Traditionally, information security in data processing systems has been addressed at the operating system, network, and application or file levels. Application level security and security for data which may be controlled under an application (i.e., so-called “fine grain labelling” at the level of a file or specific information such as a sentence, paragraph or particular numerical data within a file) is typically implemented in a manner that is unique to the application.
Several methods have been proposed for securing information at the application or file level. For example, U.S. Pat. No. 5,991,877 to Luckenbaugh discloses an object-oriented trusted application framework that allows for fine grain labelling. As another example, U.S. Pat. No. 5,848,231 to Teitelbaum, et al., discloses a method for configuring and reconfiguring a computer system based on user authorization wherein users may perceive that they have unlimited access to computer system resources. In one embodiment, in a computer system that includes a GUI, available files are displayed and unavailable files are not such that the unauthorized user is limited to the available files. Through this configuration, the unauthorized user is provided with an interface that suggests that the unavailable files do not exist. However, neither the method of Teitelbaum, et al., nor the framework of Luckenbaugh allows users to effectively contextualize information that is available from that which is not.
To elaborate, a disadvantage of existing methods for securing application level information is that they do not provide a user-friendly indication to users of what information is secured within the context of a larger body of unsecured information. For example, in computer graphics applications which process large graphical image files such as digital maps, it is often important for a user to contextualize the image being presented on a system display screen. That is, while a user may use well-known “panning” and “zooming” tools to view a desired area or object in a large image at an unsecured level, in doing so, the relative location of the corresponding area or object at a detailed and secured level may be lost to the user or the user may find it difficult to determine what portion of the image is being observed. An additional disadvantage of existing methods is that they do not allow for the effective control of access by users to secured detailed information within the context of surrounding unsecured information. These disadvantages are examples of what is often referred to as the “screen real estate problem”.
A need therefore exists for an improved method and system for controlling user access to secured (e.g. detailed or confidential) information within the context of surrounding information. Consequently, it is an object of the present invention to obviate or mitigate at least some of the above mentioned disadvantages.