Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Security on Social Networks Or some clues about Access Control in Web Data Management with Privacy, Time and Provenance Serge Abiteboul, Alban Galland.

Published byCameron O’Neal’ Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Security on Social Networks Or some clues about Access Control in Web Data Management with Privacy, Time and Provenance Serge Abiteboul, Alban Galland."— Presentation transcript:

1 1 Security on Social Networks Or some clues about Access Control in Web Data Management with Privacy, Time and Provenance Serge Abiteboul, Alban Galland and a bunch of different people Webdam, INRIA Saclay-Ile-de-France

2 2 Alban Galland, Security on Social Networks, 01/12/2009 Summary Introduction General definitions Goal Related works Distributed Knowledge Base with Privacy Basic notions and model Systems properties Systems Description: @home, @host, @host-dht, @friends Extensions Declarative Expression of Privacy Demonstration Conclusion

3 3 Alban Galland, Security on Social Networks, 01/12/2009 Our definition of Social Network Social Network: a (web) application where users store and consult data and interact with data of other users following explicit relationships Some important notions Users : people Data : graph of XML documents, AXML Data-management : storage, replication, query Relationship

4 4 Alban Galland, Security on Social Networks, 01/12/2009 Our definition of Privacy Privacy: the fact that a user keeps control over her data and activity Some important notions Read and write permissions Delegation of permissions No focus on anonymity Anonymity of requests Anonymity of aggregated data

5 5 Alban Galland, Security on Social Networks, 01/12/2009 Goal Define and implement the basis for a distributed social network that guarantees access control More precisely Distributed knowledge base with access control Declarative high level access control specification

6 6 Alban Galland, Security on Social Networks, 01/12/2009 Related works Social network Some typically centralized SN systems with limited access control management Some SN-specific applications [2,4] Some works on knowledge mining in SN Distribution Distributed Hash Table and indexing (KadoP) Friend based P2P Privacy Access control and logic [1,5] Cryptography [3]

7 7 Alban Galland, Security on Social Networks, 01/12/2009 Distributed Knowledge Base with Privacy Basic notions and model Systems properties Systems description @home @host @host-dht @friends Extensions

8 8 Alban Galland, Security on Social Networks, 01/12/2009 Basic notions and model Principal User, group, machine: something which could be authenticated may make statement about her data and meta-data may be a peer, having computational resources, storage, availability Documents Identified by their owner id and a local id Basically, (xml) trees with references to others documents Alice states news@rockclimbing=T

9 9 Alban Galland, Security on Social Networks, 01/12/2009 Basic notions and model Access rights Rights: read, write, own Access control list Alice states Bob  reader@rockclimbing Keys Cryptographic secrets Alice states readkey@rockclimbing

10 10 Alban Galland, Security on Social Networks, 01/12/2009 Basic notions and model External knowledge Generated by communication Alice says Alice states news@rockclimbing=T to Bob Well-formed communication trace: C says (B says (A says (A states …) to B) to C) to D Keep trace of provenance Encryption Alice says (Alice states news@rockclimbing= (T encrypted for Bob as owner) to Cedric

11 11 Alban Galland, Security on Social Networks, 01/12/2009 Basic notions and model Instructions CreatePrinc, CreateDoc Write Grant, Revoke Say Get Bob -> write(news, rockclimbing, T)

12 12 Alban Galland, Security on Social Networks, 01/12/2009 Basic notions and model Factification: Transformation of an instruction in a statement Bob says Bob -> write(news,rockclimbing,T) to Alice Alice states news@rockclimbing=T requested by Bob Authentication and time Alice owner’s key Rockclimbing writer’s key Alice keeps proof of the request Local time of Alice

13 13 Alban Galland, Security on Social Networks, 01/12/2009 Basic notions and model Collections Flat document of references to other documents New statements, rights and instructions : append, remove Alice states members@rockclimbing += profile@Bob Same get instruction as any other document Interesting example: index, mailbox, local files directory…

14 14 Alban Galland, Security on Social Networks, 01/12/2009 Systems properties System Peers and protocol applied by peers. Well-formed All the data is on the form of statements or well-formed communication chains References to documents always correspond to a document (eventually empty) References to principal always correspond to a principal

15 15 Alban Galland, Security on Social Networks, 01/12/2009 Systems properties Soundness Access to document, access rights and keys (read and write) is correct according to access control defined by access rights Safety-Property A system is safe if a (correct) peer send data in clear to people it has verified proof of access right or send data encrypted with the correct key else. Meta-theorem A system which verify safety-property is sound

16 16 Alban Galland, Security on Social Networks, 01/12/2009 Systems properties Completeness A principal is aware of any document she could access A principal is always sure that she get the last version of a data A principal is always sure to get all the append and remove statements of a collection Could be relaxed to probabilistic notions

