Share information in very sensitive contexts using explainable AI

Posted on 2022-03-23 by Anabasis

Translations: fr

Categories: Technology

Introduction

When it comes to collaboration, it is often necessary to share data, sometimes even confidential or at least sensitive data. This sharing is naturally restricted to well-identified actors and to certain data only; collaborating does not mean sharing everything. Where the stakes are lower and the participants fewer and willing to share, data exchange can be handled by hand. Well... On the other hand, in the context of inter-organization or even state collaboration, adressing this issue with adequate tooling becomes a bare necessity.

This is indeed the case in the field of defence, where it is often said that missions carried out jointly by several entities. In this context we will talk about the implementation of JADC2 frameworks (for Joint All Domain Command and Control) to allow the command of joint operations (land, sea, air) with sharing of intelligence data, surveillance, reconnaissance, etc. There is also aa strong requirement to share safely for state coalitions working on the same missions. Therefore, NATO is developing the FMN program (for Federated Mission Networking) with the aim of standardizing the linking of member or allied countries within the framework of joint missions. On the side of the American defense, we will speak of MPE (for Mission Partner Environment) with by and large the same aim.

image

One of the major challenges of these information sharing systems is the automation of data sharing as much as possible, but with the possibility of maintaining control for the most sensitive elements, in compliance with disclosure rules. established between the different partners. This issue can be addressed by using Semantic Web tools.

Information sharing and semantic Web.

The connection of partners wishing to collaborate is done by setting up a federated network. A partner can then connect to the network and access the information. A few properties should be considered.

First of all, the federated network must be non-invasive for the partners. Indeed, the partners come with their own data management solutions (information systems). The connection to the federated network must be as neutral as possible vis-à-vis internal solutions. Generic, it must be able to adapt to any system.

The federated network must also be trusted. Only the information that we wish to share can pass from the partners to the network. Only the recipients duly concerned are notified and can access this information.

Finally, the federated network is dynamic. It is not uncommon for old partners to give way to new ones. Flexibility is therefore essential. Indeed, the rules of exchange between partners are then likely to evolve and these sudden changes in restrictions on information can lead to inconsistencies that must be resolved (e.g., previously accessible data that has become protected). Also, at any time, a mapping of the recipient/information situation must be accessible, showing these inconsistencies or other leaks in the system that must also be noticeable in order to be quickly contained.

The representation of knowledge and the tools of the Semantic Web therefore have their place in this problem. Allowing communications between different partners (sites) wishing to share content (pages) despite very heterogeneous representations is indeed one of the major challenges of the Semantic Web. We are then interested in the meaning (ontology) contained in the resources exchanged beyond the representations.

Establishing a business model for data exchange by an ontology supported by Semantic Web tools thus makes it possible to precisely specify the expectations of partners and to develop the tool that best suits them. The modeling obtained has the great advantage of being directly executable. This allows testing and feedback at any time in the design cycle in a rapid exchange with partners. In addition, the ability to be able to trace during executions any proposal put forward by the system is one of the advantages of this form of explainable artificial intelligence, compared to other technologies such as Machine Learning. This naturally allows discussions to design a solution, improve it, make it evolve, but also to justify manual decisions that could be taken in addition to automation.

If you want to know more about the situation of the semantic web today and the intricacies of knowledge engineering, we recommend that you consult our articles on these subjects.

But concretely, how to model the management of disclosure in a federated network?The establishment of a business model for data exchange by an ontology supported by Semantic Web tools thus makes it possible to precisely specify the expectations of partners and to develop the tool that best suits them. The modeling obtained has the advantage of being directly executable. This allows testing and feedback at any time in the design cycle in a rapid exchange game with partners. In addition, the ability to be able to trace during executions any proposal put forward by the system is one of the advantages of this form of explainable artificial intelligence, compared to other technologies such as Machine Learning. This naturally allows discussions to design a solution, improve it, make it evolve, but also to justify manual decisions that could be taken in addition to automation.

If you want to know more about the situation of the semantic web today and the intricacies of knowledge engineering, we recommend that you consult our articles on these subjects.

image

How can I concretely model the management of disclosure in a federated network?

Modeling an information sharing system

Our approach consists in modeling the activity of an information sharing system. In order to have a general view of this modeling, let us concentrate on the questions WHO?, WHAT?, WHY? and HOW? that govern the design of such a platform. Let's also take a few examples that some of our customers may have encountered - in the military world ("NATO case") or in the industrial world ("industrial case").

