Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of British Columbia Towards Web 2.0 Content Sharing Beyond Walled Gardens San-Tsai Sun Supervisor: Kosta Beznosov Laboratory for Education and.

Published byGarry Anderson Modified over 9 years ago

Similar presentations

Presentation on theme: "University of British Columbia Towards Web 2.0 Content Sharing Beyond Walled Gardens San-Tsai Sun Supervisor: Kosta Beznosov Laboratory for Education and."— Presentation transcript:

1 University of British Columbia Towards Web 2.0 Content Sharing Beyond Walled Gardens San-Tsai Sun Supervisor: Kosta Beznosov Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University of British Columbia

2 practical problem 2 lack of usable mechanisms for secure Web 2.0 user content sharing across content and service providers (CSPs)

3 content sharing scenario 3 CCA scouts only Colonial Coast Adventures (CCA) Girl Scouts Alice Jenny Picasa Web Alice’s CCA scout friends in Picasa Web

4 question 4 how to enable useful sharing of Web 2.0 content across CSPs? can existing technologies enable this type of sharing?

5 secret-link approach 5 Alice Picasa Web jenny@aol.com Jenny http://picasaweb.google.com/Alice?authkey=Gv1sRgCOzuv usable for Web users easy to implement by CSPs Alice does not have control over Jenny’s sharing of secret link with others Alice has to know Jenny’s email secret-link

6 design goals content sharing useful for average users user-centric, i.e., access policy and identity follow the user only use browser, no special software or crypto on the user computer CSPs – separation of content hosting and content sharing – not required to change their existing access- control mechanism 6

7 approach OpenID email extension [1] to enable OpenID IdPs to use email as an alternative identifier – www.alo.com/santsai vs. santsas@alo.com policy hosting service – role-based trust-management policy language (RT) for credentials and policies [2] – distributed membership and containment queries 7 [1] B. Adida, “EmID: Web authentication by email address,” in The Proceedings of Web 2.0 Security and Privacy Workshop 2008, Oakland, California, USA, 2008. [2] N. Li, J. C. Mitchell, and W. H. Winsborough, “Design of a role-based trust-management framework,” in SP ’02 Proceedings of the 2002 IEEE Symposium on Security and Privacy, 2002

8 sharing scenario 8 CCA Alice Picasa Web policy service Gmail Alice @gmail.com.scout  CCA.@yahoo.scout CCA.scout  Alice @gmail.com CCA.scout  Jenny @aol.com CCA.scout  Betty @hotmail.com policy service Yahoo Alice @gmail.com.scout secret-link, Alice @gmail.com.scout memberships secret-link

9 access scenario 9 Picasa Web policy service Gmail Alice @gmail.com.scout  CCA.@yahoo.scout CCA CCA.scout  Alice @gmail.com CCA.scout  Jenny @aol.com CCA.scout  Betty @hotmail.com policy service Yahoo Alice @gmail.com.scout Jenny @aol.com, Alice @gmail.com.scout containment Jenny secret-link OpenID email AOL Jenny @aol.com yes/no

10 content sharing scenario 2 10 CCA scouts and their parents only Colonial Coast Adventures (CCA) Girl Scouts Mary Alice Jenny Picasa Web Alice’s scout friends in Picasa Web

11 sharing scenario 2 11 CCA Alice Picasa policy service Gmail Alice @gamil.com.scout  CCA.@yahoo.scout Alice @gamil.com.scout_parent  Alice @gamil.com.scout.parent CCA.scout  Alice @gamil.com CCA.scout  Jenny @aol.com CCA.scout  Betty @hotmail.com policy service Yahoo Alice @gamil.com.scout_parent Alice @gamil.com.scout Alice @gamil.com.scout_parent Jenny policy service AOL Jenny @aol.com.parent  Mary @hotmail.com

12 Alice @gamil.com.scout  CCA.@yahoo.scout Alice @gamil.com.scout_parent  Alice @gamil.com.scout.parent access scenario 2 12 Picasa CCA CCA.scout  Alice @gamil.com CCA.scout  Jenny @aol.com CCA.scout  Betty @hotmail.com policy service Yahoo Alice @gamil.com.scout_parent,Mary @hotmail.com memberships secret-link yes/no policy service AOL Jenny @aol.com.parent  Mary @hotmail.com Alice @gamil.com.scout Alice @gamil.com.scout_parent containment Jenny secret-link Mary policy service Gmail

