1 / 65

Group Centric Information sharing Using Hierarchical Model

Group Centric Information sharing Using Hierarchical Model. By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi. Rise of Information Sharing. Need to Know v/s Need to share 9/11 commission US Federal Systems Need to share: Uncover, respond and protect against threat

gunnar
Télécharger la présentation

Group Centric Information sharing Using Hierarchical Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Group Centric Information sharing Using Hierarchical Model By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi

  2. Rise of Information Sharing • Need to Know v/s Need to share • 9/11 commission • US Federal Systems • Need to share: Uncover, respond and protect against threat • Collaborative systems examples • University Environment

  3. Motivation • One of the central problems in information sharing is the ability to securely and differentially share information. • This issue has been addressed by RaviSandhu et al in their model Group Centric Information Sharing(gSIS). • Formal model for Group Centric Information sharing is available, but no practical implementation.

  4. Contribution • Develop a prototype for Group centric Information Sharing model using semantic web technologies • Modeled Hierarchical groups using OWL. • Leverage OWL’s capacity of automating group membership using Necessary and sufficient conditions

  5. Outline • Background : Group Centric Information Sharing • System Use-cases • System Architecture • System Implementation • Results • Algorithm Complexity • Conclusion • Future Work • References

  6. Group Centric Information Sharing • Model developed by RaviSandhu et al • A first step towards a formal and systematic study ofGroup-Centric Secure Information Sharing Models • Brings users & objects together in a group • Secure Meeting Room

  7. Properties Two types of properties • Core gSIS properties • Must be enforced by all the systems modeling gSIS. • gSIS Operations • A subset of the operations may be used in the system depending on designers discretion.

  8. Core gSIS Properties The core properties must be satisfied by any g-SIS specification • Persistence Properties When a user u is authorized to access an object o, it remains the same until a group event involving u or o occurs. • Authorization Provenance A user u will not be authorized to access an object o until both u and o are simultaneously group members • Bounded Authorization Authorizations do not increase during non-membership period.

  9. Users Join Leave GROUP Authz (u,o,r)? Remove Add Objects g-SIS Operations Users Strict Leave Strict Join Liberal Join LiberalLeave GROUP Authz (u,o,r)? Strict Add Strict Remove Liberal Remove Liberal Add Objects Figure courtesy Ram Krishnan et al[1]

  10. Membership Semantics • Strict Vs Liberal Operations • User operations: <SJ, LJ> and <SL, LL> • Object operations: <SA, LA> and <SR, LR> u not authorized to access objects added prior to join time Users joining after add time not authorized to access o SJ (u) SA (o) Users authorized to access o at remove time retain access u retains access to objects authorized at leave time LL (u) LR (o) Figure courtesy Ram Krishnan et al[1]

  11. Strict Join v/s Liberal Join • During Join, • If the second Join (u1; g) is an SJ. • u1 can access o4 and o5 but cannot access o2 and o3. • If the Join was an LJ , • u1 can also access o2 and o3. • During Leave • SL : u1 loses access to all group objects (o1 and o2), • LL: allows u1 to retain access to o2

  12. Strict add v/s Liberal add • During Add • If (o2; g) is a SA, • Only u1 can access the object. Users u2 and u3, joining later, cannot access this object. • If (o2; g) is a LA, • Current user u1 and future users u2 and u3 may access o2. • During Remove • if Remove (o1; g) is an SR, • Every group user (including u1) loses access to o1. • if Remove (o1; g) is an LR, • u1 can continue to access o1. However u2 and u3 will not have access to o1.

  13. System Use case • Graduate Student Admissions • Promotion and Tenure Committee (P&T) • Social Media Application

  14. Graduate Student Admissions • A process in which graduate student applications are scrutinized by a group of faculty members from the department. • Requirements • Member should be able to access older application. • Member should not have access to documents after leaving the groups.

  15. Graduate Student Admissions • Members join the group through ‘Liberal Join’. • This will allow them to access previous applications • Applications are added with ‘Liberal Add’ • Members joining the committee at a later point of time should have access to these applications. • Member leave the group using ‘Strict Leave’ • Lose access to all the applications • Applications are removed from the group using ‘Liberal Remove’. • Members who previously have access will still be able to access the document.

  16. Promotion and Tenure Committee (P&T) • P & T committee consists of a group of full professors (tenured) who decide on the fate of an Associate professor under consideration for tenure. • Requirements • Members should not have access to the P&T documents of their senior members

  17. Promotion and Tenure Committee (P&T) • Add the P&T documents with ‘Strict Add’ • Members join the group though ‘Strict Join’/ ‘Liberal Join’ • If a tenured professor leaves the group, then use ‘Strict Leave’, • the documents are to be removed from the group then use ‘Strict Remove’.

  18. Social Media application

  19. Social Media application • Amit becomes a friend of Dr Finin • Amit gets access to all the personal information as well as the content (from Facebook Wall) that was shared previously • This might not be as per Dr Finin’s expectation • gSIS to the rescue

  20. Dr Finin, before adding as a friend

  21. After adding as a friend

  22. What gSIS can offer? if Dr Finin adds a new friend Amit to his friend list through • Strict Join: Amit will be able to access the data posted after his join time, overcoming the problem discussed in the previous slide • “Share From now” button? • Liberal Join: In addition to allowing access to new documents, Liberal Join would allow Amit to access posts that Dr Finin shared prior to Amit’s join time through Liberal Add. • “Share Everything” button? For Posts, • Strict Add: Dr Finin should use this operation, if he wants to share the post with current set of friends and protect from his future friends. • Liberal Add: This post can be accessed by current friends as well as new friends who join at a later point of time through Liberal Add.

