Multiple Ownership in Access Control

atmire.migration.oldid4200
dc.contributor.advisorFong, Philip
dc.contributor.authorMehregan, Pooya
dc.contributor.committeememberSafavi-Naeini, Reyhaneh
dc.contributor.committeememberAycock, John
dc.contributor.committeememberTawbi, Nadia
dc.contributor.committeememberBauer, Mark
dc.date.accessioned2016-03-21T19:59:08Z
dc.date.available2016-03-21T19:59:08Z
dc.date.issued2016
dc.date.submitted2016en
dc.description.abstractIn social computing, multiple users may share privacy stakes in a content. Contents contributed by a user may be annotated by other users (e.g., “like” or “comment”). Also users may get associated to a content that is contributed by other users (e.g., get tagged in a photo). In other scenarios, multiple users may co-contribute a piece of information (e.g., friendship articulation). These users, called co-owners in this thesis, share privacy stakes in these contents and they may want to control access to the contents. In this novel situation of multiple ownership a shared resource is administrated simultaneously by co-owners who may have conflicting privacy preferences and/or sharing needs. The study of access control schemes for multiple ownership in social computing has captured the imagination of researchers, and general-purpose schemes for reconciling the differences of privacy stakeholders have been proposed. One challenge of existing general-purpose multiple-ownership schemes is that they can be very complex. In the first part of this thesis, we consider the possibility of simplification in special cases. We identify two simple design patterns for handling a significant family of multiple-ownership scenarios. We discuss efficient implementation techniques that solely rely on standard SQL technology. We also identify scenarios in which general-purpose multiple-ownership schemes are necessary. Most of the general-purpose schemes in the literature are in the form of unsupervised conflict resolution mechanisms. In the second part of this thesis, driven by the need for human consent in organizational settings, we explore interactive policy negotiation, a different approach but complementary to that of prior work. Specifically, we propose an extension of Relationship-Based Access Control (ReBAC) to support multiple ownership, in which a policy negotiation protocol is in place for co-owners to come up with and give consent to an access control policy in a structured manner. During negotiation, the quality of the draft policy is assessed by a set of novel and formally defined availability criteria: policy satisfiability, feasibility and resiliency, which all belong to the second level of the polynomial hierarchy. We then propose efficient tool support for deciding these availability criteria.en_US
dc.identifier.citationMehregan, P. (2016). Multiple Ownership in Access Control (Doctoral thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca. doi:10.11575/PRISM/27033en_US
dc.identifier.doihttp://dx.doi.org/10.11575/PRISM/27033
dc.identifier.urihttp://hdl.handle.net/11023/2865
dc.language.isoeng
dc.publisher.facultyGraduate Studies
dc.publisher.institutionUniversity of Calgaryen
dc.publisher.placeCalgaryen
dc.rightsUniversity of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission.
dc.subjectApplied Sciences
dc.subjectComputer Science
dc.subject.classificationAccess Controlen_US
dc.subject.classificationSocial Computingen_US
dc.subject.classificationMultiple Ownershipen_US
dc.subject.classificationCo-ownershipen_US
dc.subject.classificationAvailability Analysesen_US
dc.subject.classificationDesign Patternsen_US
dc.subject.classificationDecision Procedureen_US
dc.subject.classificationBoolean Satisfiabilityen_US
dc.subject.classificationQBF Satisfiabilityen_US
dc.subject.classificationAnswer Set Programmingen_US
dc.subject.classificationNegotiation Protocolen_US
dc.subject.classificationReBACen_US
dc.subject.classificationPrivacyen_US
dc.subject.classificationSecurityen_US
dc.subject.classificationSharing Requirementsen_US
dc.titleMultiple Ownership in Access Control
dc.typedoctoral thesis
thesis.degree.disciplineComputer Science
thesis.degree.grantorUniversity of Calgary
thesis.degree.nameDoctor of Philosophy (PhD)
ucalgary.item.requestcopytrue
Files