Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3...
-
Upload
morgan-cole -
Category
Documents
-
view
215 -
download
0
Transcript of Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3...
![Page 1: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/1.jpg)
A Socially-Aware Operating System for Trustworthy Computing
Daniela Oliveira1 , Dhiraj Murthy1, Henric Johnson2, S. Felix Wu3, Roozbeh Nia3 and Jeff Rowe3
1Bowdoin College2Blekinge Institute of Technology3University of California at Davis
IEEE Workshop on Semantics, Security and PrivacySeptember 21, 2011
![Page 2: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/2.jpg)
Introduction
Limitations of Traditional Defense Solutions
The Challenge of Computing with Social Trust
The Socially-Aware OS
Applications, Benefits and Threats
Concluding Remarks
Outline
![Page 3: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/3.jpg)
OSNs: rise in popularity; Malware landscape complex; Internet: social platform
◦ What can be trusted?
OSNs and the Malware Landscape
InternetInternet
![Page 4: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/4.jpg)
Based on social trust;
OS, architecture and applications should become socially-aware;
OSN users assign/have inferred trust values for friends and objects;
Continuum trusted-untrusted.
A Trustworthy Computing Paradigm
![Page 5: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/5.jpg)
Distinguishing Benign x Malicious Signature, Behavior, Information-flow
models:◦ Automated, rigid and threat-specific.
Shift to Web-based computer paradigm:◦ Users accomplish most of their computing need
with browser.
![Page 6: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/6.jpg)
What if we leverage social trust to distinguish a continuum of trusted/untrusted?
◦ Flexibility
◦ Diversity
◦ Stronger security policies
How can we think differently?
![Page 7: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/7.jpg)
Signature-based◦ Defeated by code obfuscation, polymorphism,
metamorphism◦ Cannot prevent zero-day attacks
Behavior-based◦ Susceptible to false positives◦ Depends of relevant training data
Information flow-based◦ Usually assumes all data from the Internet as
untrusted: too restrictive
Traditional Defense Solutions
![Page 8: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/8.jpg)
Unpredictability
Diversity
Continuum of trust/untrusted values
Human role
What is Missing?
![Page 9: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/9.jpg)
In Sociology:◦ Essential commodity◦ Functional pre-requisite for society
Tool for making trustworthy decisions◦ Risk and uncertainty◦ An added bonus?
Computing with Social Trust◦ New research area
Social Trust
![Page 10: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/10.jpg)
Operating systems manages:
◦ Processes;
◦ Memory;
◦ File systems;
◦ I/O devices;
The Socially- Aware Framework
![Page 11: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/11.jpg)
Operating systems manages:
◦ Processes;
◦ Memory;
◦ File systems;
◦ I/O devices;
◦ Social trust
The Socially- Aware Framework
![Page 12: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/12.jpg)
The Socially-Aware OS
![Page 13: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/13.jpg)
People user is connected to: email addresses
Objects: URLs, files, IP addresses, files; Privacy preserved: only sharable objects
User Trust Repository
20 Years of Linux: http://www.cnn.com/2011/TECH/gaming.gadgets/08/25/linux.20/index.html?hpt=hp_bn7
Bowdoin College IP: 139.140.214.196/16
http://www.cc.gatech.edu/~brendan/Virtuoso_Oakland.pdf
http://sourceforge.net/projects/jedit/files/jedit/4.4.1/jedit4.4.1install.exe/download
![Page 14: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/14.jpg)
OSN Server
TR User 1
TR User 2
TR User 3
TR User N
TR Alice
NetworkNetwork
Trust-aware syscall interface
social_synch()
TR: Trust Repository
OS
Alice
TR Alice
Usage Model
![Page 15: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/15.jpg)
OSN Server
TR User 1
TR User 2
TR User 3
TR User N
TR Alice
NetworkNetwork
Trust-aware syscall interface
social_synch()
TR: Trust Repository
OS
Alice
TR Alice
Usage Model
![Page 16: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/16.jpg)
OSN Server
TR User 1
TR User 2
TR User 3
TR User N
TR Alice
NetworkNetwork
Trust-aware syscall interface
social_synch()
TR: Trust Repository
OS
Alice
TR Alice
Usage Model
![Page 17: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/17.jpg)
Adaptation of Web of Trust (Richardson et al.’ 03)
Modeling and Inferring Trust
tij = amount of trust user i has for her friend user j
tjk = amount of trust user j has for her friend user k
tik = amount of trust user i should have for user k, not directly connected, function of tij and tjk
![Page 18: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/18.jpg)
T – Personal Trust Matrix
NxN matrix, where N is the number of user
ti = row vector of user i trust in other users
tik = how much user i trusts her friend user k
tkj = how much user k trusts her friend user j
(tik . tkj) = amount user i trusts user j via k
∑k (tik . tkj) = how much user i trusts user j via any other node.
![Page 19: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/19.jpg)
Represents trust between any two users◦ Aggregation function concatenates trusts along
paths
M – Merged Trust Matrix
(1) M(0) = T(2) M(n) = T . M (n-1)
Repeat (2) until M(n) = M(n-1)
M(i) is the value of M in iteration i.
Matrix multiplication definition:
Cij = ∑k (Aik . Bkj)
![Page 20: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/20.jpg)
Personal beliefs:◦ Asserted by a user to an object in her trust
repository
How to Infer Trust for Objects?
bi = user i’s personal belief (trust) on a certain object.
b = collection of personal beliefs in a particular object
How much a user believes in any sharable object in the network?
![Page 21: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/21.jpg)
Computes for any user, her belief in any sharable object
The Merged Beliefs Structure (b)
(1) b(0) = b(2) b(n) = T . b(n-1) or (bi)n = ∑k (tik . (bk)n-1)
Repeat (2) until b(n) = b(n-1)
where:
b(i) is the value of b in iteration i.
![Page 22: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/22.jpg)
Streamline security policies and decision-making process:
◦ Restriction of system resources based on trust;◦ Software installation, URL visit.
Information-flow tracking with refined trust levels;
Anti-SPAM techniques.
Applications and Benefits
![Page 23: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/23.jpg)
OSN or OS compromised:◦ Attacker increases trust values for malicious
objects:
System behave as if trustworthy framework was never installed;
High trust values do not mean higher privileges: The higher the trust, the closer to default levels without
social trust
◦ Attacker decreases trust values for benign objects: DoS attack.
Threats to the Model
![Page 24: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/24.jpg)
Challenges
◦ Management and reliability of social data/trust: reliability, ethics issues, no standard API;
◦ The socially-aware kernel: managing multiple repositories, performance, usability, Sybil attacks, identity management.
◦ Confidentiality and Security: new vulnerabilities, privacy leaks, exporting trust information.
Concluding Remarks
![Page 25: Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649d145503460f949e844b/html5/thumbnails/25.jpg)
Thank you!