Browsing by Author "Mehregan, Pooya"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item Open Access Multiple Ownership in Access Control(2016) Mehregan, Pooya; Fong, Philip; Safavi-Naeini, Reyhaneh; Aycock, John; Tawbi, Nadia; Bauer, MarkIn social computing, multiple users may share privacy stakes in a content. Contents contributed by a user may be annotated by other users (e.g., “like” or “comment”). Also users may get associated to a content that is contributed by other users (e.g., get tagged in a photo). In other scenarios, multiple users may co-contribute a piece of information (e.g., friendship articulation). These users, called co-owners in this thesis, share privacy stakes in these contents and they may want to control access to the contents. In this novel situation of multiple ownership a shared resource is administrated simultaneously by co-owners who may have conflicting privacy preferences and/or sharing needs. The study of access control schemes for multiple ownership in social computing has captured the imagination of researchers, and general-purpose schemes for reconciling the differences of privacy stakeholders have been proposed. One challenge of existing general-purpose multiple-ownership schemes is that they can be very complex. In the first part of this thesis, we consider the possibility of simplification in special cases. We identify two simple design patterns for handling a significant family of multiple-ownership scenarios. We discuss efficient implementation techniques that solely rely on standard SQL technology. We also identify scenarios in which general-purpose multiple-ownership schemes are necessary. Most of the general-purpose schemes in the literature are in the form of unsupervised conflict resolution mechanisms. In the second part of this thesis, driven by the need for human consent in organizational settings, we explore interactive policy negotiation, a different approach but complementary to that of prior work. Specifically, we propose an extension of Relationship-Based Access Control (ReBAC) to support multiple ownership, in which a policy negotiation protocol is in place for co-owners to come up with and give consent to an access control policy in a structured manner. During negotiation, the quality of the draft policy is assessed by a set of novel and formally defined availability criteria: policy satisfiability, feasibility and resiliency, which all belong to the second level of the polynomial hierarchy. We then propose efficient tool support for deciding these availability criteria.Item Open Access Relational Abstraction in Community-Based Secure Collaboration(2013-11-29) Fong, Philip; Mehregan, Pooya; Krishnan, RamUsers of an online community are willing to share resources because they can expect reasonable behaviour from other members of the community. Such expectations are known as social contracts. In this work, we study the specification and enforcement of social contracts in a computer mediated collaboration environment. Specifically, we examine social contracts that contain both relationship- and history-based elements. A series of policy languages, all based on modal and temporal logics, with increasing expressiveness, have been proposed to express social contracts. Reference monitors are designed to correctly and efficiently enforce the specified policies. A technique called “relational abstraction” is employed to reduce the reference monitor into a purely relationship-based protection system, that is, what is commonly known as a social network system.