Download presentation
Presentation is loading. Please wait.
Published byDeirdre Simon Modified over 9 years ago
1
G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1
2
R ISE OF I NFORMATION S HARING Need to Know v/s Need to share 9/11 commission US Federal Systems Need to share: Uncover, respond and protect against threat Collaborative systems examples University Environment 2
3
M OTIVATION One of the central problems in information sharing is the ability to securely and differentially share information. This issue has been addressed by Ravi Sandhu et al in their model Group Centric Information Sharing(gSIS). Formal model for Group Centric Information sharing is available, but no practical implementation. 3
4
C ONTRIBUTION Develop a prototype for Group centric Information Sharing model using semantic web technologies Modeled Hierarchical groups using OWL. Leverage OWL’s capacity of automating group membership using Necessary and sufficient conditions 4
5
O UTLINE Background : Group Centric Information Sharing System Use-cases System Architecture System Implementation Results Algorithm Complexity Conclusion Future Work References 5
6
G ROUP C ENTRIC I NFORMATION S HARING Model developed by Ravi Sandhu et al A first step towards a formal and systematic study of Group-Centric Secure Information Sharing Models Brings users & objects together in a group Secure Meeting Room 6
7
P ROPERTIES Two types of properties Core gSIS properties Must be enforced by all the systems modeling gSIS. gSIS Operations A subset of the operations may be used in the system depending on designers discretion. 7
8
C ORE G SIS P ROPERTIES The core properties must be satisfied by any g-SIS specification o Persistence Properties When a user u is authorized to access an object o, it remains the same until a group event involving u or o occurs. o Authorization Provenance A user u will not be authorized to access an object o until both u and o are simultaneously group members o Bounded Authorization Authorizations do not increase during non-membership period. 8
9
G -SIS O PERATIONS 9 GROUP Authz (u,o,r)? Join Leave Add Remove Users Objects GROUP Authz (u,o,r)? Strict Join Strict Leave Liberal Add Liberal Remove Liberal Join Liberal Leave Strict Add Strict Remove Users Objects Figure courtesy Ram Krishnan et al[1]
10
M EMBERSHIP S EMANTICS Strict Vs Liberal Operations User operations: and Object operations: and 10 SJ (u) u not authorized to access objects added prior to join time SA (o) Users joining after add time not authorized to access o LL (u) u retains access to objects authorized at leave time LR (o) Users authorized to access o at remove time retain access Figure courtesy Ram Krishnan et al[1]
11
S TRICT J OIN V / S L IBERAL J OIN During Join, If the second Join ( u 1 ; g ) is an SJ. u 1 can access o 4 and o 5 but cannot access o 2 and o 3. If the Join was an LJ, u 1 can also access o 2 and o 3. During Leave SL : u 1 loses access to all group objects ( o 1 and o 2), LL: allows u 1 to retain access to o 2 11
12
S TRICT ADD V / S L IBERAL ADD During Add If ( o 2 ; g ) is a SA, Only u 1 can access the object. Users u 2 and u 3, joining later, cannot access this object. If ( o 2 ; g ) is a LA, Current user u 1 and future users u 2 and u 3 may access o 2. During Remove if Remove ( o 1 ; g ) is an SR, Every group user (including u 1) loses access to o 1. if Remove ( o 1 ; g ) is an LR, u 1 can continue to access o 1. However u 2 and u 3 will not have access to o 1. 12
13
OperationExplaination Strict Join(SJ)Only objects added after join time can be accessed Liberal Join(LJ)Can access objects added before and after join time Strict Leave(SL)Lose access to all objects on leave Liberal Leave(LL)Retain access to objects authorized before leave time Strict Add(SA)Only users who joined prior to add time can access Liberal Add(LA) Users who joined before or after add time may access Strict Remove(SR) All users lose access on remove Liberal Remove(LR)Users who had access at remove time retain access 13
14
S YSTEM U SE CASE Graduate Student Admissions Promotion and Tenure Committee (P&T) Social Media Application 14
15
