Social Media Platform Thomas Bauerei Armando Pesenti Gritti Andrei - - PowerPoint PPT Presentation

social media platform
SMART_READER_LITE
LIVE PREVIEW

Social Media Platform Thomas Bauerei Armando Pesenti Gritti Andrei - - PowerPoint PPT Presentation

Nov 08, 2022 309 likes •514 views

CoSMed: A Confidentiality-Verified Social Media Platform Thomas Bauerei Armando Pesenti Gritti Andrei Popescu Franco Raimondi Introduction Security in web-based applications Goal: Information flow control not just access

slide-1
SLIDE 1

CoSMed: A Confidentiality-Verified Social Media Platform

Thomas Bauereiß Armando Pesenti Gritti Andrei Popescu Franco Raimondi

slide-2
SLIDE 2

CoSMed: A Confidentiality-Verified Social Media Platform

Introduction

  • Security in web-based applications
  • Goal: Information flow control
  • not just access control!
slide-3
SLIDE 3

CoSMed: A Confidentiality-Verified Social Media Platform

Previous work

  • Security framework: Bounded Deducibility Security

(Kanav, Popescu, Lammich)

  • Highly expressive wrt. what information may be released

and when

  • (Interactive) verification technique
  • CoCon
  • Verified confidentiality of

► papers, ► reviews, ► reviewer names, ► discussions

slide-4
SLIDE 4

CoSMed: A Confidentiality-Verified Social Media Platform

CoSMed

  • Prototype social media

platform

  • Focus on confidentiality
  • Tailored for needs of a charity organization
slide-5
SLIDE 5

CoSMed: A Confidentiality-Verified Social Media Platform

CoSMed

slide-6
SLIDE 6

CoSMed: A Confidentiality-Verified Social Media Platform

CoSMed

slide-7
SLIDE 7

CoSMed: A Confidentiality-Verified Social Media Platform

System Architecture

Web application REST API wrapper Scala code Isabelle specification Code generation Security specification Proof step : state ⇒ act ⇒ out × state

slide-8
SLIDE 8

CoSMed: A Confidentiality-Verified Social Media Platform

Security Requirements

  • Confidentiality of
  • Friend-only posts

► Text, image, and title updates

  • Friendship information

► Who is friends with whom?

slide-9
SLIDE 9

CoSMed: A Confidentiality-Verified Social Media Platform

Bounded Deducibility Security

  • Generalization of Nondeducibility (Sutherland, ‘86):

∀𝑢 ∈ 𝑇𝑧𝑡, 𝑡 ∈ 𝑀𝑗𝑡𝑢(𝑇𝑓𝑑). ∃𝑢′ ∈ 𝑇𝑧𝑡. 𝑃 𝑢′ = 𝑃 𝑢 ∧ 𝑇 𝑢′ = 𝑡 where

  • 𝑇𝑧𝑡 ⊆ 𝑀𝑗𝑡𝑢(𝑈𝑠𝑏𝑜𝑡) is the set of possible execution traces of a

system (i.e., sequences of system transitions)

  • 𝑃 ∶ 𝑀𝑗𝑡𝑢(𝑈𝑠𝑏𝑜𝑡) → 𝑀𝑗𝑡𝑢(𝑃𝑐𝑡) maps traces to observations
  • 𝑇 ∶ 𝑀𝑗𝑡𝑢(𝑈𝑠𝑏𝑜𝑡) → 𝑀𝑗𝑡𝑢(𝑇𝑓𝑑) maps traces to secrets
slide-10
SLIDE 10

CoSMed: A Confidentiality-Verified Social Media Platform

Bounded Deducibility Security

  • Adding declassification:

∀𝑢 ∈ 𝑇𝑧𝑡, 𝑡 ∈ 𝑀𝑗𝑡𝑢(𝑇𝑓𝑑). 𝑻 𝒖 , 𝒕 ∈ 𝑪 ∧ ¬𝑼(𝒖) ⟶ ∃𝑢′ ∈ 𝑇𝑧𝑡. 𝑃 𝑢′ = 𝑃 𝑢 ∧ 𝑇 𝑢′ = 𝑡 where

