Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control Policy Extraction from Unconstrained Natural Language Text John Slankas and Laurie Williams 5th ASE/IEEE International Conference on Information.

Published byMegan Atkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Access Control Policy Extraction from Unconstrained Natural Language Text John Slankas and Laurie Williams 5th ASE/IEEE International Conference on Information."— Presentation transcript:

1 Access Control Policy Extraction from Unconstrained Natural Language Text John Slankas and Laurie Williams 5th ASE/IEEE International Conference on Information Privacy, Security, Risk and Trust September 9 th, 2013

2 Motivation Research PriorSolution Method Evaluation Future Relevant Documentation for Healthcare Systems 2 HIPAA HITECH ACT Meaningful Use Stage 1 Criteria Meaningful Use Stage 2 Criteria Certified EHR (45 CFR Part 170) ASTM HL7 NIST FIPS PUB 140-2 HIPAA Omnibus NIST Testing Guidelines DEA Electronic Prescriptions for Controlled Substances (EPCS) Industry Guidelines: CCHIT, EHRA, HL7 State-specific requirements North Carolina General Statute § 130A-480 – Emergency Departments Organizational policies and procedures Project requirements, use cases, design, test scripts, … Payment Card Industry: Data Security Standard

3 Help developers improve security by extracting the access control policies implicitly and explicitly defined in natural language project artifacts. 3 Motivation Research Solution Method Evaluation Future Research Goal Research Questions

4 1.How effectively can we identify access control policies in natural language text in terms of precision and recall? 2.What common patterns exist in sentences expressing access control policies? 3.What is an appropriate set of seeded graphs to effectively bootstrap the process to extract the access control elements? 4 Motivation Research Solution Method Evaluation Future Research Goal Research Questions

5 1.Controlled natural languages 2.Heuristics and established patterns 3.Information Extraction a.Templates b.Relations c.Semantic role labelling 5 Motivation ResearchPriorSolution Method Evaluation Future Prior Work

6 Natural language documents contain explicit and implicit access control statements: A nurse can order a lab procedure for a patient. The doctor may add or remove patients from the monitoring list. Only doctors can write prescriptions. 6 Motivation Research Solution Method Evaluation Future Approach Representation Process Access Control Relation Extraction (ACRE)

7 7 Motivation Research PriorSolution Method Evaluation Future Approach Representation Process Access Control Relation Extraction (ACRE)

8 8 Motivation Research PriorSolution Method Evaluation Future Approach Representation Process ACRE: Sentence Representation “The nurse can order a lab procedure for a patient.”

9 9 Motivation Research PriorSolution Method Evaluation Future Approach Representation Process ACRE: Policy Representation

10 Read input from a text file to identify major “types” of lines Titles Lists Sentences / Sentence Fragments document → line line → listID title line | title line | sentence line | λ sentence → normalSentence | listStart (“:” | “-”) listElement listElement→ listID sentence listElement | λ listID → listParanID | listDotID | number listParanID→ “(” id “)” listParanID | id “)” listParanID | λ listDotID → id “.” listDotID | λ id → letter | romanNumeral | number 10 Motivation Research Solution Method Evaluation Future Approach Representation Process ACRE: Step 1 - Parse Text Document

11 11 Motivation Research Solution Method Evaluation Future Approach Representation Process ACRE: Step 2 - Parse Natural Language “ A nurse can order a lab procedure for a patient.” Parse text utilizing Stanford Natural Language Parser Apply transformations to minimize graph.

12 12 Motivation Research Solution Method Evaluation Future Approach Representation Process ACRE: Step 2 - Parse Natural Language “ A nurse can order a lab procedure for a patient.” Parse text utilizing Stanford Natural Language Parser Apply transformations to minimize graph.

13 Does the current sentence contain access control elements? Utilizes a k-NN Classifier as the primary classifier Ability to find closely matched sentences Performs well on similar document types If the k-NN Classifier doesn’t find a close match(es), then a majority vote is taken in conjunction with naïve Bayes, and SVM classifiers 13 Motivation Research Solution Method Evaluation Future Approach Representation Process Bootstrap ACRE: Step 3 - Classify

14 14 Motivation Research Solution Method Evaluation Future Approach Representation Process ACRE: Step 4 - Extraction

15 15 Motivation Research Solution Method Evaluation Future Approach Representation Process ACRE: Step 4 – Extraction / Seed Patterns 1)Determine verb frequency 2)Generate “base” wildcard patterns 3)Determine initial subject and resource lists Iterate 4)From subject and resources, determine graph patterns existing between combinations 5)Apply transformations and wildcards to generate new patterns 6)Examine document for matching patterns Extract access control policies Extract newly found subject and resources

16 Electronic Health Record (EHR) Domain Specifically – iTrust http://agile.csc.ncsu.edu/iTrust Why Healthcare? # of open and closed-source systems Government regulations Industry Standards 16 Motivation Research Solution Method Evaluation Future Context Study OracleProcedure

17 17 Motivation Research Solution Method Evaluation Future Context Study OracleProcedure

18 Evaluate ability to identify access control statements What machine learning algorithms perform best? What features affect performance? Examine identified patterns for commonality Examine different seed words and patterns 18 Motivation Research Solution Method Evaluation Future Context Study OracleProcedure

19 19 Motivation Research Solution Method Evaluation Future RQ1: How effectively can we identify access control policies in natural language text in terms of precision and recall? Stratified Ten-Fold Cross Validation ClassifierPrecisionRecall Naïve Bayes.743.940.830 SMO.845.830.837 TF-IDF.588.995.739 k-NN (k=1).851.830.840 Combined SL.873.908.890