G RADUATE S TUDENT A DMISSIONS A process in which graduate student applications are scrutinized by a group of faculty members from the department. Requirements Member should be able to access older application. Member should not have access to documents after leaving the groups. 15
16
Members join the group through ‘Liberal Join’. This will allow them to access previous applications Applications are added with ‘Liberal Add’ Members joining the committee at a later point of time should have access to these applications. Member leave the group using ‘Strict Leave’ Lose access to all the applications Applications are removed from the group using ‘Liberal Remove’. Members who previously have access will still be able to access the document. G RADUATE S TUDENT A DMISSIONS 16
17
P ROMOTION AND T ENURE C OMMITTEE (P&T) P & T committee consists of a group of full professors (tenured) who decide on the fate of an Associate professor under consideration for tenure. Requirements Members should not have access to the P&T documents of their senior members 17
18
Add the P&T documents with ‘Strict Add’ Members join the group though ‘Strict Join’/ ‘Liberal Join’ If a tenured professor leaves the group, then use ‘Strict Leave’, the documents are to be removed from the group then use ‘Strict Remove’. P ROMOTION AND T ENURE C OMMITTEE (P&T) 18
19
S OCIAL M EDIA APPLICATION 19
20
S OCIAL M EDIA APPLICATION Amit becomes a friend of Dr Finin Amit gets access to all the personal information as well as the content (from Facebook Wall) that was shared previously This might not be as per Dr Finin’s expectation gSIS to the rescue 20
21
D R F ININ, BEFORE ADDING AS A FRIEND 21
22
A FTER ADDING AS A FRIEND 22
23
W HAT G SIS CAN OFFER ? if Dr Finin adds a new friend Amit to his friend list through Strict Join: Amit will be able to access the data posted after his join time, overcoming the problem discussed in the previous slide “Share From now” button? Liberal Join: In addition to allowing access to new documents, Liberal Join would allow Amit to access posts that Dr Finin shared prior to Amit’s join time through Liberal Add. “Share Everything” button? For Posts, Strict Add: Dr Finin should use this operation, if he wants to share the post with current set of friends and protect from his future friends. Liberal Add: This post can be accessed by current friends as well as new friends who join at a later point of time through Liberal Add. 23
24
I NCORPORATING G SIS INTO F ACEBOOK : A DDING A F RIEND SJ LJ 24
25
I NCORPORATING G SIS INTO F ACEBOOK : A DDING A P OST Current Current + Future LA SA 25
26
26 SRLR I NCORPORATING G SIS INTO F ACEBOOK : R EMOVING A F RIEND
27
27 I NCORPORATING G SIS INTO F ACEBOOK : R EMOVING A P OST
28
C OMPARISON TO CURRENT F ACEBOOK MODEL Liberal Join Liberal Add Strict Leave Strict Remove 28
29
R EVIEW o Every user and document is associated with at least one group. o Multiple groups may exist. o Groups may further be hierarchical. o A user may join and leave the group multiple number of times. o A document may be added and removed from the group multiple number of times. o The access decision of a user to a document depends on multiple factors like Join type, Add type and the timestamps associated. 29
30
SYSTEM ARCHITECTURE 30
31
Hierarchy Ontology Decision Engine gSIS Rules Inferred Data Group data Results gSIS Ontology Access decisions Reasoning S YSTEM A RCHITECTURE 31
32
G ROUP O PERATION D ATA Data about the group members/documents and their operations. Group user can join and leave the group multiple numbers of times,,,,, 32
33
H IERARCHY O NTOLOGY Used to represent the hierarchy of the system Helps to infer the additional groups that the member belongs to In a hierarchy of Professor, Asst Professor and Lab Instructor. An user added to a Professor group should by default have access to the documents added to Asst Professor and Lab Instructor group. 33
34
CEOCTO Project Manager Team Lead Associate Engineer CFO Finances Team H IERARCHY IN G ROUPS Disaster Management Group Fire Fighters Police Department Ambulance 34
35
M OTIVATION FOR U SING S EMANTIC WEB System Understandable Usage of Ontology makes the system flexible and extendable. gSIS is modeled using temporal logic, thus developing the prototype using OWL(based on logic) helps to prove the correctness of the model. 35
36
