigationsLegal Barriers to Information Sharing: The Erection of a Wall Between Intelligence and Law Enforcement Investigations, Commission on Terrorist Attacks Upon the US, Staff Mono-graph, Barbara Grewe, Senior Counsel for Special Projects, 20 Aug. 2004.

6 06/22/09

7

8 Our research themes An information value chain of producers & con- sumers yields an assured information sharing lifecycle PoliciesPolicies for trust, access and use grounded in sharable semantic models operating in a service oriented architecture accelerate sharing integration and discoveryNew integration and discovery techniques are required to assure information quality and privacy social networksModeling, analyzing and exploiting social networks and incentives for sharing

9 06/22/09 Information value chain advertizediscoveracquireuserelease

10 06/22/09 Information value chain advertizediscoveracquireuserelease Potentially, everyone is both an information consumer and producer

11 06/22/09 Information value chain advertizediscoveracquireuserelease A system discovers information it can use from the advertisements of others The advertizing/discovery process must be controlled to prevent inappropriate disclosure

12 06/22/09 Information value chain advertizediscoveracquireuserelease The principles negotiate a policy for the information’s acquisition and use Negotiation involves exchange of credentials & certificates, producing permis- sions & obligations

13 06/22/09 Information value chain advertizediscoveracquireuserelease The information is used, often resulting in the discovery of new knowledge We must assure correct semantics and information quality

14 06/22/09 Information value chain advertizediscoveracquireuserelease which is screened, adapted and summarized for possible release Enforce obligations on usage and re-sharing, privacy-preserving summaries, incentives for sharing

15 06/22/09 Information value chain advertizediscoveracquireuserelease and appropriately characterized in advertisements for others to find Incentives encourage offering to share information

16 06/22/09 Our AISL research areas We’ve organized our research into four major areas New policy models, languages and tools Datamining, data quality and privacy preserving systems Social networks and incentives AIS service/agent oriented infrastructure And will evaluate our work in several integrated applications in the out years

17 06/22/09 ① New models, architectures, languages & mechanisms for trustworthiness-centric AIS (UTSA, Purdue) ② EXAM: environment for XACML policy analysis and management (Purdue) ③ Techniques for resolving conflicting facts extracted from different resources (UIUC, Purdue) ④ Information sharing motivation and incentives (UTD, Michigan) ⑤ Inferring access policies from logs (UMBC) ⑥ Privacy policies in mobile/social information systems (UMBC) ⑦ AIS infrastructure (ALL)

18 06/22/09 Trustworthiness-centric AIS Framework Objective: create a trustworthiness-centric assured information sharing framework Approach: design models, architectures, lang- uages and mechanisms to realize it Key challenges, management for: -Trustworthiness and risk for end-user decision making -Usage, extending simple access control -Attacks, including trustworthiness of infrastructure services -Identity extending current generation -Provenance for managing trustworthiness of data, software, and requests 1 1

19 Group-Centric Secure Info Sharing Dissemination-Centric Traditional model Attributes & policies attached to objects (“sticky policies”) Policies enforced as objects disseminated from producer to consumer Group Centric New model Objects & subjects brought together as a group for sharing Simultaneous co- presence for access Two metaphors: se- cure meeting room; subscription service 1 1

20 06/22/09 Progress on g-SIS Developed a formal model for a g-SIS system using linear temporal logic (LTL) –e.g., events for subjects (join, leave) and objects (add, remove), requests (read), Authz(s,o,r), … Specify core properties g-SIS must satisfy –e.g, Simultaneity, Provenance, Persistence, Availability, … Specify additional group operator properties Prove specifications satisfy correct author- ization behavior using model checker See SACMAT 2009 paperSACMAT 2009 1 1

21 06/22/09 EXAM The management and consolidation of a large number of policies can be an impediment to AIS EXAM is a prototype system for policy analysis and management, which can be used for –policy property analyses –policy similarity analysis –policy integration Focus on access control policies in XACML (Extensible Access Control Markup Language) Analyzer combines advantages of existing MTBDD-based and SAT-solver-based techniques 2 2 MTBDD = Multi-Terminal Binary Decision Diagram

22 06/22/09 Policy Similarity Analysis PSA Query : Find all requests permitted by both policies. Disjoint predicates : time cannot have two different values in any request. Both policies permit download action when membership type is monthly and time < 19:00 Both policies permit download action to monthly subscribers between 21:00 and 22:00 only if the content type is not video. No access is permitted by both policies for video files between 20:00 and 21:00. 2 2

