280 likes | 403 Views
Serge Abiteboul, Alban Galland and a bunch of different people Webdam, INRIA Saclay-Ile-de-France. Security on Social Networks Or some clues about Access Control in Web Data Management with Privacy, Time and Provenance. Summary. Introduction General definitions Goal Related works
E N D
Serge Abiteboul, Alban Galland and a bunch of different people Webdam, INRIA Saclay-Ile-de-France Security on Social NetworksOr some clues about Access Control in Web Data Management with Privacy, Time and Provenance
Summary • Introduction • General definitions • Goal • Related works • Distributed Knowledge Base with Privacy • Basic notions and model • Systems properties • Systems Description: @home, @host, @host-dht, @friends • Extensions • Declarative Expression of Privacy • Demonstration • Conclusion
Our definition of Social Network • Social Network: a (web) application where users store and consult data and interact with data of other users following explicit relationships • Some important notions • Users : people • Data : graph of XML documents, AXML • Data-management : storage, replication, query • Relationship
Our definition of Privacy • Privacy: the fact that a user keeps control over her data and activity • Some important notions • Read and write permissions • Delegation of permissions • No focus on anonymity • Anonymity of requests • Anonymity of aggregated data
Goal • Define and implement the basis for a distributed social network that guarantees access control • More precisely • Distributed knowledge base with access control • Declarative high level access control specification
Related works • Social network • Some typically centralized SN systems with limited access control management • Some SN-specific applications [2,4] • Some works on knowledge mining in SN • Distribution • Distributed Hash Table and indexing (KadoP) • Friend based P2P • Privacy • Access control and logic [1,5] • Cryptography [3]
Distributed Knowledge Base with Privacy • Basic notions and model • Systems properties • Systems description • @home • @host • @host-dht • @friends • Extensions
Basic notions and model • Principal • User, group, machine: something which could be authenticated • may make statement about her data and meta-data • may be a peer, having computational resources, storage, availability • Documents • Identified by their owner id and a local id • Basically, (xml) trees with references to others documents • Alice states news@rockclimbing=T
Basic notions and model • Access rights • Rights: read, write, own • Access control list • Alice states Bob reader@rockclimbing • Keys • Cryptographic secrets • Alice states readkey@rockclimbing
Basic notions and model • External knowledge • Generated by communication • Alice says Alice states news@rockclimbing=T to Bob • Well-formed communication trace: C says (B says (A says (A states …) to B) to C) to D • Keep trace of provenance • Encryption • Alice says (Alice states news@rockclimbing= (T encrypted for Bob as owner) to Cedric
Basic notions and model • Instructions • CreatePrinc, CreateDoc • Write • Grant, Revoke • Say • Get • Bob -> write(news, rockclimbing, T)
Basic notions and model • Factification: • Transformation of an instruction in a statement • Bob says Bob -> write(news,rockclimbing,T) to Alice • Alice states news@rockclimbing=T requested by Bob • Authentication and time • Alice owner’s key • Rockclimbing writer’s key • Alice keeps proof of the request • Local time of Alice
Basic notions and model • Collections • Flat document of references to other documents • New statements, rights and instructions : append, remove • Alice states members@rockclimbing += profile@Bob • Same get instruction as any other document • Interesting example: index, mailbox, local files directory…
Systems properties • System • Peers and protocol applied by peers. • Well-formed • All the data is on the form of statements or well-formed communication chains • References to documents always correspond to a document (eventually empty) • References to principal always correspond to a principal
Systems properties • Soundness • Access to document, access rights and keys (read and write) is correct according to access control defined by access rights • Safety-Property • A system is safe if a (correct) peer send data in clear to people it has verified proof of access right or send data encrypted with the correct key else. • Meta-theorem • A system which verify safety-property is sound
Systems properties • Completeness • A principal is aware of any document she could access • A principal is always sure that she get the last version of a data • A principal is always sure to get all the append and remove statements of a collection • Could be relaxed to probabilistic notions
Systems description • One can consider different systems • We focus on 4 of them, as proof of concept • @home: data on trusted owner host • @host: data on untrusted host • @host-dht: data on untrusted dht • @friends
@home • Bob -> say (Bob -> get(news@rockclimbing)) to Alice • Alice -> say (Alice states news@rockclimbing=T) to Bob Ownership Signed Instructions Results • Interesting particular case: facebook
@host • Alice -> say (Alice states news@rockclimbing=(T encrypted for rockclimbing as reader)) to host • Bob -> say (Bob -> get(news@rockclimbing)) to host • host -> say (Alice says (Alice states news@rockclimbing=(T encrypted for rockclimbing as reader))) to Bob Signed Statements Signed Instructions Encrypted Results
@host-dht • Use time-stamp and redundancy to avoid update denial of documents • Use co-signatures of hosts to avoid update denial of collections 1 2 1 1 Encrypted statements Signed Instructions 1 Encrypted Results
@friends Statements Signed Instructions Results
Extensions • Structured queries • Full-text search • Problem of awareness is even stronger there • Index • Balance between leak of information and efficiency of queries • May need more meta-data, like an encryption schema • Could be managed as regular update thanks to collections
Extensions • Services • AXML service calls • Need specials access rights for executing and mounting services • Services may have special access rights to data, depending of the context (cf. applications in Facebook) • Services could be used to support global knowledge, or complex higher level policies.
Declarative Expression of Privacy • Example • People who are tagged on one of my photos can see this photo • People who are friends of two of my friends can read my Wall • People who are best friends of mine can write on my Wall • Problems • Uncontrolled deduction • Fix-point semantic
Demonstration • Some functionalities already implemented during Marilena Oita internship • A user interface and global logic • Some part of Distributed Knowledge Base with Privacy • Declarative Privacy is missing
Conclusion • This is work in progress • We are currently focusing on distributed knowledge base with access control, but there is links with other domains: data integration, reasoning about knowledge, social data-mining… • Hidden behind trendy Social Networks, we believe there are real topics of research, in particular in distributed systems
References • [1] Abadi et al, Logic in Access Control, FOSAD 2009 • [2] Buchegger et al, PeerSon, P2P social networking – early experiences and insights, SNS 2009 • [3] Canetti et al, Multicast security: A taxonomy and some efficient constructions, INFOCOM 1999 • [4] Jawad et al, Protecting Data Privacy in structured P2P Networks, DMGP2PS 2009 • [5] Mazieres et al, Separating key management from file system security, SIGOPS 1999