A Socially-Aware Operating System for Trustworthy Computing
Daniela Oliveira1 , Dhiraj Murthy1, Henric Johnson2, S. Felix Wu3, Roozbeh Nia3 and Jeff Rowe3
1Bowdoin College2Blekinge Institute of Technology3University of California at Davis
IEEE Workshop on Semantics, Security and PrivacySeptember 21, 2011
Introduction
Limitations of Traditional Defense Solutions
The Challenge of Computing with Social Trust
The Socially-Aware OS
Applications, Benefits and Threats
Concluding Remarks
Outline
OSNs: rise in popularity; Malware landscape complex; Internet: social platform
◦ What can be trusted?
OSNs and the Malware Landscape
Internet
Based on social trust;
OS, architecture and applications should become socially-aware;
OSN users assign/have inferred trust values for friends and objects;
Continuum trusted-untrusted.
A Trustworthy Computing Paradigm
Distinguishing Benign x Malicious Signature, Behavior, Information-flow
models:◦ Automated, rigid and threat-specific.
Shift to Web-based computer paradigm:◦ Users accomplish most of their computing need
with browser.
What if we leverage social trust to distinguish a continuum of trusted/untrusted?
◦ Flexibility
◦ Diversity
◦ Stronger security policies
How can we think differently?
Signature-based◦ Defeated by code obfuscation, polymorphism,
metamorphism◦ Cannot prevent zero-day attacks
Behavior-based◦ Susceptible to false positives◦ Depends of relevant training data
Information flow-based◦ Usually assumes all data from the Internet as
untrusted: too restrictive
Traditional Defense Solutions
Unpredictability
Diversity
Continuum of trust/untrusted values
Human role
What is Missing?
In Sociology:◦ Essential commodity◦ Functional pre-requisite for society
Tool for making trustworthy decisions◦ Risk and uncertainty◦ An added bonus?
Computing with Social Trust◦ New research area
Social Trust
Operating systems manages:
◦ Processes;
◦ Memory;
◦ File systems;
◦ I/O devices;
The Socially- Aware Framework
Operating systems manages:
◦ Processes;
◦ Memory;
◦ File systems;
◦ I/O devices;
◦ Social trust
The Socially- Aware Framework
The Socially-Aware OS
People user is connected to: email addresses
Objects: URLs, files, IP addresses, files; Privacy preserved: only sharable objects
User Trust Repository
20 Years of Linux: http://www.cnn.com/2011/TECH/gaming.gadgets/08/25/linux.20/index.html?hpt=hp_bn7
Bowdoin College IP: 139.140.214.196/16
http://www.cc.gatech.edu/~brendan/Virtuoso_Oakland.pdf
http://sourceforge.net/projects/jedit/files/jedit/4.4.1/jedit4.4.1install.exe/download
OSN Server
TR User 1
TR User 2
TR User 3
TR User N
TR Alice
Network
Trust-aware syscall interfacesocial_synch()
TR: Trust Repository
OS
Alice
TR Alice
Usage Model
OSN Server
TR User 1
TR User 2
TR User 3
TR User N
TR Alice
Network
Trust-aware syscall interfacesocial_synch()
TR: Trust Repository
OS
Alice
TR Alice
Usage Model
OSN Server
TR User 1
TR User 2
TR User 3
TR User N
TR Alice
Network
Trust-aware syscall interfacesocial_synch()
TR: Trust Repository
OS
Alice
TR Alice
Usage Model
Adaptation of Web of Trust (Richardson et al.’ 03)
Modeling and Inferring Trust
tij = amount of trust user i has for her friend user j
tjk = amount of trust user j has for her friend user k
tik = amount of trust user i should have for user k, not directly connected, function of tij and tjk
T – Personal Trust MatrixNxN matrix, where N is the number of user
ti = row vector of user i trust in other users
tik = how much user i trusts her friend user k
tkj = how much user k trusts her friend user j
(tik . tkj) = amount user i trusts user j via k
∑k (tik . tkj) = how much user i trusts user j via any other node.
Represents trust between any two users◦ Aggregation function concatenates trusts along
paths
M – Merged Trust Matrix
(1) M(0) = T(2) M(n) = T . M (n-1)
Repeat (2) until M(n) = M(n-1)
M(i) is the value of M in iteration i.
Matrix multiplication definition:
Cij = ∑k (Aik . Bkj)
Personal beliefs:◦ Asserted by a user to an object in her trust
repository
How to Infer Trust for Objects?
bi = user i’s personal belief (trust) on a certain object.
b = collection of personal beliefs in a particular object
How much a user believes in any sharable object in the network?
Computes for any user, her belief in any sharable object
The Merged Beliefs Structure (b)
(1) b(0) = b(2) b(n) = T . b(n-1) or (bi)n = ∑k (tik . (bk)n-1)
Repeat (2) until b(n) = b(n-1)
where:
b(i) is the value of b in iteration i.
Streamline security policies and decision-making process:
◦ Restriction of system resources based on trust;◦ Software installation, URL visit.
Information-flow tracking with refined trust levels;
Anti-SPAM techniques.
Applications and Benefits
OSN or OS compromised:◦ Attacker increases trust values for malicious
objects:
System behave as if trustworthy framework was never installed;
High trust values do not mean higher privileges: The higher the trust, the closer to default levels without
social trust
◦ Attacker decreases trust values for benign objects: DoS attack.
Threats to the Model
Challenges
◦ Management and reliability of social data/trust: reliability, ethics issues, no standard API;
◦ The socially-aware kernel: managing multiple repositories, performance, usability, Sybil attacks, identity management.
◦ Confidentiality and Security: new vulnerabilities, privacy leaks, exporting trust information.
Concluding Remarks
Thank you!