MITIGATION OF DATA LEAKAGE IN A MULTI-SITE COMPUTING INFRASTRUCTURE

US 20120317135A1
Filed: 06/13/2011
Published: 12/13/2012
Est. Priority Date: 06/13/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

for an entity owning a file in a file sharing environment in communication with memory, specifying a first tier of a mandatory access control policy to the file, the mandatory access control policy controlling a maximum sharing scope of the file and placing a restriction around a discretionary sharing decision made by the entity;

generating a profile for an entity contact, the profile including keywords representing collaboration topics between the entity and the entity contact, the keyword associated with a weight;

calculating a contact score defining relevance matching between the file and the entity contact, the contact score calculated based upon the weight of each keyword in the profile of the entity contact and keywords associated with the file;

interactively recommending a contact to the entity as a candidate for file sharing based upon an associated contact score;

periodically updating the profile of each entity contact using new collaboration information; and

dynamically adjusting the recommendation for file sharing based on the updated contact profile.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention relate to a method, system, and computer program product to dynamically mitigate data leakage in a file sharing environment. Mandatory access control policies are provided to address and maintain restrictions on file sharing both with respect to security rules of an organization and restrictions pertaining to discretionary sharing decisions. In addition, suggestions for potential recipients for file sharing are supported, as well as examination of abnormal recipients in response to the discretionary sharing decisions.

Citations

20 Claims

1. A method comprising:
- for an entity owning a file in a file sharing environment in communication with memory, specifying a first tier of a mandatory access control policy to the file, the mandatory access control policy controlling a maximum sharing scope of the file and placing a restriction around a discretionary sharing decision made by the entity;
  
  generating a profile for an entity contact, the profile including keywords representing collaboration topics between the entity and the entity contact, the keyword associated with a weight;
  
  calculating a contact score defining relevance matching between the file and the entity contact, the contact score calculated based upon the weight of each keyword in the profile of the entity contact and keywords associated with the file;
  
  interactively recommending a contact to the entity as a candidate for file sharing based upon an associated contact score;
  
  periodically updating the profile of each entity contact using new collaboration information; and
  
  dynamically adjusting the recommendation for file sharing based on the updated contact profile.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the first tier of the mandatory access control policy may be defined by an affiliated organization of the entity.
  - 3. The method of claim 1, further comprising a second tier of an access control policy to the file, the second tier including a first category applicable to each file shared by each entity, a second category applicable to sharing with respect to a specific file, and a third category applicable to re-sharing of the specific file.
  - 4. The method of claim 1, wherein interactively recommending a contact of the entity as a recipient for file sharing includes computing a relevance matching between the profile of a candidate contact and the keyword specified for the file.
  - 5. The method of claim 1, wherein interactively recommending a contact of the entity as a recipient for file sharing includes computing a connection strength between a candidate contact and each recipient that has already been chosen by the owner to share the file.
  - 6. The method of claim 1, wherein the step of periodically updating a profile of each entity contact includes dynamically tracking user history, including updating user history based on file sharing decisions.
  - 7. The method of claim 1, further comprising detecting a user decision error, based on an error selected from the group consisting of:
    - a security policy violation, and relevance between a contact profile and the keyword for the file to be shared.
  - 8. The method of claim 1, further comprising generating a monitoring report to prevent future sharing errors.

9. A computer program product delivered as a service through a network connection, the computer program product comprising a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising:
- computer readable program code configured to specify a first tier of a mandatory access control policy to a file in a file sharing environment, the mandatory access control policies to control a maximum sharing scope of the file and to place a security boundary around a discretionary sharing decision made by a user of a shared pool of resources;
  
  computer readable program code configured to generate a profile for an entity contact, the profile including a keyword representing a collaboration topic between the entity and the entity contact, the keyword associated with a weight;
  
  computer readable program code configured to calculate a contact score defining relevance matching between the file and the entity contact, the contact score calculated based upon the weight of the keyword in the profile of the entity contact and keywords associated with the file;
  
  computer readable program code configured to recommend a contact to the entity as a candidates to share the file, wherein the recommendation is based upon the contact score;
  
  computer readable program code configured to periodically update the profile of each contact associated with the entity using new collaboration information; and
  
