Existing data processing systems may provide capabilities for system security. These system security capabilities may control system users, system resources, or system information.
System user oriented security may limit system access to only those users authorized to use the system. Existing system user oriented security is demonstrated by operating system commands such as the International Business Machines Corporation "VM/ESA".TM. Operating System LOGON command and the Unix Systems Laboratories "UNIX".TM. Operating System LOGIN command.
System resource oriented security may limit the access and use of a system resource to only those users authorized to use the system resource. Existing system resource oriented security is demonstrated by operating system commands such as the "VM/ESA" Operating System LINK command and the "UNIX" Operating System file permissions.
System information oriented security may search system files to locate any unauthorized information within the system, such as a computer virus. Existing system information oriented security is demonstrated by operating system commands such as the "VM/ESA" Operating System SCANFILE command and the "UNIX" Operating System GREP command.
However, when one desires to control the distribution of information to, within, or from a data processing system based on the information content, no capability is provided by the previously described existing systems. If one desires to prevent the unauthorized distribution of restricted information into a data processing system, or prevent the unauthorized distribution of restricted information within a data processing system, or prevent the unauthorized distribution of restricted information from a data processing system, then the previously described existing systems fail to prevent these distributions. This is a problem when the restricted information is a valuable asset and the unauthorized distribution may compromise the value of the restricted information.
For a situation which may call for a user needing automatic security control over distributions in a data processing system, consider the following. Maintaining security is an integral part of any business. Competition among companies makes it very important to keep research, development materials, business direction information and other confidential information secure and safe from unauthorized people and systems. However, the networking of data processing systems makes it difficult to control the distribution of such confidential information. A business would prefer to be able to automatically monitor information distributions to, from, and within such data processing systems to ensure security. In addition, the multimedia nature of some data processing systems makes it difficult to control the distribution of such confidential information. Different types of media such as voice, text, graphics, etc. can contain confidential information. A method is needed to monitor confidential information in a variety of media (voice, text, graphics, etc.), in a variety of environments (networks, phone systems, host systems and stand alone computers), and in a variety of input and output devices available for communicating and managing information.
The existing approaches described above fail to meet the needs of the above situation and present the user with five difficulties. The first difficulty is that existing approaches fail to provide a capability for defining a distribution which constitutes a security violation. The second difficulty is that existing approaches fail to provide a capability for detecting a security violation distribution. The third difficulty is that existing approaches fail to provide a capability for handling the unauthorized distribution of a security violation distribution either into, within, or from a data processing system. The fourth difficulty is that existing approaches fail to provide a capability for either inhibiting, reporting, or logging the unauthorized distribution of a security violation distribution. The fifth difficulty is that existing approaches fail to provide a capability for prioritizing potential actions in response to the unauthorized distribution of a security violation distribution.
Thus, the existing systems described above provide no method of, or apparatus for, automatic detection of a distribution of a security violation object within a data processing system. As such, there is a need for a method of, and apparatus for, providing automatic detection of a distribution of a security violation object within a data processing system.