TY - GEN
T1 - Modeling data flow in socio-information networks
T2 - 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011
AU - Wang, Ting
AU - Srivatsa, Mudhakar
AU - Agrawal, Dakshi
AU - Liu, Ling
N1 - Copyright:
Copyright 2011 Elsevier B.V., All rights reserved.
PY - 2011
Y1 - 2011
N2 - Information leakage via the networks formed by subjects (e.g., Facebook, Twitter) and objects (e.g., blogosphere) - some of whom may be controlled by malicious insiders - often leads to unpredicted access control risks. While it may be impossible to precisely quantify information flows between two entities (e.g., two friends in a social network), this paper presents a first attempt towards leveraging recent advances in modeling socio-information networks to develop a statistical risk estimation paradigm for quantifying such insider threats. In the context of socio-information networks, our models estimate the following likelihoods: prior flow - has a subject s acquired covert access to object o via the networks? posterior flow - if s is granted access to o, what is its impact on information flows between subject s′ and object o!? network evolution - how will a newly created social relationship between s and s′ influence current risk estimates? Our goal is not to prescribe a one-size-fits-all solution; instead we develop a set of composable network-centric risk estimation operators, with implementations configurable to concrete socio-information networks. The efficacy of our solutions is empirically evaluated using real-life datasets collected from the IBM SmallBlue project and Twitter.
AB - Information leakage via the networks formed by subjects (e.g., Facebook, Twitter) and objects (e.g., blogosphere) - some of whom may be controlled by malicious insiders - often leads to unpredicted access control risks. While it may be impossible to precisely quantify information flows between two entities (e.g., two friends in a social network), this paper presents a first attempt towards leveraging recent advances in modeling socio-information networks to develop a statistical risk estimation paradigm for quantifying such insider threats. In the context of socio-information networks, our models estimate the following likelihoods: prior flow - has a subject s acquired covert access to object o via the networks? posterior flow - if s is granted access to o, what is its impact on information flows between subject s′ and object o!? network evolution - how will a newly created social relationship between s and s′ influence current risk estimates? Our goal is not to prescribe a one-size-fits-all solution; instead we develop a set of composable network-centric risk estimation operators, with implementations configurable to concrete socio-information networks. The efficacy of our solutions is empirically evaluated using real-life datasets collected from the IBM SmallBlue project and Twitter.
UR - http://www.scopus.com/inward/record.url?scp=79960177943&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79960177943&partnerID=8YFLogxK
U2 - 10.1145/1998441.1998458
DO - 10.1145/1998441.1998458
M3 - Conference contribution
AN - SCOPUS:79960177943
SN - 9781450307215
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 113
EP - 122
BT - SACMAT'11 - Proceedings of the 16th ACM Symposium on Access Control Models and Technologies
Y2 - 15 June 2011 through 17 June 2011
ER -