1 / 31

On Protection in Federated Social Computing Systems

On Protection in Federated Social Computing Systems. Ebrahim Tarameshloo , Philip W.L.Fong , Payman Mohassel University of Calgary Calgary, Alberta, Canada { etarames , pwlfong , pmohasse }@ ucalgary.ca. March 2014. Federated Social Computing Systems. Example:

taffy
Download Presentation

On Protection in Federated Social Computing Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On Protection in Federated Social Computing Systems EbrahimTarameshloo, Philip W.L.Fong, PaymanMohassel University of Calgary Calgary, Alberta, Canada {etarames, pwlfong, pmohasse}@ucalgary.ca March 2014

  2. Federated Social Computing Systems • Example: • Her access policy: (Share with my friends)@Foursquare vs. (Share with public)@Twitter • Privacy challenges • Access control policy of the originating SCS may not be honored by the destination SCS On Protection in Federated Social Computing Systems

  3. Outline • Privacy in Federated Social Computing Systems • Formal model • Privacy via Private Function Evaluation (PFE) • Privacy via safe function evaluation On Protection in Federated Social Computing Systems

  4. Outline • Privacy in Federated Social Computing Systems • Formal model • Privacy via Private Function Evaluation (PFE) • Privacy via safe function evaluation On Protection in Federated Social Computing Systems

  5. Closer Look at Protection Challenges • Policy fidelity • Ambiguity in terms of what policy to be used for protecting shared contents • Mechanism fidelity • Challenge of tracking the protection model of the origin site by the destination site • State fidelity • The user information may not be available for policy enforcement at the destination SCS On Protection in Federated Social Computing Systems

  6. Assumptions • User identity • The manual identity mapping process is consistent and applied whenever needed • Authorization service • Secure queriablePDPs (Policy Decision Points) for each SCSs of the confederation On Protection in Federated Social Computing Systems

  7. Feature Overview of Our Protection Model • Protection of Shared Resources • Native access: (Not the focus of this work) • Shared access: (The goal of our work) On Protection in Federated Social Computing Systems

  8. Feature Overview of Our Protection Model • Shared Access Policies • Policies for controlling shared accesses defined by resource owner • Addresses Policy Fidelity On Protection in Federated Social Computing Systems

  9. Feature Overview of Our Protection Model • Distributed Evaluation of Situated Queries • Shared access policy in the form of situated queries • Example: “friend@Facebook”, “co-located@Foursquare” • Distributed evaluation ensures Mechanism and State Fidelity On Protection in Federated Social Computing Systems

  10. Feature Overview of Our Protection Model • Policy Composition • More flexible protection model • Made up of boolean combinations of situated queries • Example: (friend@Facebook ∨ follower@Twitter) ∧nearby@Foursquare On Protection in Federated Social Computing Systems

  11. Outline • Privacy in Federated Social Computing Systems • Formal model • Privacy via Private Function Evaluation (PFE) • Privacy via safe function evaluation On Protection in Federated Social Computing Systems

  12. Formal Model of Federated SCSs • Confederation Schema • Specifies the constant entities in federation • Privacy Configuration • Specifies current privacy settings of the confederation • Protection State • Tracks the current protection state of member SCSs • Tracks the whereabouts of shared resources On Protection in Federated Social Computing Systems

  13. Policy Language • Distinctive features • Atomic queries can be interpreted at specific SCS • Composite policies by composition of atomic queries • Syntax • Semantics • Resource owner and requester must satisfy policy formula in a given protection state On Protection in Federated Social Computing Systems

  14. Outline • Privacy in Federated Social Computing Systems • Formal model • Privacy via Private Function Evaluation (PFE) • Privacy via safe function evaluation On Protection in Federated Social Computing Systems

  15. Privacy via Secure Multiparty Computation • Distributed evaluation of shared access policies • Privacy effect: Disclosure of SCSs protection states • Example: friend@Facebook∧nearby@Foursquare • Evaluation may disclose user location claims in Foursquare to Facebook • Privacy goal • Preserving the privacy of SCSs’ protection states during the evaluation of shared access policies • Possible approach • Secure Multiparty Computation (SMC) On Protection in Federated Social Computing Systems

