slide collab com
TRANSCRIPT
Hien Thi Thu Truong 1, Claudia-Lavinia Ignat 1, Mohamed-Rafik Bouguelia 2, Pascal Molli 3
1 INRIA Nancy Grand Est, France 2 Nancy University, France 3 Nantes University, France {hien.truong, [email protected] } {[email protected]} {[email protected]}
A Contract-extended Push-Pull-Clone Model
7th International Conference on Collaborative Computing:Networking, Applications and Worksharing (CollaborateCom 2011)
Orlando, Florida, USA, October 15-18, 2011
2
22
● With collaboration provider:● Social services: Facebook, Google+,
Wikis, VCS, ...● Threat of privacy: service provider
has control over user's data
● Without collaboration provider:● Distributed Version Control System
(DVCS): Git, Mercurial● Scalability, fault tolerance, shared
administration costs, control over data given to users
Social collaboration models
3
33
Workflow of Centralized VCS
● Issues:● Require network connections for update and commit● Need collaboration providers● Single point of failure
4
44
Push-Pull-Clone model (PPC)
● Advantages:● Offline operations● More flexible workflows● No need of collaboration provider
5
55
Problem● In PPC model:
● Difficult to control over personal data after sharing
● Traditional usage control is made through:● Software license● Work contracts: rights and obligations
→ contract is “outside of system” and trust is implicitly expressed
● Related solutions:● Access control: cannot prevent misbehavior from inside users, a-priori
verification, closed systems where users are known● Contract-based models: not deployed for PPC collaboration
6
66
● Our goal: ● to make contracts expressed “inside of system” and to make trust
explicit in collaborative environments (for PPC model)
● Contract-extended Push-Pull-Clone model (C-PPC Model) adapted for distributed collaborative editing:
● Expression of usage restrictions (contracts)
● Logging document modifications and contracts
● Log-auditing mechanism for contract verification
● Synchronizing changes on data with contracts
● Updating trust levels based on log-auditing result (any trust model can be applied)
● A set of experiments performed in a simulator
Proposal
7
77
C-PPC Model Overview
● A single user:● Update contract when CLONE or PULL
● Resolve conflicts (if any)
● Auditing
● Work on replicated data respecting given contracts (Log)
● Specify contracts to users
● PUSH to a remote repository
● Push changes to different users with different contracts
9
99
…..EventsE
1E
2E
3E
4E
nE
n-1
Type Operation Attribute structure of events
Attr name Attr valueevent
attributes
writesharecontract
insertdeleteupdateshare
Log structure
e1 = (write, insert, {by,P1})
e2 = (write, delete, {by,P2})
Example:
10
1010
create(A)create (circle)change-color(circle)insert(star)
P1
P2
P3
A
P4
CONTRACT
C-PPC Model (2/4)
F: delete
P: insert
create(A)create (circle)change-color(circle)insert (star)P: insert (P1 → P4)
F: delete (P1 → P2)
create(A)create (circle)change-color(circle)insert(star)
insert (cloud)delete(A)
11
1111
● A contract primitive:● Defined based on operations (insert, delete, update,...)● Permission: Pop
● Obligation: Oop
● Forbiddance: Fop
● oMision: Mop
● Contract:● A set of contract primitives
Contract
c1 = (contract, delete, {by,P1}, {to,P2}, {modal, forbiddance})
c2 = (contract, share, {by,P1}, {to,P2}, {modal, permission})
C= {c1, c2}
12
1212
F: delete (P1 → P2)
P1
P2
P3
A
create(A)create (circle)change-color(circle)insert(star)
insert (cloud)delete(A)
A
P4
AUDITING
create(A)create (circle)change-color(circle)insert(star)
insert (cloud)delete(A)
F: delete (P1 → P2)
P2 misbehaved
C-PPC Model (3/4)
F: delete
F: delete (P2 → P3)
13
1313
Log auditing: ● detect misbehavior of collaborators
● audit action and contract violation● audit log tampering
● update trust levels
Audit results: a user can be evaluated as:– trustful / suspicious / distrustful / malicious
Log Auditing & Trust Assessment
Trust levels:– updated based on auditing results– any decentralized trust model can be used
14
1414
P1
P2
P3
A
create(A)create (circle)change-color(circle)insert (star)
insert (cloud)delete(A)
P: insert (P1 → P4)
A
P4
create(A)create (circle)change-color(circle)insert(star)
insert (cloud)delete(A)
F: delete (P1 → P2)
SYNCHRONISATION
F: delete (P1 → P2)
C-PPC Model (4/4)
F: delete
F: delete (P2 → P3)
F: delete (P2 → P3)F: delete (P3 → P4)
15
1515
… …
● Append new events from remote log into the end of local log● Ensure document convergence by using CRDTs (Commutative Replicated Data Type)● Resolve contract conflict
Log Synchronisation
16
1616
Contract Conflicts
P1
P2
P3
A
P4
Conflict
F: deleteF: insert
● Weak conflict● Permission conflicts Forbiddance
● Obligation conflicts Omission
→ take restrict one
● Strong conflict
● Obligation conflicts Forbiddance
→ block system
● Resolve conflicts:● Reject the received remote log● Cancel local log and accept the
new remote log→ Decision depending on contracts, trust levels and/or content
● Example:● F insert conflicts P insert
● O share conflicts F share
create(A)create (circle)change-color(circle)insert (star)
insert (cloud)delete(A)
P: insert (P1 → P4)F: delete (P1 → P2)
F: delete (P2 → P3)F: delete (P3 → P4)
17
1717
● Set up:● PeerSim simulator
● Networks of 200 peers
● Number of interactions at one step: 10
● Experiments:
● Experiment 1: Estimate detection of misbehaving users
● Experiment 2: Estimate time overhead of using contracts
Experiments
22
2222
● We proposed a contract-extended PPC model for P2P collaboration:● Awareness mechanism of using contracts
● logging document modifications and contracts
● log-auditing mechanism for contract verification
● log synchronization for write operations and contracts
● updating of trust values using any trust model
● simulating C-PPC model
● Our future work:● authenticators to prevent log-tampering● applications of the model in different domains (e.g. social networks)● wider ranges of contracts
Conclusions and Future works