17 17 Alban Galland, Security on Social Networks, 01/12/2009 Systems description One can consider different systems We focus on 4 of them, as proof of concept @home: data on trusted owner host @host: data on untrusted host @host-dht: data on untrusted dht @friends

18 18 Alban Galland, Security on Social Networks, 01/12/2009 @home Bob -> say (Bob -> get(news@rockclimbing)) to Alice Alice -> say (Alice states news@rockclimbing=T) to Bob Signed Instructions Results Ownership Interesting particular case: facebook

19 19 Alban Galland, Security on Social Networks, 01/12/2009 @host Signed Instructions Encrypted Results Alice -> say (Alice states news@rockclimbing=(T encrypted for rockclimbing as reader)) to host Bob -> say (Bob -> get(news@rockclimbing)) to host host -> say (Alice says (Alice states news@rockclimbing=(T encrypted for rockclimbing as reader))) to Bob Signed Statements

20 20 Alban Galland, Security on Social Networks, 01/12/2009 @host-dht Signed Instructions Encrypted Results Encrypted statements 1 12 1 1 Use time-stamp and redundancy to avoid update denial of documents Use co-signatures of hosts to avoid update denial of collections

21 21 Alban Galland, Security on Social Networks, 01/12/2009 @friends Signed Instructions Results Statements

22 22 Alban Galland, Security on Social Networks, 01/12/2009 Extensions Structured queries Full-text search Problem of awareness is even stronger there Index Balance between leak of information and efficiency of queries May need more meta-data, like an encryption schema Could be managed as regular update thanks to collections

23 23 Alban Galland, Security on Social Networks, 01/12/2009 Extensions Services AXML service calls Need specials access rights for executing and mounting services Services may have special access rights to data, depending of the context (cf. applications in Facebook) Services could be used to support global knowledge, or complex higher level policies.

24 24 Alban Galland, Security on Social Networks, 01/12/2009 Declarative Expression of Privacy Example People who are tagged on one of my photos can see this photo People who are friends of two of my friends can read my Wall People who are best friends of mine can write on my Wall Problems Uncontrolled deduction Fix-point semantic

25 25 Alban Galland, Security on Social Networks, 01/12/2009 Demonstration Some functionalities already implemented during Marilena Oita internship A user interface and global logic Some part of Distributed Knowledge Base with Privacy Declarative Privacy is missing

26 26 Alban Galland, Security on Social Networks, 01/12/2009 Demonstration

27 27 Alban Galland, Security on Social Networks, 01/12/2009 Conclusion This is work in progress We are currently focusing on distributed knowledge base with access control, but there is links with other domains: data integration, reasoning about knowledge, social data- mining… Hidden behind trendy Social Networks, we believe there are real topics of research, in particular in distributed systems

28 28 Alban Galland, Security on Social Networks, 01/12/2009 References [1] Abadi et al, Logic in Access Control, FOSAD 2009 [2] Buchegger et al, PeerSon, P2P social networking – early experiences and insights, SNS 2009 [3] Canetti et al, Multicast security: A taxonomy and some efficient constructions, INFOCOM 1999 [4] Jawad et al, Protecting Data Privacy in structured P2P Networks, DMGP2PS 2009 [5] Mazieres et al, Separating key management from file system security, SIGOPS 1999

Download ppt "1 Security on Social Networks Or some clues about Access Control in Web Data Management with Privacy, Time and Provenance Serge Abiteboul, Alban Galland."

Similar presentations

Provenance-Aware Storage Systems Margo Seltzer April 29, 2005.

Provenance-Aware Storage Systems Margo Seltzer April 29, 2005.
Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
Decentralized User Authentication in a Global File System Max Meisterhans - Seminar in Distributed Computing WS 05/06.

Decentralized User Authentication in a Global File System Max Meisterhans - Seminar in Distributed Computing WS 05/06.
Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,

Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 WebdamExchange and WebdamLog: some models for web data management Emilien Antoine, Meghyn Bienvenu, Alban Galland Webdam WS, 04/03/2011.

1 WebdamExchange and WebdamLog: some models for web data management Emilien Antoine, Meghyn Bienvenu, Alban Galland Webdam WS, 04/03/2011.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
MS DB Proposal Scott Canaan B. Thomas Golisano College of Computing & Information Sciences.

MS DB Proposal Scott Canaan B. Thomas Golisano College of Computing & Information Sciences.
Cryptography In Censorship Resistant Web Publishing Systems By Hema Hariharan Swati B Shah.

Cryptography In Censorship Resistant Web Publishing Systems By Hema Hariharan Swati B Shah.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.

Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.

PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.

Similar presentations

Ads by Google