social media platform

Social Media Platform Thomas Bauerei Armando Pesenti Gritti Andrei - PowerPoint PPT Presentation

CoSMed: A Confidentiality-Verified Social Media Platform Thomas Bauerei Armando Pesenti Gritti Andrei Popescu Franco Raimondi Introduction Security in web-based applications Goal: Information flow control not just access


  1. CoSMed: A Confidentiality-Verified Social Media Platform Thomas Bauereiß Armando Pesenti Gritti Andrei Popescu Franco Raimondi

  2. Introduction • Security in web-based applications • Goal: Information flow control  not just access control! CoSMed: A Confidentiality-Verified Social Media Platform

  3. Previous work • Security framework: Bounded Deducibility Security (Kanav, Popescu, Lammich)  Highly expressive wrt. what information may be released and when  (Interactive) verification technique • CoCon  Verified confidentiality of ► papers, ► reviews, ► reviewer names, ► discussions CoSMed: A Confidentiality-Verified Social Media Platform

  4. CoSMed • Prototype social media platform • Focus on confidentiality • Tailored for needs of a charity organization CoSMed: A Confidentiality-Verified Social Media Platform

  5. CoSMed CoSMed: A Confidentiality-Verified Social Media Platform

  6. CoSMed CoSMed: A Confidentiality-Verified Social Media Platform

  7. System Architecture step : state ⇒ act ⇒ out × state Code generation Isabelle Scala specification code REST API Proof wrapper Web application Security specification CoSMed: A Confidentiality-Verified Social Media Platform

  8. Security Requirements • Confidentiality of  Friend-only posts ► Text, image, and title updates  Friendship information ► Who is friends with whom? CoSMed: A Confidentiality-Verified Social Media Platform

  9. Bounded Deducibility Security • Generalization of Nondeducibility (Sutherland, ‘86): ∀𝑢 ∈ 𝑇𝑧𝑡, 𝑡 ∈ 𝑀𝑗𝑡𝑢(𝑇𝑓𝑑). ∃𝑢 ′ ∈ 𝑇𝑧𝑡. 𝑃 𝑢 ′ = 𝑃 𝑢 ∧ 𝑇 𝑢 ′ = 𝑡 where 𝑇𝑧𝑡 ⊆ 𝑀𝑗𝑡𝑢(𝑈𝑠𝑏𝑜𝑡) is the set of possible execution traces of a  system (i.e., sequences of system transitions) 𝑃 ∶ 𝑀𝑗𝑡𝑢(𝑈𝑠𝑏𝑜𝑡) → 𝑀𝑗𝑡𝑢(𝑃𝑐𝑡) maps traces to observations  𝑇 ∶ 𝑀𝑗𝑡𝑢(𝑈𝑠𝑏𝑜𝑡) → 𝑀𝑗𝑡𝑢(𝑇𝑓𝑑) maps traces to secrets  CoSMed: A Confidentiality-Verified Social Media Platform

  10. Bounded Deducibility Security • Adding declassification: ∀𝑢 ∈ 𝑇𝑧𝑡, 𝑡 ∈ 𝑀𝑗𝑡𝑢(𝑇𝑓𝑑). 𝑻 𝒖 , 𝒕 ∈ 𝑪 ∧ ¬𝑼(𝒖) ⟶ ∃𝑢 ′ ∈ 𝑇𝑧𝑡. 𝑃 𝑢 ′ = 𝑃 𝑢 ∧ 𝑇 𝑢 ′ = 𝑡 where 𝑪 ⊆ 𝑀𝑗𝑡𝑢(𝑇𝑓𝑑) × 𝑀𝑗𝑡𝑢(𝑇𝑓𝑑) : declassification bound  ► Specifies which secrets have to be indistinguishable from which other secrets 𝑼 : declassification trigger  ► If 𝑈 is true, secret information is allowed to be declassified CoSMed: A Confidentiality-Verified Social Media Platform