  • WHO: the partners are the main actors interacting with the information sharing system and are the entities that the system must connect together. The objective of the system being to be discreet, even silent, we assume very few elements on the partners. They are simply seen as the source and consumers of the data exchanged. The partners are ready to work together but do not grant each other absolute trust. They wish and must have control over the data they allow to filter through the sharing system and must only receive the information authorized for them.
  • NATO case: partners or member nations of NATO seek to collaborate on a mission. The partners allocate resources to the mission (forces, equipment, logistical support, etc.) which will be the source and recipients of information related to the mission.
  • Industrial case: several organizations seek to collaborate on a large-scale common project involving large companies carrying the project but also a few service provider companies responsible for smaller tasks such as the production or testing of a component. These protagonists wish to be able to exchange all the information concerning the project.

  • WHAT: Information is at the center of the sharing system. In absolute terms, they are very heterogeneous and can come in various forms, ranging from raw textual or binary data (such as multimedia files: audio, video, etc.) to structured data using exchange formats pre-established. Despite this heterogeneity, these data are generally accompanied by meta-data allowing to know more about their origin (or even their owner), their object and their level of sensitivity

  • NATO case: information sharing is a key element for the success of military operations. For example, we will seek to warn allied forces on a mission of the location of a moving, potentially dangerous vehicle (blue force tracking) or to communicate orders to the troops concerned. A classification (e.g., NATO SECRET) can then be used to measure the sensitivity of the information and only transmit it to the partners concerned.
  • Industrial case: specification documents, progress reports, technical files, etc. can be exchanged within the framework of an industrial project. The tasks entrusted to the service providers will be accompanied by documents solely related to their on the project, thus avoiding industrial leakage.

image

  • WHY: this is the essential element that structures communications between the partners: they seek to discuss a subject of common interest and it is these common objects that create the links between the partners. The reason for the relevance of an exchange of information may be very different in nature depending on the domain but, in a generic way, generates communication frameworks by which the system is organized.

  • NATO case: the notion of community of interest is already present and represents the grouping of partners around a common subject. This concept can very easily be diverted to play the role of a communication framework and generate the sharing system. Each community of interest is responsible for bringing together all the information relating to a certain subject (a territory, a mission, an individual of interest, etc.). The partners (NGOs, military forces, state and administrative organizations, etc.) can then subscribe to such a community, share their information there concerning the subject concerned and be notified of any information relating to this subject.

  • Industrial case: large industrial projects are generally divided into sub-projects dependent on each other but well-defined boundaries. This organization in sub-projects is perfectly usable as communication structures. Each stakeholder is thus able to register for the sub-projects corresponding to him, to access through them all the documents he needs in order to carry out his tasks, and to deposit his deliverables there for the Communicate to relevant partners.

  • HOW: the disclosure rules describe when WHAT is communicated to WHO and WHY. In other words, what are the conditions that would imply that information is communicated to a partner and in what context. Once the partners have been grouped together in the frameworks whose are of interest to them, the idea is to automatically release any information related to this subject to all these partners, with regards to the degree of confidentiality associated and permitted for each partner.

image

The modeling thus obtained leads very naturally to a high-level disclosure rules management system managing all the constraints between all the entities. The system is then able to express which rules are to be applied in which context. It can then be the source for updating rules for the development of various lower-level tools as needed.

In addition, the system is able to analyze the disclosure rules it contains in order to identify certain inconsistencies. We can then speak of an intelligent disclosure rules management system. This shows how a model-driven approach (MBSE) combined with knowledge representation techniques allows the design of effective tools.

Conclusion

The semantic web is a response to communication issues in federated networks, in particular for the management of information disclosure policies.

We built and shared these ideas during our recent participation in a study by the NATO Industrial Advisory Group (NIAG). This study was interested in reflecting, both conceptually and materially, on the architecture and technologies necessary to achieve an information sharing system integrating the deployment of disclosure rules.

Antoine,
Scientific expert for Anabasis

and Sabrina,
Knowledge engineer at Anabasis

Determining the accounting nature, a complex question... of data

Introduction Accounting is a key department, whether in businesses, administrations or associations. There are already many business softwares and applications out there, allowing to w

Making data speak - genesis of explainable AI at Anabasis

Making data speak - genesis of explainable AI at Anabasis Explainable AI didn't come out of Jupiter's head full