multiparty access control

WELCOME

LEVIN SIBI

ROLL NO.12

REG.NO.12122011

INTRODUCTION

ONLINE social networks (OSNs).

Virtual space and web pages.

User have no control over data residing outside their spaces.

Each user has a different privacy concerns about the data related

to them.

15-04-2015COET DEPT CSE

2

Each user can make a reference to his/her friends.

Reporting to OSNs only allows us to either keep or delete the content.

MPAC allows collaborative management of shared data.

Effectiveness and Flexibility of MPAC.


3

LITERATURE REVIEW

Representing and Reasoning about Web Access Control Policies: Gail- Joon Ahn

• Specifies access control policies for applications-mainly-cloud

Moving Beyond Untagging Photo Privacy in a Tagged World: Andrew Besmer

• Defines a set of rules

A Collaborative Framework for Privacy Protection in Online Social Networks: Huaixi Wang

• Provide encrypted data to server

• Each user make use of public, private keys


4

MAJOR SCENARIOS

Profile sharing.

Content sharing.

Relationship sharing.


5

MPAC MODEL

• OSN can be represented by a relationship network , a set of user groups ,a

collection of user data .

• Existing access control schemes.

• Single access control scheme.

• Concept of Multiple controllers.


6

• Major controllers

•Owner

•Contributor

• Stakeholder

•Disseminator


7


8

ACCESSOR

• Accessors are a set of users who are granted to access the

shared data

• sensitivity levels (SL) for conflict resolution.

• SL are multi dimensional with varying degree of sensitivity.


9

MPAC POLICY

A MPAC policy is a 5-tuple

Controller

Ctype

Accessor

Data

Effect


10

EXAMPLE

P = <controller; ctype; accessor; data; effect>

Data is specified as a tuple

p1 = (Alice,OW, {<friendOf,RN>},<status01, 0:50>,

permit)15-04-2015COET DEPT CSE

11

Multiparty policy evaluation process


12

• Different privacy concerns leads to conflicts

• Naïve solution

Allow common users.

Drawback

Too Restrictive

• Need for Effective Conflict resolution strategy

Maintain privacy and flexibility


13

MULTIPARTY POLICY EVALUATION

1. Voting scheme for decision making.

• Decision from each controller has an effect on final decision

• DV = 0 if evaluation of policy = Deny

1 if Evaluation of policy =Permit

• DVag=( DVow+DVcb+ 𝑖€𝑠𝑠𝐷𝑉𝑠𝑡 ) ×1

𝑚

where m is the no of controllers.15-04-2015COET DEPT CSE

14

• Sensitivity voting. Each controller assigns an SL to the shared data

item to reflect her/his privacy concern.

• A sensitivity score (SC) (in the range from 0.00 to 1.00)

• SC=( SLow+SLcb+ 𝑖€𝑠𝑠 𝑆𝐿𝑠𝑡 ) ×1

𝑚


15

2.Threshold-Based Conflict Resolution

• If the Sc is higher, the final decision has a high chance to deny access

• Otherwise allow access

• Decision= 𝑃𝑒𝑟𝑚𝑖𝑡 𝑖𝑓 𝐷𝑉 𝑎𝑔 > 𝑆𝑐𝐷𝑒𝑛𝑦 𝑖𝑓 𝐷𝑉 𝑎𝑔 ≤ 𝑆𝑐

• If any controller changes her/his policy or SL for the shared data item, the DV ag

and Sc will be recomputed,and the final decision may be changed accordingly


16

3. STRATEGY-BASED CONFLICT RESOLUTION WITH PRIVACY

RECOMMENDATION

• Major strategies

Owner-overrides

Decision= 𝑃𝑒𝑟𝑚𝑖𝑡 𝐷𝑉𝑎𝑔 = 1𝐷𝑒𝑛𝑦 𝐷𝑉𝑎𝑔 = 0

Full-consensus-permit

Decision= 𝑃𝑒𝑟𝑚𝑖𝑡 𝐷𝑉𝑎𝑔 = 1𝐷𝑒𝑛𝑦 𝑜𝑡ℎ𝑒𝑟𝑤𝑖𝑠𝑒


17

Majority-permit

Decision= 𝑃𝑒𝑟𝑚𝑖𝑡 𝐷𝑉𝑎𝑔 ≥ 1/2𝐷𝑒𝑛𝑦 𝐷𝑉𝑎𝑔 < 1/2

Super-majority-permit

Decision= 𝑃𝑒𝑟𝑚𝑖𝑡 𝐷𝑉𝑎𝑔 ≥ 1/3𝐷𝑒𝑛𝑦 𝐷𝑉𝑎𝑔 < 1/3


18

4.CONFLICT RESOLUTION FOR

DISSEMINATION CONTROL

• Disseminator can specify his policy concerns

• Weaker policy problems

• Deny Overrides strategy

• Logical AND operation


19


20

PROTOTYPE MODEL


21

FUTURE SCOPE

Auto-tagging

Encrypted Data Sharing

Advertisement policy specification


22

CONCLUSION

Multiparty policy specification

Mcontroller

Flexible selection of strategies


23

REFERENCES

G. Ahn and H. Hu, “Towards Realizing a Formal RBAC Model in Real Systems,” Proc. 12th ACM Symp. Access Control Models and Technologies, pp. 215-224, 2007.

G. Ahn, H. Hu, J. Lee, and Y. Meng, “Representing and Reasoning about Web Access Control Policies,” Proc. IEEE 34th Ann.

Computer Software and Applications Conf. (COMPSAC), pp. 137-146, 2010.

Besmer and H.R. Lipford, “Moving beyond Untagging: Photo Privacy in a Tagged World,” Proc. 28th Int’l Conf. Human Factors in

Computing Systems, pp. 1563-1572, 2010.

L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda, “All Your Contacts Are Belong to Us: Automated Identity theft Attacks on Social

Networks,” Proc. 18th Int’l Conf. World Wide Web, pp. 551-560, 2009.

B. Carminati and E. Ferrari, “Collaborative Access Control in On- Line Social Networks,” Proc. Seventh Int’l Conf. Collaborative

Computing: Networking, Applications and Worksharing (Collaborate- Com), pp. 231-240, 2011.


24

THANK YOU

Engineering

multiparty access control