research-article

Modeling data flow in socio-information networks: a risk estimation approach

Authors:
Ting Wang

Georgia Institute of Technology, Atlanta, GA, USA

Georgia Institute of Technology, Atlanta, GA, USA
View Profile

,
Mudhakar Srivatsa

IBM Research, Hawthorne, NY, USA

IBM Research, Hawthorne, NY, USA
View Profile

,
Dakshi Agrawal

IBM Research, Hawthorne, NY, USA

IBM Research, Hawthorne, NY, USA
View Profile

,
Ling Liu

Georgia Institute of Technology, Atlanta, GA, USA

Georgia Institute of Technology, Atlanta, GA, USA
View Profile

SACMAT '11: Proceedings of the 16th ACM symposium on Access control models and technologiesJune 2011Pages 113–122https://doi.org/10.1145/1998441.1998458

Published:15 June 2011Publication History

SACMAT '11: Proceedings of the 16th ACM symposium on Access control models and technologies

Pages 113–122

ABSTRACT

Information leakage via the networks formed by subjects (e.g., Facebook, Twitter) and objects (e.g., blogosphere) - some of whom may be controlled by malicious insiders - often leads to unpredicted access control risks. While it may be impossible to precisely quantify information flows between two entities (e.g., two friends in a social network), this paper presents a first attempt towards leveraging recent advances in modeling socio-information networks to develop a statistical risk estimation paradigm for quantifying such insider threats. In the context of socio-information networks, our models estimate the following likelihoods: prior flow - has a subject $s$ acquired covert access to object o via the networks? posterior flow - if s is granted access to o, what is its impact on information flows between subject s' and object o'? network evolution - how will a newly created social relationship between s and s' influence current risk estimates? Our goal is not to prescribe a one-size-fits-all solution; instead we develop a set of composable network-centric risk estimation operators, with implementations configurable to concrete socio-information networks. The efficacy of our solutions is empirically evaluated using real-life datasets collected from the IBM SmallBlue project and Twitter.

References

Network-centric access control: models and techniques. Georgia Tech Technical Report, GIT-CERCS-10-08, http://www.cercs.gatech.edu/tech-reports/.Google Scholar
Teacher fired over Facebook sues district: http://www.cbsatlanta.com/news/21573759/detail.html.Google Scholar
D. Aldous and J. A. Fill. Reversible markov chains, 1994.Google Scholar
M. Backes, B. Kopf, and A. Rybalchenko. Automatic discovery and quantification of information leaks. In SP, 2009. Google ScholarDigital Library
D. E. Bell and L. J. LaPadula. Secure computer system: unified exposition and multics interpretation. In MITRE Corporation, 1976.Google ScholarCross Ref
E. Bertino, P. A. Bonatti, and E. Ferrari. Trbac: A temporal role-based access control model. ACM Trans. Inf. Syst. Secur., 4(3):191--233, 2001. Google ScholarDigital Library
D. D. F. Brewer and D. M. J. Nash. The chinese wall security policy. SP, 1989.Google Scholar
B. Carminati, E. Ferrari, S. Morasca, and D. Taibi. A probability-based approach to modeling the risk of unauthorized propagation of information in on-line social networks. In CODASPY, 2011. Google ScholarDigital Library
J. R. Challenger, P. Dantzig, A. Iyengar, M. S. Squillante, and L. Zhang. Efficiently serving dynamic data at highly accessed web sites. IEEE/ACM Trans. Netw., 12(2):233-246, 2004. Google ScholarDigital Library
P.-C. Cheng, P. Rohatgi, C. Keser, P. A. Karger, G. M. Wagner, and A. S. Reninger. Fuzzy multi-level security: An experiment on quantified risk-adaptive access control. In IEEE Security and Privacy Symposium, 2007. Google ScholarDigital Library
J. Crampton. Understanding and developing role-based administrative models. In CCS, 2005. Google ScholarDigital Library
D. Easley and J. Kleinberg. Networks, Crowds, and Markets: Reasoning About a Highly Connected World. Cambridge University Press, 2010. Google ScholarDigital Library
J. Edmonds and R. M. Karp. Theoretical improvements in algorithmic efficiency for network flow problems. J. ACM, 19(2):248--264, 1972. Google ScholarDigital Library
D. Ferraiolo and R. Kuhn. Role-based access control. In 15th NIST-NCSC National Computer Security Conference, 1992.Google Scholar
D. Fogaras, B. Racz, K. Csalogany, and T. Sarlos. Towards scaling fully personalized pagerank: Algorithms, lower bounds, and experiments. Internet Mathematics, 2(3), 2005.Google Scholar
Y. Kanzaki, H. Igaki, M. Nakamura, A. Monden, and K.-i. Matsumoto. Characterizing dynamics of information leakage in security-sensitive software process. In ACSW Frontiers, 2005. Google ScholarDigital Library
J. Leskovec, L. Backstrom, R. Kumar, and A. Tomkins. Microscopic evolution of social networks. In KDD, 2008. Google ScholarDigital Library
C.-Y. Lin, N. Cao, S. X. Liu, S. Papadimitriou, J. Sun, and X. Yan. Smallblue: Social network analysis for expertise search and collective intelligence. In ICDE, 2009. Google ScholarDigital Library
S. McCamant and M. D. Ernst. Quantitative information flow as network flow capacity. In PLDI, 2008. Google ScholarDigital Library
I. Molloy, P.-C. Cheng, and P. Rohatgi. Trading in risk: using markets to improve access control. In NSPW, 2008. Google ScholarDigital Library
H. H. Song, T. W. Cho, V. Dave, Y. Zhang, and L. Qiu. Scalable proximity estimation and link prediction in online social networks. In IMC, 2009. Google ScholarDigital Library
M. Srivatsa, D. Agrawal, and S. Reidt. A metadata calculus for secure information sharing. In CCS, 2009. Google ScholarDigital Library
M. Srivatsa, P. Rohatgi, S. Balfe, and S. Reidt. Securing information flows: A metadata framework. In QoISN, 2008.Google ScholarCross Ref
H. Tong, C. Faloutsos, and J.-Y. Pan. Fast random walk with restart and its applications. In ICDM, 2006. Google ScholarDigital Library
N. Zeldovich, S. Boyd-Wickizer, and D. Mazieres. Securing distributed systems with information flow control. In NSDI, 2008. Google ScholarDigital Library

