There are settings where we have to collaborate with individuals and organi
zations who, while not being enemies, should not be fully trusted. Collabor
ators must be authorized to access those information systems that contain i
nformation that they should be able to receive, However, these systems typi
cally also contain information that should be withheld. Collaborations can
be rapidly created, requiring dynamic alterations to security provisions. S
olutions based on extending access control methods to deal with collaborati
ons are either awkward and costly, or unreliable.
An alternative approach to protection of mixed source information, compleme
nting basic access control, is to provide filtering of results, Filtering o
f contents is also costly, but provides a number of benefits not obtainable
with access control alone. The most important one is that the complexity o
f setting up and maintaining specific, isolating information cells for ever
y combination of access rights assigned to external collaborators is avoide
d. New classes of collaborators can be added without requiring a reorganiza
tion of the entire information structure. There is no overhead tor internal
use, i.e., for participants that are wholly trusted, Finally, since conten
ts of the documents rather than their labels is being checked, cases of mis
filed information will not cause inappropriate release.
The approach used in the TIHI/SAW projects at Stanford uses simple rules to
drive filtering primitives. The filters run on a modest, but dedicated com
puter to be managed by the organization's security officer (SO). The rules
implement the institution's security policy and balance manual effort and c
omplexity. By not relying on the database and network administrators and sy
stem facilities, a better functional allocation of responsibilities ensues,
Result filtering can also be used to implement pure intrusion detection, si
nce it can be implemented invisibly. The intruder can be given an impressio
n of success, while becoming a target for monitoring or cover stories.