I NFERRED D ATA The RDFS reasoner is used to infer additional groups to which the user belongs to; using the hierarchy ontology. The inferred data along with the Group data is then fed to the decision engine. 36
37
G SIS O NTOLOGY 37
38
D ECISION E NGINE Central system of the gSIS model Every access decision depends on the combination of group operations and the timestamp’s associated with them. The rules are modeled to cover all combinations of events that can occur in a group centric information sharing environment. 38
39
S TRICT J OIN, S TRICT A DD, S TRICT L EAVE, S TRICT R EMOVE Let U j & U L be the User Join and Leave time and D A & D R be the Document Add and Remove time User Join (U j ) Doc Add (D A ) Access time [D A – Min (U L, D R )] User Leave (U L ) Doc Remove (D R ) 39
40
L IBERAL J OIN, L IBERAL A DD, L IBERAL L EAVE, L IBERAL R EMOVE Let U j & U L be the User Join and Leave time and D A & D R be the Document Add and Remove time User Join (U j ) Doc Add (D A ) Access time [Max(U J,D A ) – Max (U L, D R )] User Leave (U L ) Doc Remove (D R ) 40
41
S TRICT J OIN, L IBERAL A DD, S TRICT L EAVE, L IBERAL R EMOVE Let U j & U L be the User Join and Leave time and D A & D R be the Document Add and Remove time User Join (U j ) Doc Add (D A ) Access time [D A –U L ] User Leave (U L ) Doc Remove (D R ) 41
42
L IBERAL J OIN, S TRICT A DD, L IBERAL L EAVE, S TRICT R EMOVE Let U j & U L be the User Join and Leave time and D A & D R be the Document Add and Remove time User Join (U j ) Doc Add (D A ) Access time [D A –D R ] User Leave (U L ) Doc Remove (D R ) 42
43
C ONCLUDE DECISION ENGINE Can observe a pattern Check for conformance with gSIS operations properties Compute access start time Compute access end time. Constructing the rule becomes tedious and complex to handle in OWL. Our prototype uses an pragmatic approach, Semantic web + procedural method. Semantic Web technology to represent and reason about the hierarchy; Procedural method to compute access decisions relying on the gSIS semantics. 43
44
A UTOMATING G ROUP M EMBERSHIP Automatically classifies users to relevant groups. Leverages OWL feature of Necessary and Sufficient conditions. Whenever a user satisfies the N&C, the user is added to the group. 44
45
E XAMPLE A Professor is added to the UMBC CS Tenure committee if He/She is a Full Professor A Professor @ UMBC. Faculty in the CS Department The ontology is as follows 45
46
N & C A UTOMATING G ROUP M EMBERSHIP 46
47
A UTOMATED D OCUMENT C LASSIFICATION Documents are classified as Top Secret, Secret, Confidential, Restricted, Unclassified. Groups can be governed by policies on the type of documents added to each group. Utilizes OWL Features and Hierarchy resolution 47
48
‘War room’ group contains all documents from level ‘ Top Secret’ and below. ‘Air Force’ group ‘Top Secret’ ‘ Air Force’ domain. ‘Air Force Research’ group ‘Air Force’ domain Unclassified 48
49
SYSTEM IMPLEMENTATION 49
50
S YSTEM I MPLEMENTATION 50
51
A LGORITHM The access decision algorithm consists of the following stages, Read the file and parse the Group Membership details. Read the hierarchy ontology file and generate the additional tuples using a reasoner by using the original Group membership data. Store the original and inferred tuples. Cluster the tuples in accordance to their group membership. Clustered tuples are read pair wise consisting of user and document membership details. 51
52
2 The next stage is to compute access interval between every user and document of the group. The precomputed access intervals will greatly improve the system’s readiness to handle any number of access decision queries. The pair is tested against the gSIS Join and Add semantics, if true The access start time is computed, [computation details are explained in the previous section and depend on the type and timestamp of the operation]. The access end time is computed depending on the Leave and Remove semantics. The generated access interval tuples are stored in the following format.,,, The system can now accept queries about access decision between any user and document that is/was a part of the group. 52
53
R ESULTS 53
54