13 progress up-to-date protocols/algorithms for distributed memberships and containment queries preliminary prototype initial performance evaluation 13

14 open questions what is the expressiveness of sharing control that users need? how to design useable interface for controlled sharing? how to limit transitive trust? – A trusts B  B trusts C  A trusts C how to preserve the confidentiality of credentials and policies? – CCA does not want everybody to know email addresses of its scouts 14

15 future work investigate user needs in controlled sharing design user interface evaluate usability investigate an approach for limiting transitive trust preserve the confidentiality of credentials and policies investigate phishing/spam prevention improve performance 15

16 San-Tsai Sun 16  San-Tsai Sun and Konstantin Beznosov. Open problems in Web 2.0 user content sharing. Presented at iNetSec Workshop, April 23th 2009.  San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Towards enabling web 2.0 content sharing beyond walled gardens. To be presented at the Workshop on Security and Privacy in Online Social Networking, August 29th 2009

17 literature review user content sharing practices federated identity management attribute-based access control systems distributed authorization systems current sharing solutions provided by CSPs 17

18 literature review results (1) email is the most commonly used sharing mechanism [Voida 2006, Miller 2007, Whalen 2008] Open ID is an open and user-centric identity solution without pre-trust between CSPs and IdPs 18 S. Voida, W. K. Edwards, M. W. Newman, R. E. Grinter, and N. Ducheneaut, “Share and share alike: exploring the user interface affordances of file sharing,” in Proceedings of the SIGCHI conference on Human Factors in computing systems CHI ’06:. New York, NY, USA: ACM, 2006, pp. 221–230. A. D. Miller and W. K. Edwards, “Give and take: A study of consumer photo-sharing culture and practice,” in Proceedings of the CHI 2007, San Jose, California, USA, April 28 –May 3 2007, pp. 347–356. T. Whalen, “Supporting file sharing through improved awareness,” Ph.D. Dissertation, Dalhousie University, Canada, 2008. D. Recordon and B. Fitzpatrick, “OpenID authentication 2.0 - final,” http://openid.net/specs/openid- authentication-2 0.html, December 2007.

19 literature review results (2) characteristics of attribute-based access control [Li 2002] distributed authority attribute inference attribute-based delegation attribute with fields RT [Li 2002] policy language supports attribute-based credential and policy concise ( 4 types of policy statements) 19 N. Li, J. C. Mitchell, and W. H. Winsborough, “Design of a role-based trust-management framework,” in SP :’02 Proceedings of the 2002 IEEE Symposium on Security and Privacy, 2002c

20 secret-link approach supported by Google, Yahoo, Facebook, … a hard-to-guess URL that identifies a shared content usable for Web users Alice does not have control over Jenny’s sharing secret link with others no support for attribute-based sharing TBD: Show flicker secret link … 20

Download ppt "University of British Columbia Towards Web 2.0 Content Sharing Beyond Walled Gardens San-Tsai Sun Supervisor: Kosta Beznosov Laboratory for Education and."

Similar presentations

Tool-Support for Interdisciplinary and Collaborative User Interface Specification IADIS 2008 Amsterdam – Workgroup HCI University of Konstanz – Thomas.

Tool-Support for Interdisciplinary and Collaborative User Interface Specification IADIS 2008 Amsterdam – Workgroup HCI University of Konstanz – Thomas.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.

Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Department of Electrical & Computer.

Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Department of Electrical & Computer.
Project topics – Private data management Nov. 2011.

Project topics – Private data management Nov
Access Control Enforcement Delegation for Information-Centric Networking Architectures N. Fotiou, G.F. Marias, G.C Polyzos.

Access Control Enforcement Delegation for Information-Centric Networking Architectures N. Fotiou, G.F. Marias, G.C Polyzos.
Will Darby 91.514 5 April 2010.  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
By: Ansuya Chauhan.

By: Ansuya Chauhan.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (http://cups.cs.cmu.edu/course-guide/)

Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Will Darby 91.514 5 April 2010.  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.

Will Darby April  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.

“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

Similar presentations

Ads by Google