Group Centric Information sharing Using Hierarchical Model

1
Group Centric Information sharing Using
Hierarchical Model

• By
• Amit Mahale
• Advisor Dr Tim Finin
• Co-Advisor Dr Anupam Joshi

2
Rise of Information Sharing

• Need to Know v/s Need to share
• 9/11 commission
• US Federal Systems
• Need to share Uncover, respond and protect
  against threat
• Collaborative systems examples
• University Environment

3
Motivation

• One of the central problems in information
  sharing is the ability to securely and
  differentially share information.
• This issue has been addressed by Ravi Sandhu et
  al in their model Group Centric Information
  Sharing(gSIS).
• Formal model for Group Centric Information
  sharing is available, but no practical
  implementation.

4
Contribution

• Develop a prototype for Group centric Information
  Sharing model using semantic web technologies
• Modeled Hierarchical groups using OWL.
• Leverage OWLs capacity of automating group
  membership using Necessary and sufficient
  conditions

5
Outline

• Background Group Centric Information Sharing
• System Use-cases
• System Architecture
• System Implementation
• Results
• Algorithm Complexity
• Conclusion
• Future Work
• References

6
Group Centric Information Sharing

• Model developed by Ravi Sandhu et al
• A first step towards a formal and systematic
  study of Group-Centric Secure Information Sharing
  Models
• Brings users objects together in a group
• Secure Meeting Room

7
Properties

• Two types of properties
• Core gSIS properties
• Must be enforced by all the systems modeling
  gSIS.
• gSIS Operations
• A subset of the operations may be used in the
  system depending on designers discretion.

8
Core gSIS Properties

• The core properties must be satisfied by any
  g-SIS
• specification
• Persistence Properties
• When a user u is authorized to access an object
  o, it remains the same until a group event
  involving u or o occurs.
• Authorization Provenance
• A user u will not be authorized to access an
  object o until both u and o are simultaneously
  group members
• Bounded Authorization
• Authorizations do not increase during
  non-membership period.

9
g-SIS Operations
Figure courtesy Ram Krishnan et al1
10
Membership Semantics

• Strict Vs Liberal Operations
• User operations ltSJ, LJgt and ltSL, LLgt
• Object operations ltSA, LAgt and ltSR, LRgt

u not authorized to access objects added prior to
join time
Users joining after add time not authorized to
access o
SJ (u)
SA (o)
Users authorized to access o at remove time
retain access
u retains access to objects authorized at leave
time
LL (u)
LR (o)
Figure courtesy Ram Krishnan et al1
11
Strict Join v/s Liberal Join

• During Join,
• If the second Join (u1 g) is an SJ.
• u1 can access o4 and o5 but cannot access o2 and
  o3.
• If the Join was an LJ ,
• u1 can also access o2 and o3.
• During Leave
• SL u1 loses access to all group objects (o1 and
  o2),
• LL allows u1 to retain access to o2

12
Strict add v/s Liberal add

• During Add
• If (o2 g) is a SA,
• Only u1 can access the object. Users u2 and u3,
  joining later, cannot access this object.
• If (o2 g) is a LA,
• Current user u1 and future users u2 and u3 may
  access o2.
• During Remove
• if Remove (o1 g) is an SR,
• Every group user (including u1) loses access to
  o1.
• if Remove (o1 g) is an LR,
• u1 can continue to access o1. However u2 and u3
  will not have access to o1.

13
Operation Explaination
Strict Join(SJ) Only objects added after join time can be accessed
Liberal Join(LJ) Can access objects added before and after join time
Strict Leave(SL) Lose access to all objects on leave
Liberal Leave(LL) Retain access to objects authorized before leave time
Strict Add(SA) Only users who joined prior to add time can access
Liberal Add(LA) Users who joined before or after add time may access
Strict Remove(SR) All users lose access on remove
Liberal Remove(LR) Users who had access at remove time retain access
14
System Use case

• Graduate Student Admissions
• Promotion and Tenure Committee (PT)
• Social Media Application

15
Graduate Student Admissions

• A process in which graduate student applications
  are scrutinized by a group of faculty members
  from the department.
• Requirements
• Member should be able to access older
  application.
• Member should not have access to documents after
  leaving the groups.