Index Terms

Modeling data flow in socio-information networks: a risk estimation approach
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Information Flow Detection and Tracking on Web2.0 BLOGS Based on Social Networks
ICYCS '08: Proceedings of the 2008 The 9th International Conference for Young Computer Scientists

Blogs have become a typical online publication in Web2.0 era. The users of blogs interact with each other by publishing entries, reading and posting comments to other's entries, and discussing with friends. By these actions, information propagates from ...
Read More
Incorporating attacker capabilities in risk estimation and mitigation

The risk exposure of a given threat to an information system is a function of the likelihood of the threat and the severity of its impacts. Existing methods for estimating threat likelihood assume that the attacker is able to cause a given threat, that ...
Read More
Contrasting the Spread of Misinformation in Online Social Networks
AAMAS '17: Proceedings of the 16th Conference on Autonomous Agents and MultiAgent Systems

The emergence of online social networks has revolutionized the way people seek and share information. Nowadays, popular online social sites as Twitter, Facebook and Google+ are among the major news sources as well as the most effective channels for ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SACMAT '11: Proceedings of the 16th ACM symposium on Access control models and technologies
June 2011
196 pages
ISBN:9781450306881
DOI:10.1145/1998441
General Chair:
Ruth Breu
University of Innsbruck, Austria
,
Program Chairs:
Jason Crampton
Royal Holloway, University of London, UK
,
Jorge Lobo
IBM, USA
Copyright © 2011 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 15 June 2011
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
access control
risk estimation
social network
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate177of597submissions,30%
Upcoming Conference
SACMAT 2024

Sponsor:

sigsac

The 29th ACM Symposium on Access Control Models and Technologies

May 15 - 17, 2024

San Antonio , TX , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 7
  Total Citations
  View Citations
- 229
  Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Modeling data flow in socio-information networks: a risk estimation approach

SACMAT '11: Proceedings of the 16th ACM symposium on Access control models and technologies

ABSTRACT

References

Cited By

Index Terms

Recommendations

Information Flow Detection and Tracking on Web2.0 BLOGS Based on Social Networks

Incorporating attacker capabilities in risk estimation and mitigation

Contrasting the Spread of Misinformation in Online Social Networks