PePPer: Fine-grained personal access control via peer probing

Yael Amsterdamer; Osnat Drien

doi:10.1109/icde.2019.00227

PePPer: Fine-grained personal access control via peer probing

Yael Amsterdamer, Osnat Drien

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

Users share data on multiple platforms where access control is managed according to the platform-specific policy. However, some data is conceptually owned by peers in a manner that is platform-independent. To enable peers to manage access control rights on such data we introduce PePPer, a tool for fine-grained, personal access control. This system, which runs on the client side, enables loading data items from different sources and annotating them with fine-grained access control requirements via provenance-style Boolean expressions. These expressions are evaluated to decide whether the client is allowed to share the data with a given peer, using a taxonomy that compactly captures data ownership and access control policies. If credentials depend on the unknown access policy of other peers, PePPer probes them to obtain relevant access permissions. For that, we employ efficient algorithms that minimizes the expected number of probes. Our algorithm adapt techniques from stochastic Boolean evaluation to our setting by accounting for multiple peers, policies, expressions and the access control taxonomy. Throughout this process, PePPer further presents to the client a continually updated partial view of the data currently known to be safely shareable. We demonstrate PePPer for the sharing of calendar entries among peers, using as example real-life calendars of politicians and public figures.

Original language	English
Title of host publication	Proceedings - 2019 IEEE 35th International Conference on Data Engineering, ICDE 2019
Publisher	IEEE Computer Society
Pages	2012-2015
Number of pages	4
ISBN (Electronic)	9781538674741
DOIs	https://doi.org/10.1109/icde.2019.00227
State	Published - Apr 2019
Event	35th IEEE International Conference on Data Engineering, ICDE 2019 - Macau, China Duration: 8 Apr 2019 → 11 Apr 2019

Publication series

Name	Proceedings - International Conference on Data Engineering
Volume	2019-April
ISSN (Print)	1084-4627

Conference

Conference	35th IEEE International Conference on Data Engineering, ICDE 2019
Country/Territory	China
City	Macau
Period	8/04/19 → 11/04/19

Bibliographical note

Publisher Copyright:
© 2019 IEEE.

Funding

This work was funded in part by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Ministers Office, and by the Israel Science Foundation (grant No. 1157/16).

Funders	Funder number
Australian Prime Ministers Centre
Israel Science Foundation	1157/16

Keywords

Access control
Boolean evaluation
Fine grained provenance
Personal data

Access to Document

10.1109/icde.2019.00227

Cite this

@inproceedings{4175f23060064f2aa4b33d139822cf23,

title = "PePPer: Fine-grained personal access control via peer probing",

abstract = "Users share data on multiple platforms where access control is managed according to the platform-specific policy. However, some data is conceptually owned by peers in a manner that is platform-independent. To enable peers to manage access control rights on such data we introduce PePPer, a tool for fine-grained, personal access control. This system, which runs on the client side, enables loading data items from different sources and annotating them with fine-grained access control requirements via provenance-style Boolean expressions. These expressions are evaluated to decide whether the client is allowed to share the data with a given peer, using a taxonomy that compactly captures data ownership and access control policies. If credentials depend on the unknown access policy of other peers, PePPer probes them to obtain relevant access permissions. For that, we employ efficient algorithms that minimizes the expected number of probes. Our algorithm adapt techniques from stochastic Boolean evaluation to our setting by accounting for multiple peers, policies, expressions and the access control taxonomy. Throughout this process, PePPer further presents to the client a continually updated partial view of the data currently known to be safely shareable. We demonstrate PePPer for the sharing of calendar entries among peers, using as example real-life calendars of politicians and public figures.",

keywords = "Access control, Boolean evaluation, Fine grained provenance, Personal data",

author = "Yael Amsterdamer and Osnat Drien",

note = "Publisher Copyright: {\textcopyright} 2019 IEEE.; 35th IEEE International Conference on Data Engineering, ICDE 2019 ; Conference date: 08-04-2019 Through 11-04-2019",