16
Graduate Student Admissions

• Members join the group through Liberal Join.
• This will allow them to access previous
  applications
• Applications are added with Liberal Add
• Members joining the committee at a later point of
  time should have access to these applications.
• Member leave the group using Strict Leave
• Lose access to all the applications
• Applications are removed from the group using
  Liberal Remove.
• Members who previously have access will still be
  able to access the document.

17
Promotion and Tenure Committee (PT)

• P T committee consists of a group of full
  professors (tenured) who decide on the fate of an
  Associate professor under consideration for
  tenure.
• Requirements
• Members should not have access to the PT
  documents of their senior members

18
Promotion and Tenure Committee (PT)

• Add the PT documents with Strict Add
• Members join the group though Strict Join/
  Liberal Join
• If a tenured professor leaves the group, then use
  Strict Leave,
• the documents are to be removed from the group
  then use Strict Remove.

19
Social Media application
20
Social Media application

• Amit becomes a friend of Dr Finin
• Amit gets access to all the personal information
  as well as the content (from Facebook Wall) that
  was shared previously
• This might not be as per Dr Finins expectation
• gSIS to the rescue

21
Dr Finin, before adding as a friend
22
After adding as a friend
23
What gSIS can offer?

• if Dr Finin adds a new friend Amit to his friend
  list through
• Strict Join Amit will be able to access the data
  posted after his join
• time, overcoming the problem discussed in the
  previous slide
• Share From now button?
• Liberal Join In addition to allowing access to
  new documents, Liberal
• Join would allow Amit to access posts that Dr
  Finin shared prior to
• Amits join time through Liberal Add.
• Share Everything button?
• For Posts,
• Strict Add Dr Finin should use this operation,
  if he wants to share
• the post with current set of friends and protect
  from his future friends.
• Liberal Add This post can be accessed by current
  friends as well as
• new friends who join at a later point of time
  through Liberal Add.

24
Incorporating gSIS into Facebook Adding a Friend
SJ
LJ
25
Incorporating gSIS into Facebook Adding a Post
26
Incorporating gSIS into Facebook Removing a
Friend
27
Incorporating gSIS into Facebook Removing a Post
28
Comparison to current Facebook model

• Liberal Join
• Liberal Add
• Strict Leave
• Strict Remove

29
Review

• Every user and document is associated with at
  least
• one group.
• Multiple groups may exist.
• Groups may further be hierarchical.
• A user may join and leave the group multiple
  number of times.
• A document may be added and removed from the
  group multiple number of times.
• The access decision of a user to a document
  depends on multiple factors like Join type, Add
  type and the timestamps associated.

30
SYSTEM ARCHITECTURE
31
System Architecture
32
Group Operation Data

• Data about the group members/documents and their
  operations.
• Group user can join and leave the group multiple
  numbers of times
• ltuser_idgt,ltjoin_timegt,ltjoin_typegt,ltleave_timegt,ltle
  ave_typegt, ltgroup_namegt
• ltdoc_idgt,ltAdd_timegt,ltAdd_typegt,ltRemove_timegt,ltRemo
  ve_typegt, ltgroup_namegt

33
Hierarchy Ontology

• Used to represent the hierarchy of the system
• Helps to infer the additional groups that the
  member belongs to
• In a hierarchy of Professor, Asst Professor and
  Lab Instructor.
• An user added to a Professor group should by
  default have access to the documents added to
  Asst Professor and Lab Instructor group.

34
Hierarchy in Groups
35
Motivation for Using Semantic web

• System Understandable
• Usage of Ontology makes the system flexible and
  extendable.
• gSIS is modeled using temporal logic, thus
  developing the prototype using OWL(based on
  logic) helps to prove the correctness of the
  model.

36
Inferred Data

• The RDFS reasoner is used to infer additional
  groups to which the user belongs to using the
  hierarchy ontology.
• The inferred data along with the Group data is
  then fed to the decision engine.

