Automated assessment of disclosure risk

Period of Performance: 10/23/2013 - 07/22/2014


Phase 1 STTR

Recipient Firm

Securboration, Inc.
Principal Investigator
Firm POC

Research Institution

Dartmouth College
Office of Sponsored Projects 11 rope Ferry Road #6220
Hanover, NH 03755
Institution POC


ABSTRACT: Information systems continue to progress in terms of collecting, characterizing and assessing information. While this evolution has provided unprecedented intelligence capability to the U.S. and our allies, it has also raised unique challenges in the area of information security and disclosure risks. In particular, the intelligence community (IC) currently lacks the ability to understand how the continuous release of information through approved information sharing, intentional or unintentional leaks, or malicious, covert breaches risks divulging secrets either directly or through inference. To address this gap Securboration Inc. proposes an innovative approach that combines and extends Securboration s semantics-based text analytic summarization pipeline with machine learning and probabilistic reasoning. Our solution, referred to as RIQUEST (Risk Quantification and Estimation Toolkit), will compute the disclosure risk for a given piece of information with respect to a large number of secrets. RIQUEST includes a robust ontology-based model of disclosure risk categories, and quantifies risks within subsets of those categories. RIQUEST addresses the problem of disclosure through probabilistic inference, and takes into account the contextual information that enables inference. BENEFIT: The commercial potential for RIQUEST is significant. Big-four auditing firms are aggressively pursuing data loss prevention (DLP) as a business line for their established customers. The process of identifying an organization s sensitive data and understanding the risk of its exposure is a critical first step in any DLP business model. RIQUEST s ability to automate this process represents a significant improvement over the manual data classification exercises currently employed. Whether in commercial enterprises or the Air Operations Center, RIQUEST will provide cumulative, continuous assessment resulting in greater disclosure risk situational awareness which, in turn, leads to improved information sharing and the ability to focus security countermeasures in response to leaks.