g roup c entric i nformation sharing u sing h ierarchical m odel by amit mahale advisor: dr tim...
TRANSCRIPT
![Page 1: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/1.jpg)
1
GROUP CENTRIC INFORMATION SHARING USING HIERARCHICAL MODEL
By
Amit Mahale
Advisor: Dr Tim Finin
Co-Advisor: Dr Anupam Joshi
![Page 2: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/2.jpg)
2
RISE OF INFORMATION SHARING
Need to Know v/s Need to share 9/11 commission US Federal Systems
Need to share: Uncover, respond and protect against threat
Collaborative systems examples University Environment
![Page 3: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/3.jpg)
3
MOTIVATION
One of the central problems in information sharing is the ability to securely and differentially share information.
This issue has been addressed by Ravi Sandhu et al in their model Group Centric Information Sharing(gSIS).
Formal model for Group Centric Information sharing is available, but no practical implementation.
![Page 4: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/4.jpg)
4
CONTRIBUTION
Develop a prototype for Group centric Information Sharing model using semantic web technologies
Modeled Hierarchical groups using OWL.
Leverage OWL’s capacity of automating group membership using Necessary and sufficient conditions
![Page 5: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/5.jpg)
5
OUTLINE
Background : Group Centric Information Sharing
System Use-cases System Architecture System Implementation Results Algorithm Complexity Conclusion Future Work References
![Page 6: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/6.jpg)
6
GROUP CENTRIC INFORMATION SHARING
Model developed by Ravi Sandhu et al
A first step towards a formal and systematic study of Group-Centric Secure Information Sharing Models
Brings users & objects together in a group Secure Meeting Room
![Page 7: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/7.jpg)
7
PROPERTIES
Two types of properties
Core gSIS properties Must be enforced by all the systems modeling
gSIS.
gSIS Operations A subset of the operations may be used in the
system depending on designers discretion.
![Page 8: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/8.jpg)
8
CORE GSIS PROPERTIES
The core properties must be satisfied by any g-SIS specificationo Persistence Properties
When a user u is authorized to access an object o, it remains the same until a group event involving u or o occurs.
o Authorization ProvenanceA user u will not be authorized to access an object o until both u and o are simultaneously group members
o Bounded AuthorizationAuthorizations do not increase during non-membership period.
![Page 9: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/9.jpg)
G-SIS OPERATIONS
9
GROUPAuthz (u,o,r)?
Join Leave
Add Remove
Users
Objects
GROUPAuthz (u,o,r)?
Strict Join
Strict Leave
Liberal Add
Liberal Remove
LiberalJoin
LiberalLeave
StrictAdd Strict
Remove
Users
Objects
Figure courtesy Ram Krishnan et al[1]
![Page 10: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/10.jpg)
MEMBERSHIP SEMANTICS Strict Vs Liberal Operations
User operations: <SJ, LJ> and <SL, LL> Object operations: <SA, LA> and <SR, LR>
10
SJ (u)
u not authorized to access objects added prior to join time
SA (o)
Users joining after add time not authorized to access o
LL (u)
u retains access to objects authorized at leave time
LR (o)
Users authorized to access o at remove time retain access
Figure courtesy Ram Krishnan et al[1]
![Page 11: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/11.jpg)
11
STRICT JOIN V/S LIBERAL JOIN
During Join, If the second Join (u1; g) is an SJ.
u1 can access o4 and o5 but cannot access o2 and o3. If the Join was an LJ ,
u1 can also access o2 and o3.
During Leave SL : u1 loses access to all group objects (o1 and o2), LL: allows u1 to retain access to o2
![Page 12: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/12.jpg)
12
STRICT ADD V/S LIBERAL ADD
During Add If (o2; g) is a SA,
Only u1 can access the object. Users u2 and u3, joining later, cannot access this object.
If (o2; g) is a LA, Current user u1 and future users u2 and u3 may access o2.
During Remove if Remove (o1; g) is an SR,
Every group user (including u1) loses access to o1. if Remove (o1; g) is an LR,
u1 can continue to access o1. However u2 and u3 will not have access to o1.
![Page 13: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/13.jpg)
13
Operation Explaination
Strict Join(SJ) Only objects added after join time can be accessed
Liberal Join(LJ) Can access objects added before and after join time
Strict Leave(SL) Lose access to all objects on leave
Liberal Leave(LL) Retain access to objects authorized before leave time
Strict Add(SA) Only users who joined prior to add time can access
Liberal Add(LA)Users who joined before or after add time may access
Strict Remove(SR)All users lose access on remove
Liberal Remove(LR) Users who had access at remove time retain access
![Page 14: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/14.jpg)
14
SYSTEM USE CASE
Graduate Student Admissions Promotion and Tenure Committee (P&T) Social Media Application
![Page 15: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/15.jpg)
15
GRADUATE STUDENT ADMISSIONS
A process in which graduate student applications are scrutinized by a group of faculty members from the department.