37
gSIS Ontology
38
Decision Engine

• Central system of the gSIS model
• Every access decision depends on the combination
  of group operations and the timestamps
  associated with them.
• The rules are modeled to cover all combinations
  of events that can occur in a group centric
  information sharing environment.

39
Strict Join, Strict Add, Strict Leave, Strict
Remove

• Let Uj UL be the User Join and Leave time and
• DA DR be the Document Add and Remove time

40
Liberal Join, Liberal Add, Liberal Leave, Liberal
Remove

• Let Uj UL be the User Join and Leave time and
• DA DR be the Document Add and Remove time

41
Strict Join, Liberal Add, Strict Leave, Liberal
Remove

• Let Uj UL be the User Join and Leave time and
• DA DR be the Document Add and Remove time

42
Liberal Join, Strict Add, Liberal Leave, Strict
Remove

• Let Uj UL be the User Join and Leave time and
• DA DR be the Document Add and Remove time

43
Conclude decision engine

• Can observe a pattern
• Check for conformance with gSIS operations
  properties
• Compute access start time
• Compute access end time.
• Constructing the rule becomes tedious and complex
  to handle in OWL. Our prototype uses an pragmatic
  approach, Semantic web procedural method.
• Semantic Web technology to represent and reason
  about the hierarchy Procedural method to compute
  access decisions relying on the gSIS semantics.

44
Automating Group Membership

• Automatically classifies users to relevant
  groups.
• Leverages OWL feature of Necessary and
  Sufficient conditions.
• Whenever a user satisfies the NC, the user is
  added to the group.

45
Example

• A Professor is added to the UMBC CS Tenure
  committee if
• He/She is a Full Professor
• A Professor _at_ UMBC.
• Faculty in the CS Department
• The ontology is as follows

46
Automating Group Membership
N C
N C
N C
47
Automated Document Classification

• Documents are classified as Top Secret, Secret,
  Confidential, Restricted, Unclassified.
• Groups can be governed by policies on the type of
  documents added to each group.
• Utilizes OWL Features and Hierarchy resolution

48

• War room group contains all documents from
  level Top Secret and below.
• Air Force group
• Top Secret
• Air Force domain.
• Air Force Research group
• Air Force domain
• Unclassified

49
SYSTEM IMPLEMENTATION
50
System Implementation
51
Algorithm

• The access decision algorithm consists of the
  following stages,
• Read the file and parse the Group Membership
  details.
• Read the hierarchy ontology file and generate the
  additional tuples using a reasoner by using the
  original Group membership data.
• Store the original and inferred tuples.
• Cluster the tuples in accordance to their group
  membership.
• Clustered tuples are read pair wise consisting of
  user and document membership details.

52
2

• The next stage is to compute access interval
  between every user and document of the group. The
  precomputed access intervals will greatly improve
  the systems readiness to handle any number of
  access decision queries.
• The pair is tested against the gSIS Join and Add
  semantics, if true
• The access start time is computed, computation
  details are explained in the previous section and
  depend on the type and timestamp of the
  operation.
• The access end time is computed depending on the
  Leave and Remove semantics.
• The generated access interval tuples are stored
  in the following format.
• ltuseridgt,ltdocidgt,ltstart_timegt,ltend_timegt
• The system can now accept queries about access
  decision between any user and document that
  is/was a part of the group.

53
Results
54
Validation

• We develop sample data set for the P T use case
• To demonstrate hierarchical groups, we have two
  groups, Tenure group and Associate Professor
  Group
• Data contains details about members and their
  documents.
• Rule Tenure group members have access to the
  documents of Associate Professor group

55
Queries
56
Query 1 User-Document-Time

• Did Dr Finin have access to Dr Joshis Tenure
  file in 2005?
• Access Granted

57
Query 2 User Access Details

• List all the documents that Dr Finin has access
  to

58
Query 3 Document Access

• List all the users who have access to Andrewdoc'
• Andrew is an Assistant Prof and under
  consideration for tenure

59
Query 4 Time based Access

• List all the documents that were accessible to
  users in 1994

60
Query 5 User-Document

• Did Dr Finin ever have access to Nicholasdoc?

