Collaboration requirements: A point of failure in protecting information

There are settings where we have to collaborate with individuals and organi zations who, while not being enemies, should not be fully trusted. Collabor ators must be authorized to access those information systems that contain i nformation that they should be able to receive, However, these systems typi cally also contain information that should be withheld. Collaborations can be rapidly created, requiring dynamic alterations to security provisions. S olutions based on extending access control methods to deal with collaborati ons are either awkward and costly, or unreliable. An alternative approach to protection of mixed source information, compleme nting basic access control, is to provide filtering of results, Filtering o f contents is also costly, but provides a number of benefits not obtainable with access control alone. The most important one is that the complexity o f setting up and maintaining specific, isolating information cells for ever y combination of access rights assigned to external collaborators is avoide d. New classes of collaborators can be added without requiring a reorganiza tion of the entire information structure. There is no overhead tor internal use, i.e., for participants that are wholly trusted, Finally, since conten ts of the documents rather than their labels is being checked, cases of mis filed information will not cause inappropriate release. The approach used in the TIHI/SAW projects at Stanford uses simple rules to drive filtering primitives. The filters run on a modest, but dedicated com puter to be managed by the organization's security officer (SO). The rules implement the institution's security policy and balance manual effort and c omplexity. By not relying on the database and network administrators and sy stem facilities, a better functional allocation of responsibilities ensues, Result filtering can also be used to implement pure intrusion detection, si nce it can be implemented invisibly. The intruder can be given an impressio n of success, while becoming a target for monitoring or cover stories.