Requirements Member should be able to access older
application. Member should not have access to documents
after leaving the groups.
![Page 16: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/16.jpg)
16
Members join the group through ‘Liberal Join’. This will allow them to access previous
applications Applications are added with ‘Liberal Add’
Members joining the committee at a later point of time should have access to these applications.
Member leave the group using ‘Strict Leave’ Lose access to all the applications
Applications are removed from the group using ‘Liberal Remove’. Members who previously have access will still be
able to access the document.
GRADUATE STUDENT ADMISSIONS
![Page 17: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/17.jpg)
17
PROMOTION AND TENURE COMMITTEE (P&T)
P & T committee consists of a group of full professors (tenured) who decide on the fate of an Associate professor under consideration for tenure.
Requirements Members should not have access to the P&T
documents of their senior members
![Page 18: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/18.jpg)
18
Add the P&T documents with ‘Strict Add’ Members join the group though ‘Strict Join’/
‘Liberal Join’ If a tenured professor leaves the group, then
use ‘Strict Leave’, the documents are to be removed from the
group then use ‘Strict Remove’.
PROMOTION AND TENURE COMMITTEE (P&T)
![Page 19: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/19.jpg)
19
SOCIAL MEDIA APPLICATION
![Page 20: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/20.jpg)
20
SOCIAL MEDIA APPLICATION
Amit becomes a friend of Dr Finin Amit gets access to all the personal
information as well as the content (from Facebook Wall) that was shared previously
This might not be as per Dr Finin’s expectation
gSIS to the rescue
![Page 21: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/21.jpg)
21
DR FININ, BEFORE ADDING AS A FRIEND
![Page 22: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/22.jpg)
22
AFTER ADDING AS A FRIEND
![Page 23: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/23.jpg)
23
WHAT GSIS CAN OFFER?
if Dr Finin adds a new friend Amit to his friend list through Strict Join: Amit will be able to access the data posted after his join time, overcoming the problem discussed in the previous slide
“Share From now” button?
Liberal Join: In addition to allowing access to new documents, Liberal
Join would allow Amit to access posts that Dr Finin shared prior to Amit’s join time through Liberal Add.
“Share Everything” button?
For Posts, Strict Add: Dr Finin should use this operation, if he wants to share the post with current set of friends and protect from his future friends.
Liberal Add: This post can be accessed by current friends as well as new friends who join at a later point of time through Liberal Add.
![Page 24: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/24.jpg)
24
INCORPORATING GSIS INTO FACEBOOK: ADDING A FRIEND
SJLJ
![Page 25: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/25.jpg)
25
INCORPORATING GSIS INTO FACEBOOK: ADDING A POST
Current
Current + Future
LA
SA
![Page 26: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/26.jpg)
26
SR
LR
INCORPORATING GSIS INTO FACEBOOK: REMOVING A FRIEND
![Page 27: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/27.jpg)
27
INCORPORATING GSIS INTO FACEBOOK: REMOVING A POST
![Page 28: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/28.jpg)
28
COMPARISON TO CURRENT FACEBOOK MODEL
Liberal Join
Liberal Add
Strict Leave
Strict Remove
![Page 29: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/29.jpg)
29
REVIEW
o Every user and document is associated with at least one group.
o Multiple groups may exist.o Groups may further be hierarchical.o A user may join and leave the group multiple
number of times.o A document may be added and removed from
the group multiple number of times.o The access decision of a user to a document
depends on multiple factors like Join type, Add type and the timestamps associated.
![Page 30: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/30.jpg)
30
SYSTEM ARCHITECTURE
![Page 31: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/31.jpg)
31
Hierarchy Ontology
Decision Engine
gSIS Rules
Inferred Data
Group data
Results
gSIS Ontolog
y
Access decisions
Reasoning
Reasoning
SYSTEM ARCHITECTURE
![Page 32: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/32.jpg)
32
GROUP OPERATION DATA
Data about the group members/documents and their operations.
Group user can join and leave the group multiple numbers of times
<user_id>,<join_time>,<join_type>,<leave_time>,<leave_type>, <group_name>
<doc_id>,<Add_time>,<Add_type>,<Remove_time>,<Remove_type>, <group_name>
![Page 33: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/33.jpg)
33
HIERARCHY ONTOLOGY
Used to represent the hierarchy of the system
Helps to infer the additional groups that the member belongs to
In a hierarchy of Professor, Asst Professor and Lab Instructor.