20 20 Motivation Research Solution Method Evaluation Future RQ2: What common patterns exist in sentences expressing access control policies? From the iTrust Requirements –

21 21 Motivation Research Solution Method Evaluation Future RQ3: What is an appropriate set of seeded graphs to effectively bootstrap the process to extract the access control elements? Looking at just a basic pattern: Utilizing 10 action verbs as the initial seed to find subjects and resources, we found the existing access control with a precision of.46 and a recall of.536 create, retrieve, update, delete, edit, view, modify, enter, choose, select

22 22 Research PriorSolution Method Evaluation Limitations Future Limitations and Threats to Validity Limitations Text-based process Conditional access Reification Resolution Threats to Validity: Only examined one system in one domain One individual performed the labeling (validated labels through random samples and inter-rater agreement)

23 23 Motivation Research Prior Solution Method Evaluation Future So, What’s Next? Data Modeling Resolution Reification Additional documents, systems, and domains Use process to inform analysts of ambiguity

Download ppt "Access Control Policy Extraction from Unconstrained Natural Language Text John Slankas and Laurie Williams 5th ASE/IEEE International Conference on Information."

Similar presentations

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner www.ociusmedinfo.com.

Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner
Automated Extraction of Non-functional Requirements in Available Documentation John Slankas and Laurie Williams 1st Workshop on Natural Language Analysis.

Automated Extraction of Non-functional Requirements in Available Documentation John Slankas and Laurie Williams 1st Workshop on Natural Language Analysis.
Hidden in Plain Sight: Automatically Identifying Security Requirements from Natural Language Artifacts Maria Riaz, Jason King, John Slankas, Laurie Williams.

Hidden in Plain Sight: Automatically Identifying Security Requirements from Natural Language Artifacts Maria Riaz, Jason King, John Slankas, Laurie Williams.
S&I Framework Testing HL7 V2 Lab Results Interface and RI Pilot Robert Snelick National Institute of Standards and Technology June 23 rd, 2011 Contact:

S&I Framework Testing HL7 V2 Lab Results Interface and RI Pilot Robert Snelick National Institute of Standards and Technology June 23 rd, 2011 Contact:
NYU ANLP-00 1 Automatic Discovery of Scenario-Level Patterns for Information Extraction Roman Yangarber Ralph Grishman Pasi Tapanainen Silja Huttunen.

NYU ANLP-00 1 Automatic Discovery of Scenario-Level Patterns for Information Extraction Roman Yangarber Ralph Grishman Pasi Tapanainen Silja Huttunen.
Dialogue – Driven Intranet Search Suma Adindla School of Computer Science & Electronic Engineering 8th LANGUAGE & COMPUTATION DAY 2009.

Dialogue – Driven Intranet Search Suma Adindla School of Computer Science & Electronic Engineering 8th LANGUAGE & COMPUTATION DAY 2009.
Sentence Classifier for Helpdesk Emails Anthony 6 June 2006 Supervisors: Dr. Yuval Marom Dr. David Albrecht.

Sentence Classifier for Helpdesk s Anthony 6 June 2006 Supervisors: Dr. Yuval Marom Dr. David Albrecht.
Overview of Search Engines

Overview of Search Engines
Clinical Operations Workgroup.  Core Measure  Generate and transmit permissible prescriptions electronically (eRx)  Meaningful Use Stage 1:  Core:

Clinical Operations Workgroup.  Core Measure  Generate and transmit permissible prescriptions electronically (eRx)  Meaningful Use Stage 1:  Core:
Adoption of Health Information Technology among U.S. Ambulatory and Long-term Care Providers by Esther Hing, M.P.H., and Anita Bercovitz, Ph.D National.

Adoption of Health Information Technology among U.S. Ambulatory and Long-term Care Providers by Esther Hing, M.P.H., and Anita Bercovitz, Ph.D National.
Growing Success-Making Connections

Growing Success-Making Connections
The Final Standards Rule John D. Halamka MD. Categories of Standards Content Vocabulary Privacy/Security.

The Final Standards Rule John D. Halamka MD. Categories of Standards Content Vocabulary Privacy/Security.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Lecture 14 Policy, Legal, and Regulatory Issues in HIS (Chapters 18,19,20)

Lecture 14 Policy, Legal, and Regulatory Issues in HIS (Chapters 18,19,20)
Automatically Identifying Localizable Queries Center for E-Business Technology Seoul National University Seoul, Korea Nam, Kwang-hyun Intelligent Database.

Automatically Identifying Localizable Queries Center for E-Business Technology Seoul National University Seoul, Korea Nam, Kwang-hyun Intelligent Database.
Study of Automated Extraction of Security Policy from Natural-Language Software Documents * Nov. 21, 2013, Kaidi Ma, Man Sun Computer Information Science.

Study of Automated Extraction of Security Policy from Natural-Language Software Documents * Nov. 21, 2013, Kaidi Ma, Man Sun Computer Information Science.
Xusheng Xiao, Tao Xie North Carolina State University Amit Paradkar IBM T.J. Watson Research Center

Xusheng Xiao, Tao Xie North Carolina State University Amit Paradkar IBM T.J. Watson Research Center
“Crosswalking” Hospitals for a Healthy Environment (H2E) & the Joint Commission for the Accreditation of Healthcare Organizations (JCAHO) Catherine Zimmer,

“Crosswalking” Hospitals for a Healthy Environment (H2E) & the Joint Commission for the Accreditation of Healthcare Organizations (JCAHO) Catherine Zimmer,
De-identifying Pathology Reports for Pathology Informatics

De-identifying Pathology Reports for Pathology Informatics

Similar presentations

Ads by Google