Theoretical Improvements in Algorithmic Efficiency for Network Flow Problems
Journal of the ACM (JACM)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Efficiently serving dynamic data at highly accessed web sites
IEEE/ACM Transactions on Networking (TON)
Characterizing dynamics of information leakage in security-sensitive software process
ACSW Frontiers '05 Proceedings of the 2005 Australasian workshop on Grid computing and e-research - Volume 44
Understanding and developing role-based administrative models
Proceedings of the 12th ACM conference on Computer and communications security
Fast Random Walk with Restart and Its Applications
ICDM '06 Proceedings of the Sixth International Conference on Data Mining
Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Quantitative information flow as network flow capacity
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Securing distributed systems with information flow control
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Microscopic evolution of social networks
Proceedings of the 14th ACM SIGKDD international conference on Knowledge discovery and data mining
SmallBlue: Social Network Analysis for Expertise Search and Collective Intelligence
ICDE '09 Proceedings of the 2009 IEEE International Conference on Data Engineering
Trading in risk: using markets to improve access control
Proceedings of the 2008 workshop on New security paradigms
Automatic Discovery and Quantification of Information Leaks
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Scalable proximity estimation and link prediction in online social networks
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
A metadata calculus for secure information sharing
Proceedings of the 16th ACM conference on Computer and communications security
Networks, Crowds, and Markets: Reasoning About a Highly Connected World
Networks, Crowds, and Markets: Reasoning About a Highly Connected World
Proceedings of the first ACM conference on Data and application security and privacy
Account Reachability: A Measure of Privacy Risk for Exposure of a User's Multiple SNS Accounts
Proceedings of International Conference on Information Integration and Web-based Applications & Services
On quantitative dynamic data flow tracking
Proceedings of the 4th ACM conference on Data and application security and privacy
A time-evolution model for the privacy degree of information disseminated in online social networks
International Journal of Communication Networks and Distributed Systems
Hi-index | 0.00 |
Information leakage via the networks formed by subjects (e.g., Facebook, Twitter) and objects (e.g., blogosphere) - some of whom may be controlled by malicious insiders - often leads to unpredicted access control risks. While it may be impossible to precisely quantify information flows between two entities (e.g., two friends in a social network), this paper presents a first attempt towards leveraging recent advances in modeling socio-information networks to develop a statistical risk estimation paradigm for quantifying such insider threats. In the context of socio-information networks, our models estimate the following likelihoods: prior flow - has a subject $s$ acquired covert access to object o via the networks? posterior flow - if s is granted access to o, what is its impact on information flows between subject s' and object o'? network evolution - how will a newly created social relationship between s and s' influence current risk estimates? Our goal is not to prescribe a one-size-fits-all solution; instead we develop a set of composable network-centric risk estimation operators, with implementations configurable to concrete socio-information networks. The efficacy of our solutions is empirically evaluated using real-life datasets collected from the IBM SmallBlue project and Twitter.