  23. Incorporating gSIS into Facebook: Adding a Friend SJ LJ

  24. Incorporating gSIS into Facebook: Adding a Post LA SA Current Current + Future

  25. Incorporating gSIS into Facebook: Removing a Friend LR SR

  26. Incorporating gSIS into Facebook: Removing a Post

  27. Comparison to current Facebook model • Liberal Join • Liberal Add • Strict Leave • Strict Remove

  28. Review • Every user and document is associated with at least one group. • Multiple groups may exist. • Groups may further be hierarchical. • A user may join and leave the group multiple number of times. • A document may be added and removed from the group multiple number of times. • The access decision of a user to a document depends on multiple factors like Join type, Add type and the timestamps associated.

  29. SYSTEM ARCHITECTURE

  30. System Architecture gSIS Ontology Reasoning Inferred Data Group data Hierarchy Ontology Decision Engine gSIS Rules Access decisions Results Reasoning

  31. Group Operation Data • Data about the group members/documents and their operations. • Group user can join and leave the group multiple numbers of times • <user_id>,<join_time>,<join_type>,<leave_time>,<leave_type>, <group_name> • <doc_id>,<Add_time>,<Add_type>,<Remove_time>,<Remove_type>, <group_name>

  32. Hierarchy Ontology • Used to represent the hierarchy of the system • Helps to infer the additional groups that the member belongs to • In a hierarchy of Professor, Asst Professor and Lab Instructor. • An user added to a Professor group should by default have access to the documents added to Asst Professor and Lab Instructor group.

  33. Hierarchy in Groups Disaster Management Group Fire Fighters Ambulance Police Department

  34. Motivation for Using Semantic web • System Understandable • Usage of Ontology makes the system flexible and extendable. • gSIS is modeled using temporal logic, thus developing the prototype using OWL(based on logic) helps to prove the correctness of the model.

  35. Inferred Data • The RDFS reasoner is used to infer additional groups to which the user belongs to; using the hierarchy ontology. • The inferred data along with the Group data is then fed to the decision engine.

  36. gSIS Ontology

  37. Decision Engine • Central system of the gSIS model • Every access decision depends on the combination of group operations and the timestamp’s associated with them. • The rules are modeled to cover all combinations of events that can occur in a group centric information sharing environment.

  38. Strict Join, Strict Add, Strict Leave, Strict Remove Let Uj& UL be the User Join and Leave time and DA & DR be the Document Add and Remove time User Leave (UL) Doc Remove (DR) User Join (Uj) Doc Add (DA) Access time [DA – Min (UL, DR)]

  39. Liberal Join, Liberal Add, Liberal Leave, Liberal Remove Let Uj& UL be the User Join and Leave time and DA & DR be the Document Add and Remove time Doc Remove (DR) User Leave (UL) User Join (Uj) Doc Add (DA) Access time [Max(UJ,DA) – Max (UL, DR)]

  40. Strict Join, Liberal Add, Strict Leave, Liberal Remove Let Uj& UL be the User Join and Leave time and DA & DR be the Document Add and Remove time Doc Remove (DR) User Leave (UL) User Join (Uj) Doc Add (DA) Access time [DA –UL]

  41. Liberal Join, Strict Add, Liberal Leave, Strict Remove Let Uj& UL be the User Join and Leave time and DA & DR be the Document Add and Remove time User Leave (UL) User Join (Uj) Doc Add (DA) Doc Remove (DR) Access time [DA –DR]

  42. Conclude decision engine • Can observe a pattern • Check for conformance with gSIS operations properties • Compute access start time • Compute access end time. • Constructing the rule becomes tedious and complex to handle in OWL. Our prototype uses an pragmatic approach, Semantic web + procedural method. • Semantic Web technology to represent and reason about the hierarchy; Procedural method to compute access decisions relying on the gSIS semantics.

  43. Automating Group Membership • Automatically classifies users to relevant groups. • Leverages OWL feature of Necessary and Sufficient conditions. • Whenever a user satisfies the N&C, the user is added to the group.

  44. Example • A Professor is added to the UMBC CS Tenure committee if • He/She is a Full Professor • A Professor @ UMBC. • Faculty in the CS Department The ontology is as follows

  45. Automating Group Membership N & C N & C N & C

  46. Automated Document Classification • Documents are classified as Top Secret, Secret, Confidential, Restricted, Unclassified. • Groups can be governed by policies on the type of documents added to each group. • Utilizes OWL Features and Hierarchy resolution

  47. ‘War room’ group contains all documents from level ‘ Top Secret’ and below. • ‘Air Force’ group • ‘Top Secret’ • ‘ Air Force’ domain. • ‘Air Force Research’ group • ‘Air Force’ domain • Unclassified

  48. SYSTEM IMPLEMENTATION

  49. System Implementation

More Related