multiparty access control
TRANSCRIPT
INTRODUCTION
ONLINE social networks (OSNs).
Virtual space and web pages.
User have no control over data residing outside their spaces.
Each user has a different privacy concerns about the data related
to them.
15-04-2015COET DEPT CSE
2
Each user can make a reference to his/her friends.
Reporting to OSNs only allows us to either keep or delete the content.
MPAC allows collaborative management of shared data.
Effectiveness and Flexibility of MPAC.
15-04-2015COET DEPT CSE
3
LITERATURE REVIEW
Representing and Reasoning about Web Access Control Policies: Gail- Joon Ahn
• Specifies access control policies for applications-mainly-cloud
Moving Beyond Untagging Photo Privacy in a Tagged World: Andrew Besmer
• Defines a set of rules
A Collaborative Framework for Privacy Protection in Online Social Networks: Huaixi Wang
• Provide encrypted data to server
• Each user make use of public, private keys
15-04-2015COET DEPT CSE
4
MPAC MODEL
• OSN can be represented by a relationship network , a set of user groups ,a
collection of user data .
• Existing access control schemes.
• Single access control scheme.
• Concept of Multiple controllers.
15-04-2015COET DEPT CSE
6
ACCESSOR
• Accessors are a set of users who are granted to access the
shared data
• sensitivity levels (SL) for conflict resolution.
• SL are multi dimensional with varying degree of sensitivity.
15-04-2015COET DEPT CSE
9
MPAC POLICY
A MPAC policy is a 5-tuple
Controller
Ctype
Accessor
Data
Effect
15-04-2015COET DEPT CSE
10
EXAMPLE
P = <controller; ctype; accessor; data; effect>
Data is specified as a tuple
p1 = (Alice,OW, {<friendOf,RN>},<status01, 0:50>,
permit)15-04-2015COET DEPT CSE
11
• Different privacy concerns leads to conflicts
• Naïve solution
Allow common users.
Drawback
Too Restrictive
• Need for Effective Conflict resolution strategy
Maintain privacy and flexibility
15-04-2015COET DEPT CSE
13
MULTIPARTY POLICY EVALUATION
1. Voting scheme for decision making.
• Decision from each controller has an effect on final decision
• DV = 0 if evaluation of policy = Deny
1 if Evaluation of policy =Permit
• DVag=( DVow+DVcb+ 𝑖€𝑠𝑠𝐷𝑉𝑠𝑡 ) ×1
𝑚
where m is the no of controllers.15-04-2015COET DEPT CSE
14
• Sensitivity voting. Each controller assigns an SL to the shared data
item to reflect her/his privacy concern.
• A sensitivity score (SC) (in the range from 0.00 to 1.00)
• SC=( SLow+SLcb+ 𝑖€𝑠𝑠 𝑆𝐿𝑠𝑡 ) ×1
𝑚
15-04-2015COET DEPT CSE
15
2.Threshold-Based Conflict Resolution
• If the Sc is higher, the final decision has a high chance to deny access
• Otherwise allow access
• Decision= 𝑃𝑒𝑟𝑚𝑖𝑡 𝑖𝑓 𝐷𝑉 𝑎𝑔 > 𝑆𝑐𝐷𝑒𝑛𝑦 𝑖𝑓 𝐷𝑉 𝑎𝑔 ≤ 𝑆𝑐
• If any controller changes her/his policy or SL for the shared data item, the DV ag
and Sc will be recomputed,and the final decision may be changed accordingly
15-04-2015COET DEPT CSE
16
3. STRATEGY-BASED CONFLICT RESOLUTION WITH PRIVACY
RECOMMENDATION
• Major strategies
Owner-overrides
Decision= 𝑃𝑒𝑟𝑚𝑖𝑡 𝐷𝑉𝑎𝑔 = 1𝐷𝑒𝑛𝑦 𝐷𝑉𝑎𝑔 = 0
Full-consensus-permit
Decision= 𝑃𝑒𝑟𝑚𝑖𝑡 𝐷𝑉𝑎𝑔 = 1𝐷𝑒𝑛𝑦 𝑜𝑡ℎ𝑒𝑟𝑤𝑖𝑠𝑒
15-04-2015COET DEPT CSE
17
Majority-permit
Decision= 𝑃𝑒𝑟𝑚𝑖𝑡 𝐷𝑉𝑎𝑔 ≥ 1/2𝐷𝑒𝑛𝑦 𝐷𝑉𝑎𝑔 < 1/2
Super-majority-permit
Decision= 𝑃𝑒𝑟𝑚𝑖𝑡 𝐷𝑉𝑎𝑔 ≥ 1/3𝐷𝑒𝑛𝑦 𝐷𝑉𝑎𝑔 < 1/3
15-04-2015COET DEPT CSE
18
4.CONFLICT RESOLUTION FOR
DISSEMINATION CONTROL
• Disseminator can specify his policy concerns
• Weaker policy problems
• Deny Overrides strategy
• Logical AND operation
15-04-2015COET DEPT CSE
19
FUTURE SCOPE
Auto-tagging
Encrypted Data Sharing
Advertisement policy specification
15-04-2015COET DEPT CSE
22
CONCLUSION
Multiparty policy specification
Mcontroller
Flexible selection of strategies
15-04-2015COET DEPT CSE
23
REFERENCES
G. Ahn and H. Hu, “Towards Realizing a Formal RBAC Model in Real Systems,” Proc. 12th ACM Symp. Access Control Models and Technologies, pp. 215-224, 2007.
G. Ahn, H. Hu, J. Lee, and Y. Meng, “Representing and Reasoning about Web Access Control Policies,” Proc. IEEE 34th Ann.
Computer Software and Applications Conf. (COMPSAC), pp. 137-146, 2010.
Besmer and H.R. Lipford, “Moving beyond Untagging: Photo Privacy in a Tagged World,” Proc. 28th Int’l Conf. Human Factors in
Computing Systems, pp. 1563-1572, 2010.
L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda, “All Your Contacts Are Belong to Us: Automated Identity theft Attacks on Social
Networks,” Proc. 18th Int’l Conf. World Wide Web, pp. 551-560, 2009.
B. Carminati and E. Ferrari, “Collaborative Access Control in On- Line Social Networks,” Proc. Seventh Int’l Conf. Collaborative
Computing: Networking, Applications and Worksharing (Collaborate- Com), pp. 231-240, 2011.
15-04-2015COET DEPT CSE
24