slide collab com

Hien Thi Thu Truong 1, Claudia-Lavinia Ignat 1, Mohamed-Rafik Bouguelia 2, Pascal Molli 3

1 INRIA Nancy Grand Est, France 2 Nancy University, France 3 Nantes University, France {hien.truong, [email protected] } {[email protected]} {[email protected]}

A Contract-extended Push-Pull-Clone Model

7th International Conference on Collaborative Computing:Networking, Applications and Worksharing (CollaborateCom 2011)

Orlando, Florida, USA, October 15-18, 2011

2

22

● With collaboration provider:● Social services: Facebook, Google+,

Wikis, VCS, ...● Threat of privacy: service provider

has control over user's data

● Without collaboration provider:● Distributed Version Control System

(DVCS): Git, Mercurial● Scalability, fault tolerance, shared

administration costs, control over data given to users

Social collaboration models

3

33

Workflow of Centralized VCS

● Issues:● Require network connections for update and commit● Need collaboration providers● Single point of failure

4

44

Push-Pull-Clone model (PPC)

● Advantages:● Offline operations● More flexible workflows● No need of collaboration provider

5

55

Problem● In PPC model:

● Difficult to control over personal data after sharing

● Traditional usage control is made through:● Software license● Work contracts: rights and obligations

→ contract is “outside of system” and trust is implicitly expressed

● Related solutions:● Access control: cannot prevent misbehavior from inside users, a-priori

verification, closed systems where users are known● Contract-based models: not deployed for PPC collaboration

6

66

● Our goal: ● to make contracts expressed “inside of system” and to make trust

explicit in collaborative environments (for PPC model)

● Contract-extended Push-Pull-Clone model (C-PPC Model) adapted for distributed collaborative editing:

● Expression of usage restrictions (contracts)

● Logging document modifications and contracts

● Log-auditing mechanism for contract verification

● Synchronizing changes on data with contracts

● Updating trust levels based on log-auditing result (any trust model can be applied)

● A set of experiments performed in a simulator

Proposal

7

77

C-PPC Model Overview

● A single user:● Update contract when CLONE or PULL

● Resolve conflicts (if any)

● Auditing

● Work on replicated data respecting given contracts (Log)

● Specify contracts to users

● PUSH to a remote repository

● Push changes to different users with different contracts

8

88

create(A)create (circle)change-color(circle)insert(star)

P1

P2

P3

A

LOG

P4

C-PPC Model (1/4)

9

99

…..EventsE

1E

2E

3E

4E

nE

n-1

Type Operation Attribute structure of events

Attr name Attr valueevent

attributes

writesharecontract

insertdeleteupdateshare

Log structure

e1 = (write, insert, {by,P1})

e2 = (write, delete, {by,P2})

Example:

10

1010


P1

P2

P3

A

P4

CONTRACT

C-PPC Model (2/4)

F: delete

P: insert

create(A)create (circle)change-color(circle)insert (star)P: insert (P1 → P4)

F: delete (P1 → P2)


insert (cloud)delete(A)

11

1111

● A contract primitive:● Defined based on operations (insert, delete, update,...)● Permission: Pop

● Obligation: Oop

● Forbiddance: Fop

● oMision: Mop

● Contract:● A set of contract primitives

Contract

c1 = (contract, delete, {by,P1}, {to,P2}, {modal, forbiddance})

c2 = (contract, share, {by,P1}, {to,P2}, {modal, permission})

C= {c1, c2}

12

1212


P1

P2

P3

A



A

P4

AUDITING




P2 misbehaved

C-PPC Model (3/4)

F: delete


13

1313

Log auditing: ● detect misbehavior of collaborators

● audit action and contract violation● audit log tampering

● update trust levels

Audit results: a user can be evaluated as:– trustful / suspicious / distrustful / malicious

Log Auditing & Trust Assessment

Trust levels:– updated based on auditing results– any decentralized trust model can be used

14

1414

P1

P2

P3

A

create(A)create (circle)change-color(circle)insert (star)


P: insert (P1 → P4)

A

P4




SYNCHRONISATION


C-PPC Model (4/4)

F: delete


F: delete (P2 → P3)F: delete (P3 → P4)

15

1515

… …

● Append new events from remote log into the end of local log● Ensure document convergence by using CRDTs (Commutative Replicated Data Type)● Resolve contract conflict

Log Synchronisation

16

1616

Contract Conflicts

P1

P2

P3

A

P4

Conflict

F: deleteF: insert

● Weak conflict● Permission conflicts Forbiddance

● Obligation conflicts Omission

→ take restrict one

● Strong conflict

● Obligation conflicts Forbiddance

→ block system

● Resolve conflicts:● Reject the received remote log● Cancel local log and accept the

new remote log→ Decision depending on contracts, trust levels and/or content

● Example:● F insert conflicts P insert

● O share conflicts F share

create(A)create (circle)change-color(circle)insert (star)


P: insert (P1 → P4)F: delete (P1 → P2)

F: delete (P2 → P3)F: delete (P3 → P4)

17

1717

● Set up:● PeerSim simulator

● Networks of 200 peers

● Number of interactions at one step: 10

● Experiments:

● Experiment 1: Estimate detection of misbehaving users

● Experiment 2: Estimate time overhead of using contracts

Experiments

18

1818

Experimental Results (1/4)

Ability all users can detect one misbehaving user

19

1919


Ability to detect all misbehaving users

20

2020


Ability one user can detect all other misbehaving users

21

2121


Time overhead of using and not using contracts

580ms

390ms

22

2222

● We proposed a contract-extended PPC model for P2P collaboration:● Awareness mechanism of using contracts

● logging document modifications and contracts

● log-auditing mechanism for contract verification

● log synchronization for write operations and contracts

● updating of trust values using any trust model

● simulating C-PPC model

● Our future work:● authenticators to prevent log-tampering● applications of the model in different domains (e.g. social networks)● wider ranges of contracts

Conclusions and Future works

slide collab com

Technology