  computer readable program code configured to dynamically adjust the recommendation for file sharing based on the updated contact profile.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The computer program product of claim 9, further comprising computer readable program code including a second tier of access control policies to the data, the second tier including:
    - a first category applicable to all the files shared by each entity, a second category applicable to sharing with respect to a specific file, and a third category applicable to re-sharing of the specific file.
  - 11. The computer program product of claim 9, wherein the program code to periodically update the contact profile includes instructions to dynamically track user history and employ the history to interactively recommend a recipient for file sharing.
  - 12. The computer program product of claim 9, further comprising computer readable program code to detect a decision error, including issuance of a warning for an abnormal recipient selection.
  - 13. The computer program product of claim 9, further comprising computer readable program code to generate a monitoring report to prevent a future sharing error.

14. A system comprising:
- a storage component that includes information describing a mandatory access control policy to data;
  
  a functional unit in communication with a processor that is in communication with the storage component, the functional unit comprising;
  
  an access manager that is in communication with a file sharing environment, the access manager to specify a first tier having a mandatory access control policy to a file in the file sharing environment, the mandatory access control policy to control maximum sharing scopes of the file and to place a security boundary around a sharing decision made by a user of a resource of the file sharing environment.a profile manager in communication with the access manager, the profile manager to create an attribute profile for an entity contact, the profile including a keyword representing collaboration topics between the entity and the contact, the keyword associated with a weight;
  
  a history manager in communication with the profile manager, the history manager to mine a past collaboration activity;
  
  a recommendation manager to calculate a contact score defining relevance matching between the file and the entity contact, the contact score calculated based upon the weight of the keyword in the profile of the contact and keywords associated with the file, and to recommend a contact to the entity as a candidate to share the file, wherein a recommendation is based upon the contact score of the entity contact;
  
  an update manager that is in communication with the history manager, the update manager to periodically update the profile of each contact, including using new collaboration information; and
  
  an adjustment manager in communication with the update manager, the adjustment manager to dynamically adjust the recommendation for file sharing based on the updated contact profile.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The system of claim 14, further comprising the access manager to specify a second tier of an access control policy to the data, the second tier including:
    - the users, a second category within the second tier that is applicable to sharing with respect to a specific file, and a third category within the second tier that is applicable to re-sharing of a specific file.
  - 16. The system of claim 14, further comprising the update manager to dynamically track user history and to employ the history to interactively recommend a recipient for file sharing.
  - 17. The system of claim 14, further comprising the adjustment manager to detect a user decision error, including issuance of a warning for an abnormal recipient selection.
  - 18. The system of claim 14, further comprising the update manager to generate a monitor report to prevent a future sharing error.

19. A method to support collaboration in an entity owning file sharing environment, the method comprising:
- specifying a first tier of a mandatory access control policy to a file owned by an entity, the mandatory access control policy controlling a maximum sharing scope of the file and placing a restriction around a discretionary sharing decision;
  
  creating an attribute profile for an entity contact, including mining a past collaboration activity, the profile including a keyword representing a collaboration topic between the entity and the entity contact, the keyword associated with a weight;
  
  calculating a contact score defining relevance matching between the file and the entity contact, the contact score calculated based upon the weight of the keyword in the profile of the entity contact and the keyword associated with the file;
  
  interactively recommending a contact to the entity as a candidate for file sharing based upon an associated contact score;
  
  updating a contact profile of the entity using new collaboration information on a periodic basis; and
  
  dynamically adjusting the recommendation for file sharing based on the updated contact profile.
- View Dependent Claims (20)
- - 20. The method of claim 19, further comprising dynamically tracking a past collaborative activity in a shared pool of resources, and based upon the past activity recommending a recipient for a current collaborative activity in the shared pool.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Jin, Hongxia, Wang, Qihua

Granted Patent

US 9,928,375 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/769
CPC Class Codes

G06F 16/176 Support for shared access t...

G06F 21/6218 to a system of files or obj...

MITIGATION OF DATA LEAKAGE IN A MULTI-SITE COMPUTING INFRASTRUCTURE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MITIGATION OF DATA LEAKAGE IN A MULTI-SITE COMPUTING INFRASTRUCTURE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links