Security on Social Networks Or some clues about Access Control in Web Data Management with Privacy,...
description
Transcript of Security on Social Networks Or some clues about Access Control in Web Data Management with Privacy,...
1
Security on Social NetworksOr some clues about Access Control in Web Data Management with Privacy, Time and Provenance
Serge Abiteboul, Alban Galland and a bunch of different people
Webdam, INRIA Saclay-Ile-de-France
2
Alban Galland, Security on Social Networks , 01/12/2009
Summary
• Introduction• General definitions• Goal• Related works
• Distributed Knowledge Base with Privacy • Basic notions and model• Systems properties• Systems Description: @home, @host, @host-dht, @friends• Extensions
• Declarative Expression of Privacy• Demonstration• Conclusion
3
Alban Galland, Security on Social Networks , 01/12/2009
Our definition of Social Network
• Social Network: a (web) application where users store and consult data and interact with data of other users following explicit relationships
• Some important notions• Users : people• Data : graph of XML documents,
AXML• Data-management : storage,
replication, query• Relationship
4
Alban Galland, Security on Social Networks , 01/12/2009
Our definition of Privacy
• Privacy: the fact that a user keeps control over her data and activity
• Some important notions• Read and write permissions• Delegation of permissions
• No focus on anonymity• Anonymity of requests• Anonymity of aggregated data
5
Alban Galland, Security on Social Networks , 01/12/2009
Goal
• Define and implement the basis for a distributed social network that guarantees access control
• More precisely• Distributed knowledge base with access control• Declarative high level access control specification
6
Alban Galland, Security on Social Networks , 01/12/2009
Related works
• Social network• Some typically centralized SN systems with limited access
control management• Some SN-specific applications [2,4]• Some works on knowledge mining in SN
• Distribution• Distributed Hash Table and indexing (KadoP)• Friend based P2P
• Privacy• Access control and logic [1,5]• Cryptography [3]
7
Alban Galland, Security on Social Networks , 01/12/2009
Distributed Knowledge Base with Privacy
• Basic notions and model• Systems properties• Systems description
• @home• @host• @host-dht• @friends
• Extensions
8
Alban Galland, Security on Social Networks , 01/12/2009
Basic notions and model
• Principal• User, group, machine: something which could be authenticated• may make statement about her data and meta-data• may be a peer, having computational resources, storage,
availability
• Documents• Identified by their owner id and a local id• Basically, (xml) trees with references to others documents• Alice states news@rockclimbing=T
9
Alban Galland, Security on Social Networks , 01/12/2009
Basic notions and model
• Access rights• Rights: read, write, own• Access control list• Alice states Bob reader@rockclimbing
• Keys• Cryptographic secrets• Alice states readkey@rockclimbing
10
Alban Galland, Security on Social Networks , 01/12/2009
Basic notions and model
• External knowledge• Generated by communication• Alice says Alice states news@rockclimbing=T to Bob• Well-formed communication trace: C says (B says (A says (A states …) to B) to C) to D
• Keep trace of provenance• Encryption
• Alice says (Alice states news@rockclimbing= (T encrypted for Bob as owner) to Cedric
11
Alban Galland, Security on Social Networks , 01/12/2009
Basic notions and model
• Instructions• CreatePrinc, CreateDoc• Write• Grant, Revoke• Say• Get
• Bob -> write(news, rockclimbing, T)
12
Alban Galland, Security on Social Networks , 01/12/2009
Basic notions and model
• Factification:• Transformation of an instruction in a statement• Bob says Bob -> write(news,rockclimbing,T) to Alice• Alice states news@rockclimbing=T requested by Bob
• Authentication and time• Alice owner’s key• Rockclimbing writer’s key• Alice keeps proof of the request• Local time of Alice
13
Alban Galland, Security on Social Networks , 01/12/2009
Basic notions and model
• Collections• Flat document of references to other documents• New statements, rights and instructions : append, remove• Alice states members@rockclimbing += profile@Bob• Same get instruction as any other document• Interesting example: index, mailbox, local files directory…
14
Alban Galland, Security on Social Networks , 01/12/2009
Systems properties
• System• Peers and protocol applied by peers.
