Social Networks For Dummies Or some clues about Distributed Knowledge Base with Privacy
description
Transcript of Social Networks For Dummies Or some clues about Distributed Knowledge Base with Privacy
1
Social Networks For DummiesOr some clues about Distributed Knowledge Base with Privacy
Serge Abiteboul, Alban Galland and a bunch of different people
Webdam, INRIA Saclay-Ile-de-France
2
Summary
• Introduction• Definitions• Goal• Related works
• Distributed Knowledge Base with Privacy • Ask-owner implementation• Indexed-DHT implementation• Friendly-Gossip Implementation
• Declarative Expression of Privacy• Social Knowledge Mining• Demonstration• Conclusion
3
My definition of Social Network
• Social Network: a (web) application where users store and consult data and interact with data of other users following explicit relationships
• Some important notions• Users : people• Data : graph of XML documents,
AXML• Data-management : storage,
replication, query• Relationship
4
My definition of Privacy
• Privacy: the fact that a user keeps control over her data and activity
• Some important notions• Read and write permissions• Delegation of permissions• (Anonymity of activity)• (Anonymity of aggregated data)
5
Goal
• Define and implement the basis for a distributed social network that guarantees access control
• More precisely• Distributed knowledge base with access control• Declarative high level access control specification
• Also• Social network application• Social knowledge mining
6
Related works
• Social network• Some typically centralized SN systems with limited access
control management• Some SN-specific applications• Some works on knowledge mining in SN
• Distribution• Distributed Hash Table and indexing (KadoP)• Friend based P2P
• Privacy• Access control and logic• Cryptography
7
Distributed Knowledge Base with Privacy
• Access control lists at the principal level• A principal corresponds to a set of access rights and
documents – e.g., a user or a group• Rights : read (query), append, write (delete), own
(grant, revoke)
• Some languages (logics) to speak about cryptography and communications• Signature, encryption• Time• Messages
8
Distributed Knowledge Base with Privacy
• One can consider different architectures/ implementations
• We focus on (1+) 3• (Centralized system)• Ask-owner implementation• Indexed-DHT implementation• Friendly-Gossip implementation
9
Ask-owner implementation
• Basic semantic
Signed InstructionsResults
Ownership
10
Indexed-DHT implementation
Signed InstructionsEncrypted Results
Ownership1
1 2
AccessAccess
Index
11
Indexed-DHT implementation
• Principals are no more physically hosted by one machine but data are distributed as posts on a P2P system with a DHT
• Each post is signed and encrypted. Hosts : • Understand some meta-data • Do not understand the content they store
• Three key kinds of posts : update (write or append), access and index
12
Indexed-DHT implementation
Update posts • q says (doc@q, tapply , T, C for q) where :• q : principal id• doc : document id• tapply : update timestamp
• T : write or append• C for q : content encrypted by a reader public
key
• Write/Append right = signature private key
• A host can easily check it get a valid post
1
1
13
Indexed-DHT implementation
Update posts • Read right = reader private key• A reader can check she gets a valid
version, or otherwise ask another host• In the general case, hosts exchange
signatures on list of posts• If you forget about append, replication can be
replaced by time of validity and refresh
1
1
14
Indexed-DHT implementation
Access posts • q says tapply,(key for u), (u,R for q) where :• q : principal id• u : another principal • key : cryptographic key (explicit
delegation)• R : access right (read, write, append,
own)
• Revocation : add time to post + full (or lazy) regeneration of dirty keys
Access
15
Indexed-DHT implementation
Index posts • Balance between leak of information and efficiency of queries
• May need more meta-data, like an encryption schema
• Could be managed as regular update
Index
16
Indexed-DHT implementation
• Other versions depending of• Hierarchy of rights• Who can access the list of access controls of a
principal
• Some reasons to use a logic language for access control • Need a clear way to express the exchange of
knowledge• Need to make some proof
17
Friendly-Gossip Implementation
Signed InstructionsEncrypted Results
Ownership
18
Declarative Expression of Privacy
• Example• People who are tagged on one of my photos can
see this photo• People who are friends of two of my friends can
read my Wall• People who are best friends of mine can write on
my Wall
• Problems• Uncontrolled deduction• Fix-point semantic
19
Social Knowledge Mining
• Previous works • Recommendation: previous works at Yahoo!
Research with Sihem Amer-Yahia• Corroboration (with Serge, Amelie and Pierre S.)
• What remains in a distributed system with access control?
• Introducing higher level of semantic (belief…)
20
Demonstration
• Some functionalities already implemented during Marilena Oita internship• A user interface and global logic• Some part of Distributed Knowledge Base with
Privacy • Declarative Privacy is missing
21
Conclusion
• This is work in progress• We are currently focusing on distributed
knowledge base with access control, wondering if there is any link with knowledge management
• Hidden behind trendy Social Networks, we believe there are real topics of research, in particular in distributed systems