  11. Post Confidentiality • Observations:  Actions (and outputs) performed by arbitrary but fixed set of users • Secrets Content updates of arbitrary but fixed post 𝑞  “1” “2” 𝑠𝑒(𝑞) ⇒ "2" “3” 𝑑𝑠𝑢(𝑞, "1") 𝑔𝑠𝑜𝑒(𝑣 1 , 𝑣 2 ) 𝑣𝑞𝑒(𝑞, "2") 𝑠𝑒(𝑞) ⇒ "2" 𝑣𝑜𝑔𝑠𝑜𝑒(𝑣 1 , 𝑣 2 ) 𝑣𝑞𝑒(𝑞, "3") CoSMed: A Confidentiality-Verified Social Media Platform

  12. Post Confidentiality • Declassification bound: Too weak! What about  All secrets indistinguishable “unfriending”? • Declassification trigger:  Observer and post owner become friends or post becomes public “1” “2” 𝑠𝑒(𝑞) ⇒ "2" “3” 𝑑𝑠𝑢(𝑞, "1") 𝑔𝑠𝑜𝑒(𝑣 1 , 𝑣 2 ) 𝑣𝑞𝑒(𝑞, "2") 𝑠𝑒(𝑞) ⇒ "2" 𝑣𝑜𝑔𝑠𝑜𝑒(𝑣 1 , 𝑣 2 ) 𝑣𝑞𝑒(𝑞, "3") CoSMed: A Confidentiality-Verified Social Media Platform

  13. Post Confidentiality Sec = Post_Content  Distinguish two phases + {Open, Close}  Mark transitions Closed Open Closed “1” “2” 𝑠𝑒(𝑞) ⇒ "2" “3” Open Close 𝑑𝑠𝑢(𝑞, "1") 𝑔𝑠𝑜𝑒(𝑣 1 , 𝑣 2 ) 𝑣𝑞𝑒(𝑞, "2") 𝑠𝑒(𝑞) ⇒ "2" 𝑣𝑜𝑔𝑠𝑜𝑒(𝑣 1 , 𝑣 2 ) 𝑣𝑞𝑒(𝑞, "3") CoSMed: A Confidentiality-Verified Social Media Platform

  14. Dynamic Declassification Declassification bound for the closed phase: 𝐶𝐷(𝑣𝑚, 𝑣𝑚′) CoSMed: A Confidentiality-Verified Social Media Platform

  15. Dynamic Declassification ... declassification bound for the open phase: 𝐶𝐷(𝑣𝑚, 𝑣𝑚′) 𝐶𝑃(𝑣𝑚, 𝑣𝑚) CoSMed: A Confidentiality-Verified Social Media Platform

  16. Dynamic Declassification 𝐶 = 𝐶𝐷 ... iterated via mutual induction: 𝐶𝐷(𝑣𝑚, 𝑣𝑚′) 𝐶𝑃(𝑣𝑚, 𝑣𝑚) last 𝑣𝑚 = last 𝑣𝑚 ′ 𝐶𝑃(𝑡𝑚, 𝑡𝑚 ′ ) … 𝐶𝐷 𝑣𝑚 ⋅ Open ⋅ 𝑡𝑚, 𝑣𝑚 ′ ⋅ Open ⋅ 𝑡𝑚 ′ 𝐶𝐷 𝑡𝑚, 𝑡𝑚 ′ 𝐶𝑃(𝑣𝑚 ⋅ Close ⋅ 𝑡𝑚, 𝑣𝑚 ⋅ Close ⋅ 𝑡𝑚 ′ ) CoSMed: A Confidentiality-Verified Social Media Platform

  17. Verification • Unwinding  Construct alternative trace incrementally  Strategy for when and how to: ► match observable transitions in both traces ► insert/delete secret transitions as required by bound “Unwinding relation” between original and alternative states  and remaining secrets  Proof of unwinding conditions CoSMed: A Confidentiality-Verified Social Media Platform

  18. Verification 7000 6500 6000 5000 4000 3000 1800 2000 1000 700 500 200 0 System Security spec. Safety BD Security Accountability specification and proofs properties Framework properties CoSMed: A Confidentiality-Verified Social Media Platform

  19. Conclusion • CoSMed:  https://cosmed.globalnoticeboard.com  Social media platform tailored for charity organization  Verified dynamic confidentiality requirements  Lesson learned for BD Security: declassification bounds incorporating dynamic triggers • Next step: CoSMeDis  Extension of CoSMed to distributed system  Compositionality result for BD Security CoSMed: A Confidentiality-Verified Social Media Platform

Recommend


More recommend