  • 𝑪 ⊆ 𝑀𝑗𝑡𝑢(𝑇𝑓𝑑) × 𝑀𝑗𝑡𝑢(𝑇𝑓𝑑): declassification bound

► Specifies which secrets have to be indistinguishable from

which other secrets

  • 𝑼: declassification trigger

► If 𝑈 is true, secret information is allowed to be declassified

slide-11
SLIDE 11

CoSMed: A Confidentiality-Verified Social Media Platform

Post Confidentiality

  • Observations:
  • Actions (and outputs) performed by arbitrary but fixed set of

users

  • Secrets
  • Content updates of arbitrary but fixed post 𝑞

𝑑𝑠𝑢(𝑞, "1") 𝑔𝑠𝑜𝑒(𝑣1, 𝑣2) 𝑣𝑞𝑒(𝑞, "2") 𝑣𝑜𝑔𝑠𝑜𝑒(𝑣1, 𝑣2) 𝑣𝑞𝑒(𝑞, "3") 𝑠𝑒(𝑞) ⇒ "2" 𝑠𝑒(𝑞) ⇒ "2" “1” “2” “3”

slide-12
SLIDE 12

CoSMed: A Confidentiality-Verified Social Media Platform

Post Confidentiality

  • Declassification bound:
  • All secrets indistinguishable
  • Declassification trigger:
  • Observer and post owner become friends
  • r post becomes public

𝑑𝑠𝑢(𝑞, "1") 𝑔𝑠𝑜𝑒(𝑣1, 𝑣2) 𝑣𝑞𝑒(𝑞, "2") 𝑣𝑜𝑔𝑠𝑜𝑒(𝑣1, 𝑣2) 𝑣𝑞𝑒(𝑞, "3") “1” “2” “3” Too weak! What about “unfriending”? 𝑠𝑒(𝑞) ⇒ "2" 𝑠𝑒(𝑞) ⇒ "2"

slide-13
SLIDE 13

CoSMed: A Confidentiality-Verified Social Media Platform

Post Confidentiality

  • Distinguish two phases
  • Mark transitions

Sec = Post_Content + {Open, Close}

𝑑𝑠𝑢(𝑞, "1") 𝑔𝑠𝑜𝑒(𝑣1, 𝑣2) 𝑣𝑞𝑒(𝑞, "2") 𝑣𝑜𝑔𝑠𝑜𝑒(𝑣1, 𝑣2) 𝑣𝑞𝑒(𝑞, "3") “1” “2” “3” Closed Closed Open Open Close 𝑠𝑒(𝑞) ⇒ "2" 𝑠𝑒(𝑞) ⇒ "2"

slide-14
SLIDE 14

CoSMed: A Confidentiality-Verified Social Media Platform

Dynamic Declassification

Declassification bound for the closed phase: 𝐶𝐷(𝑣𝑚, 𝑣𝑚′)

slide-15
SLIDE 15

CoSMed: A Confidentiality-Verified Social Media Platform

Dynamic Declassification

... declassification bound for the open phase: 𝐶𝐷(𝑣𝑚, 𝑣𝑚′) 𝐶𝑃(𝑣𝑚, 𝑣𝑚)

slide-16
SLIDE 16

CoSMed: A Confidentiality-Verified Social Media Platform

Dynamic Declassification

... iterated via mutual induction: 𝐶𝐷(𝑣𝑚, 𝑣𝑚′) 𝐶𝑃(𝑣𝑚, 𝑣𝑚) last 𝑣𝑚 = last 𝑣𝑚′ 𝐶𝑃(𝑡𝑚, 𝑡𝑚′) … 𝐶𝐷 𝑣𝑚 ⋅ Open ⋅ 𝑡𝑚, 𝑣𝑚′ ⋅ Open ⋅ 𝑡𝑚′ 𝐶𝐷 𝑡𝑚, 𝑡𝑚′ 𝐶𝑃(𝑣𝑚 ⋅ Close ⋅ 𝑡𝑚, 𝑣𝑚 ⋅ Close ⋅ 𝑡𝑚′) 𝐶 = 𝐶𝐷

slide-17
SLIDE 17

CoSMed: A Confidentiality-Verified Social Media Platform

Verification

  • Unwinding
  • Construct alternative trace incrementally
  • Strategy for when and how to:

► match observable transitions in both traces ► insert/delete secret transitions as required by bound

  • “Unwinding relation” between original and alternative states

and remaining secrets

  • Proof of unwinding conditions
slide-18
SLIDE 18

CoSMed: A Confidentiality-Verified Social Media Platform

Verification

700 6500 200 1800 500 System specification Security spec. and proofs Safety properties BD Security Framework Accountability properties 1000 2000 3000 4000 5000 6000 7000

slide-19
SLIDE 19

CoSMed: A Confidentiality-Verified Social Media Platform

Conclusion

  • CoSMed:
  • https://cosmed.globalnoticeboard.com
  • Social media platform tailored for charity organization
  • Verified dynamic confidentiality requirements
  • Lesson learned for BD Security: declassification bounds

incorporating dynamic triggers

  • Next step: CoSMeDis
  • Extension of CoSMed to distributed system
  • Compositionality result for BD Security