year = "2019",

month = apr,

doi = "10.1109/icde.2019.00227",

language = "אנגלית",

series = "Proceedings - International Conference on Data Engineering",

publisher = "IEEE Computer Society",

pages = "2012--2015",

booktitle = "Proceedings - 2019 IEEE 35th International Conference on Data Engineering, ICDE 2019",

address = "ארצות הברית",

}

Amsterdamer, Y & Drien, O 2019, PePPer: Fine-grained personal access control via peer probing. in Proceedings - 2019 IEEE 35th International Conference on Data Engineering, ICDE 2019., 8731366, Proceedings - International Conference on Data Engineering, vol. 2019-April, IEEE Computer Society, pp. 2012-2015, 35th IEEE International Conference on Data Engineering, ICDE 2019, Macau, China, 8/04/19. https://doi.org/10.1109/icde.2019.00227

PePPer: Fine-grained personal access control via peer probing. / Amsterdamer, Yael; Drien, Osnat.
Proceedings - 2019 IEEE 35th International Conference on Data Engineering, ICDE 2019. IEEE Computer Society, 2019. p. 2012-2015 8731366 (Proceedings - International Conference on Data Engineering; Vol. 2019-April).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - PePPer

T2 - 35th IEEE International Conference on Data Engineering, ICDE 2019

AU - Amsterdamer, Yael

AU - Drien, Osnat

PY - 2019/4

Y1 - 2019/4

N2 - Users share data on multiple platforms where access control is managed according to the platform-specific policy. However, some data is conceptually owned by peers in a manner that is platform-independent. To enable peers to manage access control rights on such data we introduce PePPer, a tool for fine-grained, personal access control. This system, which runs on the client side, enables loading data items from different sources and annotating them with fine-grained access control requirements via provenance-style Boolean expressions. These expressions are evaluated to decide whether the client is allowed to share the data with a given peer, using a taxonomy that compactly captures data ownership and access control policies. If credentials depend on the unknown access policy of other peers, PePPer probes them to obtain relevant access permissions. For that, we employ efficient algorithms that minimizes the expected number of probes. Our algorithm adapt techniques from stochastic Boolean evaluation to our setting by accounting for multiple peers, policies, expressions and the access control taxonomy. Throughout this process, PePPer further presents to the client a continually updated partial view of the data currently known to be safely shareable. We demonstrate PePPer for the sharing of calendar entries among peers, using as example real-life calendars of politicians and public figures.

AB - Users share data on multiple platforms where access control is managed according to the platform-specific policy. However, some data is conceptually owned by peers in a manner that is platform-independent. To enable peers to manage access control rights on such data we introduce PePPer, a tool for fine-grained, personal access control. This system, which runs on the client side, enables loading data items from different sources and annotating them with fine-grained access control requirements via provenance-style Boolean expressions. These expressions are evaluated to decide whether the client is allowed to share the data with a given peer, using a taxonomy that compactly captures data ownership and access control policies. If credentials depend on the unknown access policy of other peers, PePPer probes them to obtain relevant access permissions. For that, we employ efficient algorithms that minimizes the expected number of probes. Our algorithm adapt techniques from stochastic Boolean evaluation to our setting by accounting for multiple peers, policies, expressions and the access control taxonomy. Throughout this process, PePPer further presents to the client a continually updated partial view of the data currently known to be safely shareable. We demonstrate PePPer for the sharing of calendar entries among peers, using as example real-life calendars of politicians and public figures.

KW - Access control

KW - Boolean evaluation

KW - Fine grained provenance

KW - Personal data

UR - http://www.scopus.com/inward/record.url?scp=85067993620&partnerID=8YFLogxK

U2 - 10.1109/icde.2019.00227

DO - 10.1109/icde.2019.00227

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85067993620

T3 - Proceedings - International Conference on Data Engineering

SP - 2012

EP - 2015

BT - Proceedings - 2019 IEEE 35th International Conference on Data Engineering, ICDE 2019

PB - IEEE Computer Society

Y2 - 8 April 2019 through 11 April 2019

ER -

PePPer: Fine-grained personal access control via peer probing

Abstract

Publication series

Conference

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this