An user added to a Professor group should by default have access to the documents added to Asst Professor and Lab Instructor group.
![Page 34: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/34.jpg)
34
CEO
CTO
Project Manager
Team Lead
Associate Engineer
CFO
Finances Team
HIERARCHY IN GROUPS
Disaster Management GroupFire
Fighters
Police Department
Ambulance
![Page 35: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/35.jpg)
35
MOTIVATION FOR USING SEMANTIC WEB
System Understandable
Usage of Ontology makes the system flexible and extendable.
gSIS is modeled using temporal logic, thus developing the prototype using OWL(based on logic) helps to prove the correctness of the model.
![Page 36: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/36.jpg)
36
INFERRED DATA
The RDFS reasoner is used to infer additional groups to which the user belongs to; using the hierarchy ontology.
The inferred data along with the Group data is then fed to the decision engine.
![Page 37: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/37.jpg)
37
GSIS ONTOLOGY
![Page 38: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/38.jpg)
38
DECISION ENGINE
Central system of the gSIS model
Every access decision depends on the combination of group operations and the timestamp’s associated with them.
The rules are modeled to cover all combinations of events that can occur in a group centric information sharing environment.
![Page 39: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/39.jpg)
39
STRICT JOIN, STRICT ADD, STRICT LEAVE, STRICT REMOVE
Let Uj & UL be the User Join and Leave time and
DA & DR be the Document Add and Remove time
User Join (Uj)
Doc Add (DA)
Access time[DA – Min (UL, DR)]
User Leave (UL)
Doc Remove (DR)
![Page 40: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/40.jpg)
40
LIBERAL JOIN, LIBERAL ADD, LIBERAL LEAVE, LIBERAL REMOVE
Let Uj & UL be the User Join and Leave time and
DA & DR be the Document Add and Remove time
User Join (Uj)
Doc Add (DA)
Access time[Max(UJ,DA) – Max (UL, DR)]
User Leave (UL)
Doc Remove (DR)
![Page 41: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/41.jpg)
41
STRICT JOIN, LIBERAL ADD, STRICT LEAVE, LIBERAL REMOVE
Let Uj & UL be the User Join and Leave time and
DA & DR be the Document Add and Remove time
User Join (Uj)
Doc Add (DA)
Access time[DA –UL]
User Leave (UL)
Doc Remove (DR)
![Page 42: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/42.jpg)
42
LIBERAL JOIN, STRICT ADD, LIBERAL LEAVE, STRICT REMOVE
Let Uj & UL be the User Join and Leave time and
DA & DR be the Document Add and Remove time
User Join (Uj)
Doc Add (DA)
Access time[DA –DR]
User Leave (UL)
Doc Remove (DR)
![Page 43: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/43.jpg)
43
CONCLUDE DECISION ENGINE
Can observe a pattern Check for conformance with gSIS operations properties Compute access start time Compute access end time.
Constructing the rule becomes tedious and complex to handle in OWL. Our prototype uses an pragmatic approach, Semantic web + procedural method.
Semantic Web technology to represent and reason about the hierarchy; Procedural method to compute access decisions relying on the gSIS semantics.
![Page 44: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/44.jpg)
44
AUTOMATING GROUP MEMBERSHIP
Automatically classifies users to relevant groups.
Leverages OWL feature of Necessary and Sufficient conditions.
Whenever a user satisfies the N&C, the user is added to the group.
![Page 45: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/45.jpg)
45
EXAMPLE
A Professor is added to the UMBC CS Tenure committee if He/She is a Full Professor A Professor @ UMBC. Faculty in the CS DepartmentThe ontology is as follows
![Page 46: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/46.jpg)
46
N & C
N & C
N & C
AUTOMATING GROUP MEMBERSHIP
![Page 47: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/47.jpg)
47
AUTOMATED DOCUMENT CLASSIFICATION
Documents are classified as Top Secret, Secret, Confidential, Restricted, Unclassified.
Groups can be governed by policies on the type of documents added to each group.
Utilizes OWL Features and Hierarchy resolution
![Page 48: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/48.jpg)
48
‘War room’ group contains all documents from level ‘ Top Secret’ and below.
‘Air Force’ group ‘Top Secret’ ‘ Air Force’ domain.
