1 Security on Social Networks Or some clues about Access Control in Web Data Management with Privacy, Time and Provenance Serge Abiteboul, Alban Galland and a bunch of different people Webdam, INRIA Saclay-Ile-de-France

2 Alban Galland, Security on Social Networks, 01/12/2009 Summary Introduction General definitions Goal Related works Distributed Knowledge Base with Privacy Basic notions and model Systems properties Extensions Declarative Expression of Privacy Demonstration Conclusion

3 Alban Galland, Security on Social Networks, 01/12/2009 Our definition of Social Network Social Network: a (web) application where users store and consult data and interact with data of other users following explicit relationships Some important notions Users : people Data : graph of XML documents, AXML Data-management : storage, replication, query Relationship

4 Alban Galland, Security on Social Networks, 01/12/2009 Our definition of Privacy Privacy: the fact that a user keeps control over her data and activity Some important notions Read and write permissions Delegation of permissions No focus on anonymity Anonymity of requests Anonymity of aggregated data

5 Alban Galland, Security on Social Networks, 01/12/2009 Goal Define and implement the basis for a distributed social network that guarantees access control More precisely Distributed knowledge base with access control Declarative high level access control specification

6 Alban Galland, Security on Social Networks, 01/12/2009 Related works Social network Some typically centralized SN systems with limited access control management Some SN-specific applications [2,4] Some works on knowledge mining in SN Distribution Distributed Hash Table and indexing (KadoP) Friend based P2P Privacy Access control and logic [1,5] Cryptography [3]

7 Alban Galland, Security on Social Networks, 01/12/2009 Distributed Knowledge Base with Privacy Basic notions and model Systems properties Extensions

8 Alban Galland, Security on Social Networks, 01/12/2009 Basic notions and model Principal User, group, machine: something which could be authenticated may make statement about her data and meta-data may be a peer, having computational resources, storage, availability Documents Identified by their owner id and a local id Basically, (xml) trees with references to others documents Alice states

9 Alban Galland, Security on Social Networks, 01/12/2009 Basic notions and model Access rights Rights: read, write, own Access control list Alice states Bob  Keys Cryptographic secrets Alice states

10 Alban Galland, Security on Social Networks, 01/12/2009 Basic notions and model External knowledge Generated by communication Alice says Alice states to Bob Well-formed communication trace: C says (B says (A says (A states …) to B) to C) to D Keep trace of provenance Encryption Alice says (Alice states (T encrypted for Bob as owner) to Cedric

11 Alban Galland, Security on Social Networks, 01/12/2009 Basic notions and model Instructions CreatePrinc, CreateDoc Write Grant, Revoke Say Get Bob -> write(news, rockclimbing, T)

12 Alban Galland, Security on Social Networks, 01/12/2009 Basic notions and model Factification: Transformation of an instruction in a statement Bob says Bob -> write(news,rockclimbing,T) to Alice Alice states requested by Bob Authentication and time Alice owner’s key Rockclimbing writer’s key Alice keeps proof of the request Local time of Alice

13 Alban Galland, Security on Social Networks, 01/12/2009 Basic notions and model Collections Flat document of references to other documents New statements, rights and instructions : append, remove Alice states += Same get instruction as any other document Interesting example: index, mailbox, local files directory…

14 Alban Galland, Security on Social Networks, 01/12/2009 Systems properties System Peers and protocol applied by peers. Well-formed All the data is on the form of statements or well-formed communication chains References to documents always correspond to a document (eventually empty) References to principal always correspond to a principal

15 Alban Galland, Security on Social Networks, 01/12/2009 Systems properties Soundness Access to document, access rights and keys (read and write) is correct according to access control defined by access rights Safety-Property A system is safe if a (correct) peer send data in clear to people it has verified proof of access right or send data encrypted with the correct key else. Meta-theorem A system which verify safety-property is sound

16 Alban Galland, Security on Social Networks, 01/12/2009 Systems properties Completeness A principal is aware of any document she could access A principal is always sure that she get the last version of a data A principal is always sure to get all the append and remove statements of a collection Could be relaxed to probabilistic notions

17 Alban Galland, Security on Social Networks, 01/12/2009 Systems description One can consider different systems We focus on 4 of them, as proof of data on trusted owner data on untrusted data on untrusted

18 Alban Galland, Security on Social Networks, Bob -> say (Bob -> to Alice Alice -> say (Alice states to Bob Signed Instructions Results Ownership Interesting particular case: facebook

19 Alban Galland, Security on Social Networks, Signed Instructions Encrypted Results Alice -> say (Alice states encrypted for rockclimbing as reader)) to host Bob -> say (Bob -> to host host -> say (Alice says (Alice states encrypted for rockclimbing as reader))) to Bob Signed Statements

20 Alban Galland, Security on Social Networks, Signed Instructions Encrypted Results Encrypted statements Use time-stamp and redundancy to avoid update denial of documents Use co-signatures of hosts to avoid update denial of collections

21 Alban Galland, Security on Social Networks, Signed Instructions Results Statements

22 Alban Galland, Security on Social Networks, 01/12/2009 Extensions Structured queries Full-text search Problem of awareness is even stronger there Index Balance between leak of information and efficiency of queries May need more meta-data, like an encryption schema Could be managed as regular update thanks to collections

23 Alban Galland, Security on Social Networks, 01/12/2009 Extensions Services AXML service calls Need specials access rights for executing and mounting services Services may have special access rights to data, depending of the context (cf. applications in Facebook) Services could be used to support global knowledge, or complex higher level policies.

24 Alban Galland, Security on Social Networks, 01/12/2009 Declarative Expression of Privacy Example People who are tagged on one of my photos can see this photo People who are friends of two of my friends can read my Wall People who are best friends of mine can write on my Wall Problems Uncontrolled deduction Fix-point semantic

25 Alban Galland, Security on Social Networks, 01/12/2009 Demonstration Some functionalities already implemented during Marilena Oita internship A user interface and global logic Some part of Distributed Knowledge Base with Privacy Declarative Privacy is missing

26 Alban Galland, Security on Social Networks, 01/12/2009 Demonstration

27 Alban Galland, Security on Social Networks, 01/12/2009 Conclusion This is work in progress We are currently focusing on distributed knowledge base with access control, but there is links with other domains: data integration, reasoning about knowledge, social data- mining… Hidden behind trendy Social Networks, we believe there are real topics of research, in particular in distributed systems

28 Alban Galland, Security on Social Networks, 01/12/2009 References [1] Abadi et al, Logic in Access Control, FOSAD 2009 [2] Buchegger et al, PeerSon, P2P social networking – early experiences and insights, SNS 2009 [3] Canetti et al, Multicast security: A taxonomy and some efficient constructions, INFOCOM 1999 [4] Jawad et al, Protecting Data Privacy in structured P2P Networks, DMGP2PS 2009 [5] Mazieres et al, Separating key management from file system security, SIGOPS 1999