Users share data on multiple platforms where access control is managed according to the platform-specific policy. However, some data is conceptually owned by peers in a manner that is platform-independent. To enable peers to manage access control rights on such data we introduce PePPer, a tool for fine-grained, personal access control. This system, which runs on the client side, enables loading data items from different sources and annotating them with fine-grained access control requirements via provenance-style Boolean expressions. These expressions are evaluated to decide whether the client is allowed to share the data with a given peer, using a taxonomy that compactly captures data ownership and access control policies. If credentials depend on the unknown access policy of other peers, PePPer probes them to obtain relevant access permissions. For that, we employ efficient algorithms that minimizes the expected number of probes. Our algorithm adapt techniques from stochastic Boolean evaluation to our setting by accounting for multiple peers, policies, expressions and the access control taxonomy. Throughout this process, PePPer further presents to the client a continually updated partial view of the data currently known to be safely shareable. We demonstrate PePPer for the sharing of calendar entries among peers, using as example real-life calendars of politicians and public figures.
|Title of host publication||Proceedings - 2019 IEEE 35th International Conference on Data Engineering, ICDE 2019|
|Publisher||IEEE Computer Society|
|Number of pages||4|
|State||Published - Apr 2019|
|Event||35th IEEE International Conference on Data Engineering, ICDE 2019 - Macau, China|
Duration: 8 Apr 2019 → 11 Apr 2019
|Name||Proceedings - International Conference on Data Engineering|
|Conference||35th IEEE International Conference on Data Engineering, ICDE 2019|
|Period||8/04/19 → 11/04/19|
Bibliographical noteFunding Information:
This work was funded in part by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Ministers Office, and by the Israel Science Foundation (grant No. 1157/16).
© 2019 IEEE.
- Access control
- Boolean evaluation
- Fine grained provenance
- Personal data