Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anupam Joshi and Tim Finin Ebiquity UMBC

Published byMae Gray Modified over 9 years ago

Similar presentations

Presentation on theme: "Anupam Joshi and Tim Finin Ebiquity UMBC"— Presentation transcript:

1 Anupam Joshi and Tim Finin Ebiquity UMBC http://ebiquity.umbc.edu/

2  Constraining Information Flow in Social Networks using Policies and Context  Probing Policy secured systems to recover policy  SOA based Infrastructure  Securing Clouds with Policy 2

3 3

4  Increase in the user generated content on web  Rise in the online interactions and content sharing among users  More dynamic context  Need to provide precise control over the conditions under which users can share their personal information 4

5  Availability of GPS functionality on phone devices like iPhone, HTC-G1 and network based positioning methods on internet  Social network maps friends and their locations using Maps API on the web  Content sharing relative to dynamic context (location and time)  Privacy is an important issue with the current systems like Google latitude, Loopt, Brightkite 5

6 6

7 Static knowledge about user profile, and networks of friends Knowledge about dynamic user context like current activity, location Privacy enforcement rules Reasoning Engine Network Privacy Control Framework Content Preferences Content Aggregator Social Media Policy network ontology Database 7

8  Policy network ontology  Integrates Rein and AIR policy ontology  Rein policies to provide access control and AIR policies to provide justification to the inferences made  Policies specified using N3 rules and Turtle  Reasoning engine  CWM, a forward chaining rule engine ▪ Pychinko, a forward chaining rule engine, written in Python, that implements Rete algorithm and allows for efficient processing of very large rule bases  Supports a significant subset of the math, string, time and logic built-ins 8

9 9 Policy(N3) Resource (User-location) Meta-Policy Policy Language (loc-access) Policy Language (loc-access) policy language meta-policy Request Requester Credentials Location-Access Answer Valid InValid access requester ans IsA Policy Network Ontology Request Ontology

10 Privacy Policy follows Deny-Access approach. It specifies authorization logic -- Authentication is separate  What information user is willing to share  With whom  Friends  Group of friends  Under what conditions  Day and time of the week  Location of the user, specifying the area in which user can be seen  Accuracy level of the (location) information 10

11 Example policies can be :  Share my location with teachers on weekdays only if I am in the university campus and only between 9 am and 6 pm  Share exact location with members of family group all the time, in all locations  Do not share my location if I am at any of the sensitive locations  Do not share my activity status with teachers on weekends  Share my activity status with only close friends 11

12 Example of location access control policy: Share my location with teachers on weekdays only if I am in the university campus and only between 9 am and 6 pm 12

13 Example of location access control policy: Share exact location with members of family group all the time, in all locations 13

14 14 Example of location access control policy: Do not share my location if user is at any of the sensitive locations

15 15 Example of activity access control policy: Do not share my activity status with teachers on weekends

16 16 Example of activity access control policy: Do not share my location if user is at any of the sensitive locations

17 17 Example of Accountability Policy: Checks the compliance of location request with user's policy

18  User shares her protected resources and defines the privacy preferences  System follows pull mechanism. All the different types of information sharing activities among participants are established by the privacy control module in the system.  Whenever any participant makes a query, it is sent to the privacy control module which in turn processes the query by reasoning over the policy networks associated with the resource, and returns the valid answer to the query.  Generalization is applied for the valid answers. 18

19  Client device is location aware device like GPS enabled phones or wi-fi enabled laptops  Google maps to plot user and her friends  User interface to define privacy preferences  Connects with Facebook accounts to fetch profile information and find networks of friends  Creates and stores policy ontology in persistent memory and reloads when required by reasoning engine 19

20 Privacy Configuration User Interface 20

21 Summary of features of our system and their comparison with the state of the art systems 21

22 22

23  Problem: A system whose access policy is known is more vulnerable to attacks and insider threat Attackers may infer likely policies from access observations, partial knowledge of subject attributes, and background knowledge  Objective: Strengthen policies against discovery  Approach: Explore techniques to propose policy theories via machine learning, including ILP and SVMs  Results: promising initial results for simple Role Based Access Control policies

24 24

25  Practically everyone’s plans are to move to Cloud based systems  Everyone thinks about security for clouds, but almost no one is doing it.  A lot of it is technology, but a lot is management as well  Much of the technology work is focused on isolation at the hypervisor level, but this is not enough  Policies driven security can be of great help in both the technological and management planes