‘Air Force Research’ group ‘Air Force’ domain Unclassified
![Page 49: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/49.jpg)
49
SYSTEM IMPLEMENTATION
![Page 50: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/50.jpg)
50
SYSTEM IMPLEMENTATION
![Page 51: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/51.jpg)
53
RESULTS
![Page 52: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/52.jpg)
54
VALIDATION
We develop sample data set for the P & T use case
o To demonstrate hierarchical groups, we have two groups, ‘Tenure group’ and ‘Associate Professor Group’
o Data contains details about members and their documents.
o Rule : Tenure group members have access to the documents of ‘Associate Professor group’
![Page 53: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/53.jpg)
55
QUERIES
![Page 54: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/54.jpg)
56
QUERY 1: USER-DOCUMENT-TIME
Did Dr Finin have access to Dr Joshi’s Tenure file in 2005?
Access Granted
![Page 55: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/55.jpg)
57
QUERY 2: USER ACCESS DETAILS
List all the documents that Dr Finin has access to
![Page 56: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/56.jpg)
58
QUERY 3: DOCUMENT ACCESS
List all the users who have access to ‘Andrewdoc'[Andrew is an Assistant Prof and under consideration for tenure]
![Page 57: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/57.jpg)
59
QUERY 4: TIME BASED ACCESS
List all the documents that were accessible to users in 1994
![Page 58: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/58.jpg)
60
QUERY 5: USER-DOCUMENT
Did Dr Finin ever have access to Nicholasdoc?
![Page 59: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/59.jpg)
61
ALGORITHMIC COMPLEXITY
n users m documents Computing Access intervals would take n*m O(nm) when m=n O(n2)
Whenever group membership changes User joins the group: (1 * m) O(m) Document is added to the group: (n * 1) O(n)
![Page 60: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/60.jpg)
62
CONCLUSION
We have presented a agile framework for secure information sharing.
We have also modeled gSIS to support hierarchical groups and opened up opportunities to extend gSIS in several dimensions like automated group membership.
Finally we have demonstrated the usefulness of gSIS in real world applications.
![Page 61: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/61.jpg)
63
FUTURE WORK
Develop the administrative model for gSIS.
Write policies to enforce the gSIS operation semantics.
![Page 62: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/62.jpg)
64
![Page 63: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/63.jpg)
65
![Page 64: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/64.jpg)
66
REFERENCES[1]Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, Foundations for Group-Centric Secure Information Sharing Models. Proc. 14th ACM Symposium on Access Control Models and Technologies (SACMAT), Stresa, Italy, June 3-5, 2009, pages 115-124. [2] Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, Towards a Framework for Group-Centric Secure Collaboration. In Proc. 5th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), Crystal City, Virginia, November 11-14, 2009, pages 1-10. [3] Ravi Sandhu, Ram Krishnan, Jianwei Niu and William Winsborough, Group-Centric Models for Secure and Agile Information Sharing. In Proceedings 5th International Conference, on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2010, St. Petersburg, Russia, September 8-10, 2010, pages 55-69. Published as Springer Lecture Notes in Computer Science Vol. 6258, Computer Network Security (Igor Kotenko and Victor Skormin, editors), 2010. [4] T. Finin, A. Joshi, L. Kagal, J. Niu, R. Sandhu, W. Winsborough, and B. Thuraisingham, ROWLBAC - Representing Role Based Access Control in OWL, Proceedings of the 13th
ACM symposium on Access Control Models and Technologies, ACM Press New York, June 2008.
![Page 65: G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56649f155503460f94c29c58/html5/thumbnails/65.jpg)
67
[5] Anne Cregan, Malgorzata Mochol, Denny Vrandecic, Sean Bechhofer Pushing the limits of OWL, Rules and
Protégé. A simple example Workshop - OWL: Experiences and Directions (OWLED-2005), Galway, Ireland,
November 2005 [6] R. Sandhu et al, Role-Based Access Control Models, IEEE Computer, 29(2):38-47,Feb 1996,
Google Scholar Search [7] R. Sandhu and P. Samarati, Access Control: Principles and Practice, IEEE Communications, 32(9): 40-48, Sept. 1994, Google Scholar Search
[8] Semantic web: http://www.w3.org/2001/sw/ [9] Bechhofer, S.; van Harmelen, F.; Hendler, J.; Horrocks, I.; McGuinness, D.; Patel-Schneider, P.; and Stein, L. 2004. Owl web ontology language reference. w3crecommendation. [10] United States Intelligence community ‘INFORMATION SHARING STRATEGY’, OfficeOf the Director of National Intelligence, http://www.dni.gov/reports/IC_Information_Sharing_Strategy.pdf [11] Jones, H., and Soltren, J. 2005. Facebook: Threats to privacy.
REFERENCES