V ALIDATION We develop sample data set for the P & T use case o To demonstrate hierarchical groups, we have two groups, ‘Tenure group’ and ‘Associate Professor Group’ o Data contains details about members and their documents. o Rule : Tenure group members have access to the documents of ‘Associate Professor group’ 54
55
Q UERIES 55
56
Q UERY 1: U SER -D OCUMENT -T IME Did Dr Finin have access to Dr Joshi’s Tenure file in 2005? Access Granted 56
57
Q UERY 2: U SER A CCESS D ETAILS List all the documents that Dr Finin has access to 57
58
Q UERY 3: D OCUMENT A CCESS List all the users who have access to ‘Andrewdoc' [Andrew is an Assistant Prof and under consideration for tenure] 58
59
Q UERY 4: T IME BASED A CCESS List all the documents that were accessible to users in 1994 59
60
Q UERY 5: U SER -D OCUMENT Did Dr Finin ever have access to Nicholasdoc? 60
61
A LGORITHMIC C OMPLEXITY n users m documents Computing Access intervals would take n*m O(nm) when m=n O(n 2 ) Whenever group membership changes User joins the group: (1 * m) O(m) Document is added to the group: (n * 1) O(n) 61
62
C ONCLUSION We have presented a agile framework for secure information sharing. We have also modeled gSIS to support hierarchical groups and opened up opportunities to extend gSIS in several dimensions like automated group membership. Finally we have demonstrated the usefulness of gSIS in real world applications. 62
63
F UTURE W ORK Develop the administrative model for gSIS. Write policies to enforce the gSIS operation semantics. 63
64
64
65
65
66
R EFERENCES [1]Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, Foundations for Group-Centric Secure Information Sharing ModelsFoundations for Group-Centric Secure Information Sharing Models. Proc. 14th ACM Symposium on Access Control Models and Technologies (SACMAT), Stresa, Italy, June 3-5, 2009, pages 115-124. [2] Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, Towards aTowards a Framework for Group-Centric Secure CollaborationFramework for Group-Centric Secure Collaboration. In Proc. 5th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), Crystal City, Virginia, November 11-14, 2009, pages 1-10. [3] Ravi Sandhu, Ram Krishnan, Jianwei Niu and William Winsborough, Group-CentricGroup-Centric Models for Secure and Agile Information SharingModels for Secure and Agile Information Sharing. In Proceedings 5th International Conference, on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2010, St. Petersburg, Russia, September 8-10, 2010, pages 55-69. Published as Springer Lecture Notes in Computer Science Vol. 6258, Computer Network Security (Igor Kotenko and Victor Skormin, editors), 2010. [4] T. Finin, A. Joshi, L. Kagal, J. Niu, R. Sandhu, W. Winsborough, and B. Thuraisingham, ROWLBAC - Representing Role Based Access Control in OWL, Proceedings of the 13th ACM symposium on Access Control Models and Technologies, ACM Press New York, June 2008. 66
67
[5] Anne Cregan, Malgorzata Mochol, Denny Vrandecic, Sean Bechhofer Pushing the limits of OWL, Rules and Pushing the limits of OWL, Rules and Protégé. A simple example Protégé. A simple example Workshop - OWL: Experiences and Directions (OWLED-2005), Galway, Ireland, November 2005 [6] R. Sandhu et al, Role-Based Access Control Models, IEEE Computer, 29(2):38-47,Feb 1996, Google ScholarRole-Based Access Control ModelsGoogle Scholar Search [7] R. Sandhu and P. Samarati, Access Control: Principles and Practice, IEEEAccess Control: Principles and Practice Communications, 32(9): 40-48, Sept. 1994, Google Scholar SearchGoogle Scholar Search [8] Semantic web: http://www.w3.org/2001/sw/http://www.w3.org/2001/sw/ [9] Bechhofer, S.; van Harmelen, F.; Hendler, J.; Horrocks, I.; McGuinness, D.; Patel- Schneider, P.; and Stein, L. 2004. Owl web ontology language reference. w3c recommendation. [10] United States Intelligence community ‘INFORMATION SHARING STRATEGY’, Office Of the Director of National Intelligence, http://www.dni.gov/reports/IC_Information_Sharing_Strategy.pdf [11] Jones, H., and Soltren, J. 2005. Facebook: Threats to privacy. R EFERENCES 67
68
Building knowledge base (in ms) 6 users, 7 docs --- 1734 18 users, 21 docs – 2078 Handling Queries(in ms) 100 Queries - 156 1000 Queries – 656 10000 Queries -- 5719 68
69
R ELATED W ORK RBAC DAC MAC 69
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.