26  Most existing work focuses on Isolation for Virtualization  You don’t always want to isolate, sometimes it is good (i.e. efficient) to share  Trusting the virtualized service provider on the cloud  Amazon disclaims any data loss, Facebook wants to own your data …  Constrain what the cloud can do  Don’t replicate outside of US jurisdiction, don’t co-locate with a job run by my competitor, …

27  Use computational policies to  Leverage Hypervisor level isolation functions to provide granular isolation  Allow users to specify what kind of security they need at the virtualization level ▪ Sharing and isolation requirements  Allow users to describe how their data is shared/used  Allow clouds to specify what security / Isolation they offer

28 Goal: self configuring network routers running in a coalition envi- ronment demonstrating constraints on border gateway protocol

29 29

30  An event-based model allows components to share context  Shared semantic models for descriptions, communication and policies  Initial prototype uses Apache Axis2 SOA Framework  Adding a shared Blackbook based component for situation awareness, policy reasoning and enhanced agent-based protocols for advertising, neg- otiation and argumentation service calls & interactions discoveryreleaseuse Blackbook policy reasoner DL reasoner back- ground knowledg eand LOD triple store context and situ- ation awareness Blackbook

31 Identify functional and technical specifications Determine domain, data type and it’s acceptable quality levels “Request for Service” SERVICE CLOUD CONSUMER Service Discovery Engine List of service providers with advertised service, service levels and cost Service Certification Quality of Service (QoS) contracts between primary service providers and dependent services Service Level Agreement (SLA) between consumer and primary service provider Service composed Dependant services Service packaged, delivered – one time or periodically as needed Service payment Service consumed Service Monitoring

32 Class Contract Class: Service Level Agreement  SLA Name  Description  SLA Metrics  Penalty Class Contract Negotiation Class : Quality of Service (QOS)  QOS Name  Description  QOS Metrics  Penalty is part of results in Class Dependent Service Sub- Contract Class Service Contract subClass of Class Provider Negotiation Class Consumer Negotiation subClass of results in is part of Class : Provider List  Provider  Service details  Service availability  Service Cost Is used in Class : Request for Service  Service Domain  Exp_Svc_Begin_Date  Exp_Svc_End_Date  RFS_Respond_by_dt  Cost_constraint Is used in

Download ppt "Anupam Joshi and Tim Finin Ebiquity UMBC"

Similar presentations

ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
www.dynamicsoft.com Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.

Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Policy based Cloud Services on a VCL platform Karuna P Joshi, Yelena Yesha, Tim Finin, Anupam Joshi University of Maryland, Baltimore County.

Policy based Cloud Services on a VCL platform Karuna P Joshi, Yelena Yesha, Tim Finin, Anupam Joshi University of Maryland, Baltimore County.
1 Context Modeling and Constraints Binding in Web Service Business Process Kosala Yapa Bandara, MingXue Wang, Claus Pahl Dublin City University Summarized.

1 Context Modeling and Constraints Binding in Web Service Business Process Kosala Yapa Bandara, MingXue Wang, Claus Pahl Dublin City University Summarized.
Integrated Lifecycle of IT Services in a Cloud Environment Karuna P Joshi Ebiquity Research Group, Computer Science and Electrical Engineering Dept, UMBC.

Integrated Lifecycle of IT Services in a Cloud Environment Karuna P Joshi Ebiquity Research Group, Computer Science and Electrical Engineering Dept, UMBC.
Trust Management of Services in Cloud Environments:

Trust Management of Services in Cloud Environments:
Operating System Security

Operating System Security
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.

SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev. 12-16-11)

1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev )
NextGRID & OGSA Data Architectures: Example Scenarios Stephen Davey, NeSC, UK ISSGC06 Summer School, Ischia, Italy 12 th July 2006.

NextGRID & OGSA Data Architectures: Example Scenarios Stephen Davey, NeSC, UK ISSGC06 Summer School, Ischia, Italy 12 th July 2006.
THE SECOND LIFE OF A SENSOR: INTEGRATING REAL-WORLD EXPERIENCE IN VIRTUAL WORLDS USING MOBILE PHONES Sherrin George & Reena Rajan.

THE SECOND LIFE OF A SENSOR: INTEGRATING REAL-WORLD EXPERIENCE IN VIRTUAL WORLDS USING MOBILE PHONES Sherrin George & Reena Rajan.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.
Omniran-13-0019-01-0000 1 OmniRAN Wi-Fi Hotspot Roaming Use Case Date: 2013-03-17 Authors: NameAffiliationPhone Max RiegelNSN+49 173 293

Omniran OmniRAN Wi-Fi Hotspot Roaming Use Case Date: Authors: NameAffiliationPhone Max RiegelNSN

Similar presentations

Ads by Google