Policy-Based Management and Sharing of Sensitive Information among Government Agencies

Abstract

We propose a set of policy-based technologies to enable increased information sharing among government agencies without compromising information security or individual privacy. Our approach includes: (1) finegrained access controls that support deny and filter semantics to satisfy complex policy conditions; (2) a sticky policy capability that allows consolidation of information from multiple sources subject to the original disclosure policies of each source; (3) a curation organization that enables agencies to apply and manipulate item-level security classifications and disclosure policies; (4) an auditing system that accounts for the curation history of each information item; and (5) a provenance auditing method that traces derivations of information over time to support evaluations of information quality. Our goal is to present a vision for solving outstanding information sharing problems in government agencies and provide direction for the development of future government information systems. 1