Daniela Oliveira 1, Dhiraj Murthy 1, Henric Johnson 2, S. Felix Wu 3, Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology.

A Socially-Aware Operating System for Trustworthy Computing

Daniela Oliveira1 , Dhiraj Murthy1, Henric Johnson2, S. Felix Wu3, Roozbeh Nia3 and Jeff Rowe3

1Bowdoin College2Blekinge Institute of Technology3University of California at Davis

IEEE Workshop on Semantics, Security and PrivacySeptember 21, 2011

Introduction

Limitations of Traditional Defense Solutions

The Challenge of Computing with Social Trust

The Socially-Aware OS

Applications, Benefits and Threats

Concluding Remarks

Outline

OSNs: rise in popularity; Malware landscape complex; Internet: social platform

◦ What can be trusted?

OSNs and the Malware Landscape

InternetInternet

Based on social trust;

OS, architecture and applications should become socially-aware;

OSN users assign/have inferred trust values for friends and objects;

Continuum trusted-untrusted.

A Trustworthy Computing Paradigm

Distinguishing Benign x Malicious Signature, Behavior, Information-flow

models:◦ Automated, rigid and threat-specific.

Shift to Web-based computer paradigm:◦ Users accomplish most of their computing need

with browser.

What if we leverage social trust to distinguish a continuum of trusted/untrusted?

◦ Flexibility

◦ Diversity

◦ Stronger security policies

How can we think differently?

Signature-based◦ Defeated by code obfuscation, polymorphism,

metamorphism◦ Cannot prevent zero-day attacks

Behavior-based◦ Susceptible to false positives◦ Depends of relevant training data

Information flow-based◦ Usually assumes all data from the Internet as

untrusted: too restrictive

Traditional Defense Solutions

Unpredictability

Diversity

Continuum of trust/untrusted values

Human role

What is Missing?

In Sociology:◦ Essential commodity◦ Functional pre-requisite for society

Tool for making trustworthy decisions◦ Risk and uncertainty◦ An added bonus?

Computing with Social Trust◦ New research area

Social Trust

Operating systems manages:

◦ Processes;

◦ Memory;

◦ File systems;

◦ I/O devices;

The Socially- Aware Framework

Operating systems manages:

◦ Processes;

◦ Memory;

◦ File systems;

◦ I/O devices;

◦ Social trust

The Socially- Aware Framework

The Socially-Aware OS

People user is connected to: email addresses

Objects: URLs, files, IP addresses, files; Privacy preserved: only sharable objects

User Trust Repository

20 Years of Linux: http://www.cnn.com/2011/TECH/gaming.gadgets/08/25/linux.20/index.html?hpt=hp_bn7

Bowdoin College IP: 139.140.214.196/16

[email protected]

http://www.cc.gatech.edu/~brendan/Virtuoso_Oakland.pdf

http://sourceforge.net/projects/jedit/files/jedit/4.4.1/jedit4.4.1install.exe/download

OSN Server

TR User 1

TR User 2

TR User 3

TR User N

TR Alice

NetworkNetwork

Trust-aware syscall interface

social_synch()

TR: Trust Repository

OS

Alice

TR Alice

Usage Model

OSN Server

TR User 1

TR User 2

TR User 3

TR User N

TR Alice

NetworkNetwork

Trust-aware syscall interface

social_synch()

TR: Trust Repository

OS

Alice

TR Alice

Usage Model

OSN Server

TR User 1

TR User 2

TR User 3

TR User N

TR Alice

NetworkNetwork

Trust-aware syscall interface

social_synch()

TR: Trust Repository

OS

Alice

TR Alice

Usage Model

Adaptation of Web of Trust (Richardson et al.’ 03)

Modeling and Inferring Trust

tij = amount of trust user i has for her friend user j

tjk = amount of trust user j has for her friend user k

tik = amount of trust user i should have for user k, not directly connected, function of tij and tjk

T – Personal Trust Matrix

NxN matrix, where N is the number of user

ti = row vector of user i trust in other users

tik = how much user i trusts her friend user k

tkj = how much user k trusts her friend user j

(tik . tkj) = amount user i trusts user j via k

∑k (tik . tkj) = how much user i trusts user j via any other node.

Represents trust between any two users◦ Aggregation function concatenates trusts along

paths

M – Merged Trust Matrix

(1) M(0) = T(2) M(n) = T . M (n-1)

Repeat (2) until M(n) = M(n-1)

M(i) is the value of M in iteration i.

Matrix multiplication definition:

Cij = ∑k (Aik . Bkj)

Personal beliefs:◦ Asserted by a user to an object in her trust

repository

How to Infer Trust for Objects?

bi = user i’s personal belief (trust) on a certain object.

b = collection of personal beliefs in a particular object

How much a user believes in any sharable object in the network?

Computes for any user, her belief in any sharable object

The Merged Beliefs Structure (b)

(1) b(0) = b(2) b(n) = T . b(n-1) or (bi)n = ∑k (tik . (bk)n-1)

Repeat (2) until b(n) = b(n-1)

where:

b(i) is the value of b in iteration i.

Streamline security policies and decision-making process:

◦ Restriction of system resources based on trust;◦ Software installation, URL visit.

Information-flow tracking with refined trust levels;

Anti-SPAM techniques.

Applications and Benefits

OSN or OS compromised:◦ Attacker increases trust values for malicious

objects:

System behave as if trustworthy framework was never installed;

High trust values do not mean higher privileges: The higher the trust, the closer to default levels without

social trust

◦ Attacker decreases trust values for benign objects: DoS attack.

Threats to the Model

Challenges

◦ Management and reliability of social data/trust: reliability, ethics issues, no standard API;

◦ The socially-aware kernel: managing multiple repositories, performance, usability, Sybil attacks, identity management.

◦ Confidentiality and Security: new vulnerabilities, privacy leaks, exporting trust information.

Concluding Remarks

Thank you!