Multiple Ownership in Access Control
Abstract
In social computing, multiple users may share privacy stakes in a content. Contents contributed by a user may be annotated by other users (e.g., “like” or “comment”). Also users may get associated to a content that is contributed by other users (e.g., get tagged in a photo). In other scenarios, multiple users may co-contribute a piece of information (e.g., friendship articulation). These users, called co-owners in this thesis, share privacy stakes in these contents and they may want to control access to the contents. In this novel situation of multiple ownership a shared resource is administrated simultaneously by co-owners who may have conflicting privacy preferences and/or sharing needs. The study of access control schemes for multiple ownership in social computing has captured the imagination of researchers, and general-purpose schemes for reconciling the differences of privacy stakeholders have been proposed.
One challenge of existing general-purpose multiple-ownership schemes is that they can be very complex. In the first part of this thesis, we consider the possibility of simplification in special cases. We identify two simple design patterns for handling a significant family of multiple-ownership scenarios. We discuss efficient implementation techniques that solely rely on standard SQL technology. We also identify scenarios in which general-purpose multiple-ownership schemes are necessary.
Most of the general-purpose schemes in the literature are in the form of unsupervised conflict resolution mechanisms. In the second part of this thesis, driven by the need for human consent in organizational settings, we explore interactive policy negotiation, a different approach but complementary to that of prior work. Specifically, we propose an extension
of Relationship-Based Access Control (ReBAC) to support multiple ownership, in which a policy negotiation protocol is in place for co-owners to come up with and give consent to an access control policy in a structured manner. During negotiation, the quality of the draft policy is assessed by a set of novel and formally defined availability criteria: policy satisfiability, feasibility and resiliency, which all belong to the second level of the polynomial hierarchy. We then propose efficient tool support for deciding these availability criteria.
Description
Keywords
Applied Sciences, Computer Science
Citation
Mehregan, P. (2016). Multiple Ownership in Access Control (Doctoral thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca. doi:10.11575/PRISM/27033