23 06/22/09 EXAM - PSA Example Both policies permit download of video files to monthly memberships if time is less than 19:00 or time is between 22:00 and 23:45. This example considers the case where membership can be both weekly and monthly. Demonstrated at SACMAT 2009 2 2

24 Truth Discovery with Multiple Conflicting Information Providers Heuristic Rule 2: A web site providing mostly true facts for many objects will likely pro- vide true facts for others Problem: Multiple information providers provide conflicting facts for same object e.g.: given different author names for a book, which is the true author? w1w1 f1f1 f2f2 f3f3 w2w2 w3w3 w4w4 f4f4 f5f5 Web sitesFacts o1o1 o2o2 Objects 3 3 Heuristic Rule 1: The false facts on different web sites are less likely to be the same or similar. False facts are often introduced by random factors

25 06/22/09 Truth-Discovery: Framework Extension Multi-version of truth – Democrats vs. republicans may have different views Truth may change with time – A player may win first but then lose Truth is a relative, dynamically changing judgment – Incremental updates with recent data in data streams Method: Veracity-Stream – Dynamic information network mining for veracity analysis in multiple data streams Current Testing Data Sets – Google News: A dynamic news feed that provides functions and facilitates searching and browsing 4,500 news sources updated continuously 3 3

26 06/22/09 Motivation & quality in information sharing Analyzed online Q&A forums: 2.6M questions, 4.6M answers and interviews with 26 top answerers Motivations to contribute include: altruism, learning, competition (via point system) and as a hobby Users who contribute more often and less intermittently contribute higher quality information Users prefer to answer unanswered questions and to respond to incorrect answers Useful knowledge for designing better incentive systems to encourage information sharing Knowledge iN 4 4

27 AIS with coalitional partners: incentives & trust Approach: evolutionary game theoretic framework to see effects of trust and incentives in truthful information sharing Results: truth telling emerges as dominant strategy with enough agents that punish untruthful behavior See: Layfield et al., CollaborateComm ’08Layfield et al. Combining intelligence through a loose alliance –Bridge gaps due to sovereign boundaries –Maximize yield of resources –Discover new information via correlation, analysis of the ‘big picture’ –Information exchanged privately between two participants Drawbacks to sharing: Misinformation and Freeloading Goal: Create means of encouraging desirable behavior within an environment which lacks or cannot support a central governing agent Motivation 4 4

28 06/22/09 Social Network Security and Privacy Semantic web access control systems for social networks – Social network is modeled using OWL ontologies. – Access control policies represented in SWRL rules – See SACMAT 09 paper for detailsSACMAT 09. Preventing privacy disclosures on online social networks – Use data mining to choose best attributes and links to delete to prevent private information disclosures. – See WWW ’09 paper for detailsWWW ’09 Social Networks are important for AIS –Social links affect how the information is shared Social network security and privacy becomes important Goals for online social media systems: –Create flexible and efficient access control systems –Explore privacy disclosure issues Motivation Approach 4 4

29 06/22/09 Inferring RBAC Policies Problem: A system whose access policy is known is more vulnerable to attacks and insider threat Attackers may infer likely policies from access observations, partial knowledge of subject attributes, and background knowledge Objective: Strengthen policies against discovery Approach: Explore techniques to propose policy theories via machine learning, including ILP and SVMs Results: promising initial results for simple Role Based Access Control policies 5 5

30 06/22/09 Privacy policies for mobile computing Problem: mobile devices collect and integrate sensitive private data about their users which they would like to selectively share with others Objective: Develop a policy-based system for information sharing with an interface enabling end users to write & adapt privacy policies Approach: prototype component for iConnect on an iPhone and evaluate in a University environment Example policy rules: share my exact location with my family; share current activity with my close friends, … Policies compiled to RDF N3 rules # Share location with teachers 9-6 weekdays if on campus { REQ a rein:Request REQ rein:resource LOCATION. ?T a TeachersGroupStuff. ?R a UserStuff; log:include { LOCATION a tu:Location; USERID a tu:Userid }. REQ rein:requester WHO. ?T a TeachersGroupStuff; log:includes { [] t:member [ session:login USERID ] }. LOCATION loc:equalTo :UMBC. WHO :requestTime ?time. "" time:localtime ?localTime. ?localTime time:dayOfWeek ?day. ?day math:notlessthan "1". ?day math:notgreaterthan "5". ?localTime time:hour ?dtime. ?dtime math:notlessthan "9". ?dtime math:notgreaterthan "18". } => { WHO loc:can-get LOCATION }. 6 6 AIR reasoner We use MIT’s AIR reasoner for N3 rules This produces conclusions as well as justifications for each The justifications are used to explain the policy results