  16. SMCand Output Privacy • SMC allows a group of parties to collectively compute a function of their inputs, while at the same time keeping these inputs private • SMC does not guaranty output privacy • Example: • SMC does not try to determine which function is “safe” to compute On Protection in Federated Social Computing Systems

  17. SMCand Output Privacy • Privacy challenge in our scheme: • Example: • Evaluation of at Instagram may leak users’ location and friendship • Possible approaches • Hide policy formulas from federated SCSs • Evaluate only safepublicpolicy formulas On Protection in Federated Social Computing Systems

  18. Approach1: PFE-based Architectures • Hide the from the SCSs involved • Advantage: no restriction on what the formula can be • Core challenge: hiding policy while running the SMC protocol • Private Function Evaluation (PFE) • Three PFE-based architectures • Origin arch. (Origin tracks policy) • User arch. (User tracks policy) • TP arch. (Third party tracks all policies) On Protection in Federated Social Computing Systems

  19. Origin Arch. (Origin SCS Tracks Policy) Current SCS Ask to initiate PFE PFE Origin SCS Authorization Decision • Each SCS tracks shared access policy of its own resources On Protection in Federated Social Computing Systems

  20. User Arch. (User Tracks Policy) Current SCS Ask to initiate PFE PFE Origin SCS • Each user stores shared access policies on a user owned storage Authorization Decision On Protection in Federated Social Computing Systems

  21. TP Arch. (Third Party Tracks Policy) TP Ask to initiate PFE Current SCS PFE Origin SCS • Centralized policy storage service by a trusted third party (TP) Authorization Decision On Protection in Federated Social Computing Systems

  22. Challenge of Policy Administration • Every user must define a shared access policy for every resource • Tedious for users • Default policies for various categories of resources On Protection in Federated Social Computing Systems

  23. Outline • Privacy in Federated Social Computing Systems • Formal model • Privacy via Private Function Evaluation (PFE) • Privacy via safe function evaluation On Protection in Federated Social Computing Systems

  24. Approach2: Privacy via Safe Functions • All shared access policies are allowed to be public • Example: default policies • Evaluate only “safe” policies by confederation • Privacy goal: No inference of inputs from output values • An SCS can refrain from providing input if a policy is detected to be unsafe • “Safe” function definition based on Sutherland’s definition of information flow via the notion of deducibility On Protection in Federated Social Computing Systems

  25. Input NonDeducibility • Example: • If the policy evaluated @ Google+ • False  Requester is a family member • What if the policy evaluated @ Linkedin 11 01 00 10 On Protection in Federated Social Computing Systems

  26. Application and Complexity of IND • SCSs test whether policy function is I’th input nondeducible • I is the set of contributed input by an SCS • Deciding input nondeducibility • To implement the static analysis • Complement of IND is in • Encode IND instance to Quantified Boolean Formula (QBF) • Use a QBF solver to test the satisfiability On Protection in Federated Social Computing Systems

  27. IND Functions • Rarity of input nondeduciblefunctions • Limited composibility • Useful IND functions • Threshold function • Threshold returns 1 if at least m of the n inputs are 1 • Replacement for conjunction • Conditional function • Replacement for disjunction On Protection in Federated Social Computing Systems

  28. Policy Idioms • It is unwise to leave it to the user to formulate “safe” policies • Users can be provided with templates of “safe” policies • Safe policy templates • Threshold policy • Conditional policy On Protection in Federated Social Computing Systems

  29. Related Work • [1] Ko, Moo Nam, Gorrell P. Cheek, Mohamed Shehab, and Ravi Sandhu. "Social-networks connect services." Computer 43, no. 8 (2010): 37-43. • [2] Shehab, Mohamed, Moo Nam Ko, and Hakim Touati. "Enabling cross-site interactions in social networks." Social Network Analysis and Mining 3.1 (2013): 93-106. • [3] Squicciarini, Anna Cinzia, Giuseppe Petracca, and Elisa Bertino. "Adaptive data protection in distributed systems." Proceedings of the third ACM conference on Data and application security and privacy. ACM, 2013. On Protection in Federated Social Computing Systems

  30. Calgary On Protection in Federated Social Computing Systems

  31. ICT Bldg. at the University of Calgary On Protection in Federated Social Computing Systems

More Related