A Socially-Aware Operating System for
Download
Report
Transcript A Socially-Aware Operating System for
Daniela Oliveira1 , Dhiraj Murthy1, Henric Johnson2,
S. Felix Wu3, Roozbeh Nia3 and Jeff Rowe3
1Bowdoin
College
2Blekinge Institute of Technology
3University of California at Davis
IEEE Workshop on Semantics, Security and Privacy
September 21, 2011
Introduction
Limitations of Traditional Defense Solutions
The Challenge of Computing with Social Trust
The Socially-Aware OS
Applications, Benefits and Threats
Concluding Remarks
OSNs: rise in popularity;
Malware landscape complex;
Internet: social platform
◦ What can be trusted?
Internet
Based on social trust;
OS, architecture and applications should
become socially-aware;
OSN users assign/have inferred trust values
for friends and objects;
Continuum trusted-untrusted.
Signature, Behavior, Information-flow
models:
◦ Automated, rigid and threat-specific.
Shift to Web-based computer paradigm:
◦ Users accomplish most of their computing need
with browser.
What if we leverage social trust to distinguish
a continuum of trusted/untrusted?
◦ Flexibility
◦ Diversity
◦ Stronger security policies
Signature-based
◦ Defeated by code obfuscation, polymorphism,
metamorphism
◦ Cannot prevent zero-day attacks
Behavior-based
◦ Susceptible to false positives
◦ Depends of relevant training data
Information flow-based
◦ Usually assumes all data from the Internet as
untrusted: too restrictive
Unpredictability
Diversity
Continuum of trust/untrusted values
Human role
In Sociology:
◦ Essential commodity
◦ Functional pre-requisite for society
Tool for making trustworthy decisions
◦ Risk and uncertainty
◦ An added bonus?
Computing with Social Trust
◦ New research area
Operating systems manages:
◦ Processes;
◦ Memory;
◦ File systems;
◦ I/O devices;
Operating systems manages:
◦ Processes;
◦ Memory;
◦ File systems;
◦ I/O devices;
◦ Social trust
People user is connected to: email addresses
Objects: URLs, files, IP addresses, files;
Privacy preserved: only sharable objects
[email protected]
Bowdoin College IP: 139.140.214.196/16
http://sourceforge.net/projects/jedit/files/jedit/4.4.1/jedit4.4.1install.exe/download
20 Years of Linux: http://www.cnn.com/2011/TECH/gaming.gadgets/08/25/linux.20/index.html?hpt=hp_bn7
http://www.cc.gatech.edu/~brendan/Virtuoso_Oakland.pdf
Alice
OSN Server
TR User 1
TR User N
TR User 2
TR Alice
Trust-aware syscall interface
TR User 3
TR: Trust Repository
TR Alice
Network
social_synch()
OS
Alice
OSN Server
TR User 1
TR User N
TR User 2
TR Alice
Trust-aware syscall interface
TR User 3
social_synch()
TR: Trust Repository
TR Alice
Network
OS
Alice
OSN Server
TR User 1
TR User N
TR User 2
TR Alice
Trust-aware syscall interface
TR User 3
TR: Trust Repository
Network
social_synch()
TR Alice
OS
Adaptation of Web of Trust (Richardson et al.’ 03)
tij = amount of trust user i has for her friend user j
tjk = amount of trust user j has for her friend user k
tik = amount of trust user i should have for user k, not directly
connected, function of tij and tjk
NxN matrix, where N is the number of user
ti = row vector of user i trust in other users
tik = how much user i trusts her friend user k
tkj = how much user k trusts her friend user j
(tik . tkj) = amount user i trusts user j via k
∑k (tik . tkj) = how much user i trusts user j via any other node.
Represents trust between any two users
◦ Aggregation function concatenates trusts along
paths
(1) M(0) = T
(2) M(n) = T . M (n-1)
Repeat (2) until M(n) = M(n-1)
M(i) is the value of M in iteration i.
Matrix multiplication definition:
Cij = ∑k (Aik . Bkj)
Personal beliefs:
◦ Asserted by a user to an object in her trust
repository
bi = user i’s personal belief (trust) on a certain object.
b = collection of personal beliefs in a particular object
How much a user believes in any sharable object in the network?
Computes for any user, her belief in any
sharable object
(1) b(0) = b
(2) b(n) = T . b(n-1) or (bi)n = ∑k (tik . (bk)n-1)
Repeat (2) until b(n) = b(n-1)
where:
b(i) is the value of b in iteration i.
Streamline security policies and decisionmaking process:
◦ Restriction of system resources based on trust;
◦ Software installation, URL visit.
Information-flow tracking with refined trust
levels;
Anti-SPAM techniques.
OSN or OS compromised:
◦ Attacker increases trust values for malicious
objects:
System behave as if trustworthy framework was never
installed;
High trust values do not mean higher privileges:
The higher the trust, the closer to default levels without
social trust
◦ Attacker decreases trust values for benign objects:
DoS attack.
Challenges
◦ Management and reliability of social data/trust:
reliability, ethics issues, no standard API;
◦ The socially-aware kernel: managing multiple
repositories, performance, usability, Sybil attacks,
identity management.
◦ Confidentiality and Security: new vulnerabilities,
privacy leaks, exporting trust information.