31 06/22/09 AIS Service Oriented Architecture An event-based model allows components to share context Shared semantic models for descriptions, communication and policies Initial prototype uses Apache Axis2 SOA Framework Host policy tools as services TODO: add enhanced agent- based protocols for advertising, negotiation and argumentation semantic events service calls & interactions discoveryreleaseuse 7 7

32 06/22/09 Papers, dissertations and theses Over 50 refereed papers published/accepted Three PhDs completed –Deng Cai, Ph.D., Illinois, Spectral regression: a regression framework for efficient regularized subspace learning, May 2009 –Kamalika Das, Ph.D., UMBC, Game-theoretic approach toward privacy preserving distributed data mining, August 2009 –Xiaolin Shi, Ph.D., Michigan, The Structure and Dynamics of Information Sharing Networks, June 2009 Two MS degrees completed –Kishor Datar, M.S., UMBC, Reverse Engineering of RBAC Policy using Access Logs, June 2009 –Audumbar Chormale, M.S., UMBC, Policies based framework to constrain information flow in social networks, July 2009 Available at http://aisl.umbc.edu/

33 06/22/09 Some Other Highlights Lada Adamic (Mich) co-authored paper in Science: Computational Social Science (2009) Jiawei Han (Illinois) elected IEEE Fellow (2008) Ravi Sandhu (UTSA) elected AAAS Fellow (2008); received ACM SIG on Security, Audit & Control Outstanding Contributions Award (2008) Tim Finin (UMBC) IEEE Technical Achievement Award (2009) Bhavani Thuraisingham (UTD) chaired 2009 IEEE Intelligence and Security Informatics Conf. ChengXiang Zhai (UIUC) co-chaired ACM SIGIR 2009 Hillol Kargupta co-chairs 2009 IEEE Data Mining Conf. Tim Finin (UMBC) chaired 2008 Int. Semantic Web Conf.

34 06/22/09 Conclusions Assured information sharing in open, heter- ogeneous, distributed environments is increasingly important New policy frameworks and languages can help Semantic Web technologies share common policy concepts, policies & domain models Data quality and privacy-preserving tech- niques must be addressed Social aspects are important: networks, incentives

35 06/22/09 http://aisl.umbc.edu/

36 06/22/09 Backup

Download ppt "Managing the Assured Information Sharing Lifecycle Tim Finin UMBC 22 June 2009 use acquire discover."

Similar presentations

Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),

Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),
ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.

QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.
Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.

Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.
Managing the Assured Information Sharing Lifecycle Tim Finin, UMBC 08 June 2009 use acquire discover.

Managing the Assured Information Sharing Lifecycle Tim Finin, UMBC 08 June use acquire discover.
DELOS Highlights COSTANTINO THANOS ITALIAN NATIONAL RESEARCH COUNCIL.

DELOS Highlights COSTANTINO THANOS ITALIAN NATIONAL RESEARCH COUNCIL.
Operating System Security

Operating System Security
The 20th International Conference on Software Engineering and Knowledge Engineering (SEKE2008) Department of Electrical and Computer Engineering

The 20th International Conference on Software Engineering and Knowledge Engineering (SEKE2008) Department of Electrical and Computer Engineering
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Presented by: Thabet Kacem Spring 2010. Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.

SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.
OASIS Reference Model for Service Oriented Architecture 1.0

OASIS Reference Model for Service Oriented Architecture 1.0
MS DB Proposal Scott Canaan B. Thomas Golisano College of Computing & Information Sciences.

MS DB Proposal Scott Canaan B. Thomas Golisano College of Computing & Information Sciences.
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
LÊ QU Ố C HUY ID: QLU13069 1. OUTLINE  What is data mining ?  Major issues in data mining 2.

LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
An Intelligent Broker Architecture for Context-Aware Systems A PhD. Dissertation Proposal in Computer Science at the University of Maryland Baltimore County.

An Intelligent Broker Architecture for Context-Aware Systems A PhD. Dissertation Proposal in Computer Science at the University of Maryland Baltimore County.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
Margaret J. Cox King’s College London

Margaret J. Cox King’s College London

Similar presentations

Ads by Google