61
Algorithmic Complexity

• n users
• m documents
• Computing Access intervals would take
• nm ? O(nm) ? when mn ? O(n2)
• Whenever group membership changes
• User joins the group (1 m) ? O(m)
• Document is added to the group (n 1) ? O(n)

62
Conclusion

• We have presented a agile framework for secure
  information sharing.
• We have also modeled gSIS to support hierarchical
  groups and opened up opportunities to extend gSIS
  in several dimensions like automated group
  membership.
• Finally we have demonstrated the usefulness of
  gSIS in real world applications.

63
Future Work

• Develop the administrative model for gSIS.
• Write policies to enforce the gSIS operation
  semantics.

64
(No Transcript)
65
(No Transcript)
66
References

• 1Ram Krishnan, Ravi Sandhu, Jianwei Niu and
  William Winsborough, 
• Foundations for Group-Centric Secure Information
  Sharing Models.
• Proc. 14th ACM Symposium on Access Control Models
  and Technologies (SACMAT), Stresa,
• Italy, June 3-5, 2009, pages 115-124.
•  
• 2 Ram Krishnan, Ravi Sandhu, Jianwei Niu and
  William Winsborough, Towards a
• Framework for Group-Centric Secure Collaboration.
  In Proc. 5th IEEE International
• Conference on Collaborative Computing
  Networking, Applications and Worksharing
• (CollaborateCom), Crystal City, Virginia,
  November 11-14, 2009, pages 1-10. 
•  
• 3 Ravi Sandhu, Ram Krishnan, Jianwei Niu and
  William Winsborough, Group-Centric
• Models for Secure and Agile Information Sharing.
  In Proceedings 5th International
• Conference, on Mathematical Methods, Models, and
  Architectures for Computer Network
• Security, MMM-ACNS 2010, St. Petersburg, Russia,
  September 8-10, 2010, pages 55-69.
• Published as Springer Lecture Notes in Computer
  Science Vol. 6258, Computer Network
• Security (Igor Kotenko and Victor Skormin,
  editors), 2010.
•  
• 4 T. Finin, A. Joshi, L. Kagal, J. Niu, R.
  Sandhu, W. Winsborough, and B. Thuraisingham,
• ROWLBAC - Representing Role Based Access Control
  in OWL, Proceedings of the 13th ACM

67
References

• 5 Anne Cregan, Malgorzata Mochol, Denny
  Vrandecic, Sean Bechhofer Pushing the limits of
  OWL, Rules and
• Protégé. A simple example Workshop - OWL
  Experiences and Directions (OWLED-2005), Galway,
  Ireland,
• November 2005
•  
• 6 R. Sandhu et al, Role-Based Access Control
  Models, IEEE Computer, 29(2)38-47,Feb
  1996, Google Scholar
• Search
•  
• 7 R. Sandhu and P. Samarati, Access Control
  Principles and Practice, IEEE
• Communications, 32(9) 40-48, Sept. 1994, Google
  Scholar Search
• 8 Semantic web http//www.w3.org/2001/sw/
•  
• 9 Bechhofer, S. van Harmelen, F. Hendler, J.
  Horrocks, I. McGuinness, D. Patel-
• Schneider, P. and Stein, L. 2004. Owl web
  ontology language reference. w3c
• recommendation.
•  
• 10 United States Intelligence community
  INFORMATION SHARING STRATEGY, Office
• Of the Director of National Intelligence,
• http//www.dni.gov/reports/IC_Information_Sharing_
  Strategy.pdf

68

• Building knowledge base (in ms)
• 6 users, 7 docs --- 1734
• 18 users, 21 docs 2078
• Handling Queries(in ms)
• 100 Queries - 156
• 1000 Queries 656
• 10000 Queries -- 5719

69
Related Work

• RBAC
• DAC
• MAC