Security on Social Networks Or some clues about Access Control in Web Data Management with Privacy,...

1

Security on Social NetworksOr some clues about Access Control in Web Data Management with Privacy, Time and Provenance

Serge Abiteboul, Alban Galland and a bunch of different people

Webdam, INRIA Saclay-Ile-de-France

2

Alban Galland, Security on Social Networks , 01/12/2009

Summary

• Introduction• General definitions• Goal• Related works

• Distributed Knowledge Base with Privacy • Basic notions and model• Systems properties• Systems Description: @home, @host, @host-dht, @friends• Extensions

• Declarative Expression of Privacy• Demonstration• Conclusion

3


Our definition of Social Network

• Social Network: a (web) application where users store and consult data and interact with data of other users following explicit relationships

• Some important notions• Users : people• Data : graph of XML documents,

AXML• Data-management : storage,

replication, query• Relationship

4


Our definition of Privacy

• Privacy: the fact that a user keeps control over her data and activity

• Some important notions• Read and write permissions• Delegation of permissions

• No focus on anonymity• Anonymity of requests• Anonymity of aggregated data

5


Goal

• Define and implement the basis for a distributed social network that guarantees access control

• More precisely• Distributed knowledge base with access control• Declarative high level access control specification

6


Related works

• Social network• Some typically centralized SN systems with limited access

control management• Some SN-specific applications [2,4]• Some works on knowledge mining in SN

• Distribution• Distributed Hash Table and indexing (KadoP)• Friend based P2P

• Privacy• Access control and logic [1,5]• Cryptography [3]

7


Distributed Knowledge Base with Privacy

• Basic notions and model• Systems properties• Systems description

• @home• @host• @host-dht• @friends

• Extensions

8


Basic notions and model

• Principal• User, group, machine: something which could be authenticated• may make statement about her data and meta-data• may be a peer, having computational resources, storage,

availability

• Documents• Identified by their owner id and a local id• Basically, (xml) trees with references to others documents• Alice states news@rockclimbing=T

9



• Access rights• Rights: read, write, own• Access control list• Alice states Bob reader@rockclimbing

• Keys• Cryptographic secrets• Alice states readkey@rockclimbing

10



• External knowledge• Generated by communication• Alice says Alice states news@rockclimbing=T to Bob• Well-formed communication trace: C says (B says (A says (A states …) to B) to C) to D

• Keep trace of provenance• Encryption

• Alice says (Alice states news@rockclimbing= (T encrypted for Bob as owner) to Cedric

11



• Instructions• CreatePrinc, CreateDoc• Write• Grant, Revoke• Say• Get

• Bob -> write(news, rockclimbing, T)

12



• Factification:• Transformation of an instruction in a statement• Bob says Bob -> write(news,rockclimbing,T) to Alice• Alice states news@rockclimbing=T requested by Bob

• Authentication and time• Alice owner’s key• Rockclimbing writer’s key• Alice keeps proof of the request• Local time of Alice

13



• Collections• Flat document of references to other documents• New statements, rights and instructions : append, remove• Alice states members@rockclimbing += profile@Bob• Same get instruction as any other document• Interesting example: index, mailbox, local files directory…

14


Systems properties

• System• Peers and protocol applied by peers.

• Well-formed• All the data is on the form of statements or well-formed

communication chains• References to documents always correspond to a document

(eventually empty)• References to principal always correspond to a principal

15


Systems properties

• Soundness• Access to document, access rights and keys (read and write) is

correct according to access control defined by access rights

• Safety-Property• A system is safe if a (correct) peer send data in clear to people it

has verified proof of access right or send data encrypted with the correct key else.

• Meta-theorem• A system which verify safety-property is sound

16


Systems properties

• Completeness• A principal is aware of any document she could access• A principal is always sure that she get the last version of a data• A principal is always sure to get all the append and remove

statements of a collection

• Could be relaxed to probabilistic notions

17


Systems description

• One can consider different systems• We focus on 4 of them, as proof of concept

• @home: data on trusted owner host• @host: data on untrusted host• @host-dht: data on untrusted dht• @friends

18


@home

• Bob -> say (Bob -> get(news@rockclimbing)) to Alice• Alice -> say (Alice states news@rockclimbing=T) to Bob

Signed InstructionsResults

Ownership

•Interesting particular case: facebook

19


@host

Signed InstructionsEncrypted Results

• Alice -> say (Alice states news@rockclimbing=(T encrypted for rockclimbing as reader)) to host

• Bob -> say (Bob -> get(news@rockclimbing)) to host• host -> say (Alice says (Alice states news@rockclimbing=(T

encrypted for rockclimbing as reader))) to Bob

Signed Statements

20


@host-dht

Signed InstructionsEncrypted Results

Encrypted statements1

1 2 11

• Use time-stamp and redundancy to avoid update denial of documents• Use co-signatures of hosts to avoid update denial of collections

21


@friends

Signed InstructionsResults

Statements

22


Extensions

• Structured queries• Full-text search

• Problem of awareness is even stronger there

• Index• Balance between leak of information and efficiency of queries• May need more meta-data, like an encryption schema• Could be managed as regular update thanks to collections

23


Extensions

• Services• AXML service calls• Need specials access rights for executing and mounting services• Services may have special access rights to data, depending of

the context (cf. applications in Facebook)• Services could be used to support global knowledge, or complex

higher level policies.

24


Declarative Expression of Privacy

• Example• People who are tagged on one of my photos can see this photo• People who are friends of two of my friends can read my Wall• People who are best friends of mine can write on my Wall

• Problems• Uncontrolled deduction• Fix-point semantic

25


Demonstration

• Some functionalities already implemented during Marilena Oita internship• A user interface and global logic• Some part of Distributed Knowledge Base with Privacy • Declarative Privacy is missing

26


Demonstration

27


Conclusion

• This is work in progress• We are currently focusing on distributed knowledge base

with access control, but there is links with other domains: data integration, reasoning about knowledge, social data-mining…

• Hidden behind trendy Social Networks, we believe there are real topics of research, in particular in distributed systems

28


References

[1] Abadi et al, Logic in Access Control, FOSAD 2009

[2] Buchegger et al, PeerSon, P2P social networking – early experiences and insights, SNS 2009

[3] Canetti et al, Multicast security: A taxonomy and some efficient constructions, INFOCOM 1999

[4] Jawad et al, Protecting Data Privacy in structured P2P Networks, DMGP2PS 2009

[5] Mazieres et al, Separating key management from file system security, SIGOPS 1999

Security on Social Networks Or some clues about Access Control in Web Data Management with Privacy,...

Documents

Transcript of Security on Social Networks Or some clues about Access Control in Web Data Management with Privacy,...