• Well-formed• All the data is on the form of statements or well-formed
communication chains• References to documents always correspond to a document
(eventually empty)• References to principal always correspond to a principal
15
Alban Galland, Security on Social Networks , 01/12/2009
Systems properties
• Soundness• Access to document, access rights and keys (read and write) is
correct according to access control defined by access rights
• Safety-Property• A system is safe if a (correct) peer send data in clear to people it
has verified proof of access right or send data encrypted with the correct key else.
• Meta-theorem• A system which verify safety-property is sound
16
Alban Galland, Security on Social Networks , 01/12/2009
Systems properties
• Completeness• A principal is aware of any document she could access• A principal is always sure that she get the last version of a data• A principal is always sure to get all the append and remove
statements of a collection
• Could be relaxed to probabilistic notions
17
Alban Galland, Security on Social Networks , 01/12/2009
Systems description
• One can consider different systems• We focus on 4 of them, as proof of concept
• @home: data on trusted owner host• @host: data on untrusted host• @host-dht: data on untrusted dht• @friends
18
Alban Galland, Security on Social Networks , 01/12/2009
@home
• Bob -> say (Bob -> get(news@rockclimbing)) to Alice• Alice -> say (Alice states news@rockclimbing=T) to Bob
Signed InstructionsResults
Ownership
•Interesting particular case: facebook
19
Alban Galland, Security on Social Networks , 01/12/2009
@host
Signed InstructionsEncrypted Results
• Alice -> say (Alice states news@rockclimbing=(T encrypted for rockclimbing as reader)) to host
• Bob -> say (Bob -> get(news@rockclimbing)) to host• host -> say (Alice says (Alice states news@rockclimbing=(T
encrypted for rockclimbing as reader))) to Bob
Signed Statements
20
Alban Galland, Security on Social Networks , 01/12/2009
@host-dht
Signed InstructionsEncrypted Results
Encrypted statements1
1 2 11
• Use time-stamp and redundancy to avoid update denial of documents• Use co-signatures of hosts to avoid update denial of collections
21
Alban Galland, Security on Social Networks , 01/12/2009
@friends
Signed InstructionsResults
Statements
22
Alban Galland, Security on Social Networks , 01/12/2009
Extensions
• Structured queries• Full-text search
• Problem of awareness is even stronger there
• Index• Balance between leak of information and efficiency of queries• May need more meta-data, like an encryption schema• Could be managed as regular update thanks to collections
23
Alban Galland, Security on Social Networks , 01/12/2009
Extensions
• Services• AXML service calls• Need specials access rights for executing and mounting services• Services may have special access rights to data, depending of
the context (cf. applications in Facebook)• Services could be used to support global knowledge, or complex
higher level policies.
24
Alban Galland, Security on Social Networks , 01/12/2009
Declarative Expression of Privacy
• Example• People who are tagged on one of my photos can see this photo• People who are friends of two of my friends can read my Wall• People who are best friends of mine can write on my Wall
• Problems• Uncontrolled deduction• Fix-point semantic
25
Alban Galland, Security on Social Networks , 01/12/2009
Demonstration
• Some functionalities already implemented during Marilena Oita internship• A user interface and global logic• Some part of Distributed Knowledge Base with Privacy • Declarative Privacy is missing
26
Alban Galland, Security on Social Networks , 01/12/2009
Demonstration
27
Alban Galland, Security on Social Networks , 01/12/2009
Conclusion
• This is work in progress• We are currently focusing on distributed knowledge base
with access control, but there is links with other domains: data integration, reasoning about knowledge, social data-mining…
• Hidden behind trendy Social Networks, we believe there are real topics of research, in particular in distributed systems
28
Alban Galland, Security on Social Networks , 01/12/2009
References
[1] Abadi et al, Logic in Access Control, FOSAD 2009
[2] Buchegger et al, PeerSon, P2P social networking – early experiences and insights, SNS 2009
[3] Canetti et al, Multicast security: A taxonomy and some efficient constructions, INFOCOM 1999
[4] Jawad et al, Protecting Data Privacy in structured P2P Networks, DMGP2PS 2009
[5] Mazieres et al, Separating key management from file system security, SIGOPS 1999