Bechara Al Bouna

A multimedia access control language for virtual and ambient intelligence environments

Access control models are becoming increasingly important in several application domains especially in distributed environments like those addressed by Web Services. Established approaches such as DAC [16] , MAC [16] RBAC [11, 12, 22] and others [6, 5, 15, 1] suggest representing users in different ways (labels, roles, credentials, etc.) in order to facilitate the association of authorization and access control policies. In intelligent and virtual ambient applications, users exist in a controlled environment equipped with multimedia sensors such as cameras and microphones, and use their terminals in several application environments. In this paper, we study the problem of integrating multimedia objects into access control models and particularly role-based ones. Here, we describe a Multimedia Access Control Language (M 2ACL) in which users and roles are described by using sets of mul- timedia objects,greatly increasing the flexibility of access control policies and their applicability to virtual and ambient intelligence (AmI environments.We address potential risks related to the use of multimedia objects by defining the concept of filter functions used to aggregate a set of values into a relevant one.Finally,we present a set of functional specification and the experiments conducted to validate the proposed approach.

Multimedia-based authorization and access control policy specification

Exchanging multimedia objects between wide ranges of distributed applications, web services, and end-users is rapidly increasing in several application domains (medicine, surveillance, e-learning, etc.). In confidential applications, one of the emergent problems to deal with is data authorization and access control. Several textual-oriented authorization models have been provided in the literature. However, multimedia data are more complex in structure and content than textual ones, and thus require new relevant models to provide full multimedia-oriented components specification. In this paper, we address this problem and present a new approach able to improve authorization and access control policies by combining multimedia objects features (shape, color, texture, etc.) with textual descriptors. We also extend the widely used Role Based Access Control (RBAC) model by considering additional concepts useful to improve authorization control, and by integrating different types of possible links between users of different roles to avoid security breaches.

Security and Privacy Preserving in Social Networks

This volume aims at assessing the current approaches and technologies, as well as to outline the major challenges and future perspectives related to the security and privacy protection of social networks. It provides the reader with an overview of the state-of-the art techniques, studies, and approaches as well as outlining future directions in this field. A wide range of interdisciplinary contributions from various research groups ensures for a balanced and complete perspective.

Secure Outsourcing of Network Flow Data Analysis

In this paper, we identify a new and challenging application for the growing field of research on data anonymization and secure outsourcing of storage and computations to the cloud. Network flow data analysis is of high importance for network monitoring and management. Network monitoring applications reveal new challenges not yet addressed in the secure outsourcing literature. The secure and verifiable outsourcing of computation on anonymized network flow records provides a practical tool for network operators in order to harness the cloud benefits, which untapped until now because of privacy concerns. We present representative use-cases and problems, and identify sample related work that can be utilized for developing an effective solution.

MCA2CM: Multimedia Context-Aware Access Control Model

The rapid development of information systems has lead in many ways to the definition of advanced authorization and access control models. Recent models have considered context (such as time, location, age, etc.) as key issue to allow flexible and dynamic policy specification. However, these models are application-dependent, text-based, complex to manage, and insufficient to deny unauthorized access in several cases. Multimedia-based context (user surrounding snapshot, his moves and gesture, etc.) reveals interesting information which is considered of complimentary importance to textual-based context and should be considered in several scenarios while defining access control conditions. In this paper, we extend current models with Multimedia Context-Based Conditions for Access Control Models based on: flexible multimedia data description, complex and multi-criteria conditions (Mcc), and an uncertainty resolver able to reduce potential risk related to the use of multimedia data and similarity functions. Our approach is capable of enforcing current access control models and providing easy-to-use access control policies. Here we present a set of experimental tests that we have conducted to validate the proposed approach.

Detecting Inference Channels in Private Multimedia Data via Social Networks

Indirect access to protected information has been one of the key challenges facing the international community for the last decade. Providing techniques to control direct access to sensitive information remain insufficient against inference channels established when legitimate data reveal classified facts hidden from unauthorized users. Several techniques have been proposed in the literature to meet indirect access prevention. However, those addressing the inference problem when involving multimedia objects (images, audio, video, etc.) remain few and hold several drawbacks. In essence, the complex structure of multimedia objects makes the fact of detecting indirect access a difficult task. In this paper, we propose a novel approach to detect possible inference channels established between multimedia objects representing persons by combining social network information with unmasked content of multimedia objects. Here, we present the techniques used to map the content of social networks to the set of multimedia objects at hand. We also provide an MiD function able to determine whether an unmasked multimedia object combined with data from the social network infers a sensitive multimedia object.

Anonymizing transactional datasets

In this paper, we study the privacy breach caused by unsafe correlations in transactional data where individuals have multiple tuples in a dataset. We provide two safety constraints to guarantee safe correlation of the data: 1 the safe grouping constraint to ensure that quasi-identifier and sensitive partitions are bounded by l-diversity and 2 the schema decomposition constraint to eliminate non-arbitrary correlations between non-sensitive and sensitive values to protect privacy and at the same time increase the aggregate analysis. In our technique, values are grouped together in unique partitions that enforce l-diversity at the level of individuals. We also propose an association preserving technique to increase the ability to learn/analyze from the anonymized data. To evaluate our approach, we conduct a set of experiments to determine the privacy breach and investigate the anonymization cost of safe grouping and preserving associations.

de -linkability: a privacy-preserving constraint for safely outsourcing multimedia documents

Outsourcing social multimedia documents is a growing practice among several companies in a way to shift their business globally. It is a cost-effective process where those companies tend to gain more profits disregarding eventual privacy risks. In fact, several case studies have showed that adversaries are capable of identifying individuals, whose identities need to be kept private, using the content of their multimedia documents. In this paper, we propose de-linkability, a privacy-preserving constraint to bound the amount of information outsourced that can be used to re-identify the individual. We also provide a sanitizing MD*-algorithm to enforce de-linkability and present a set of experiments to demonstrate its efficiency.

A Flexible Image-Based Access Control Model for Social Networks

Nowadays, social network are tremendously spreading their tentacles over the web community providing appropriate and well adapted tools for sharing images. A fundamental glitch to consider is their ability to provide suitable techniques to preserve individuals’ privacy. Indeed, there is an urgent need to guarantee privacy by making available to end-users, tools to enforce their privacy constraints. This cannot be done over images as simple as it has been designed so far for textual data. In fact, images, as all other multimedia objects are of complex structure due to the gap between their raw data and their actual semantic descriptions. Without these descriptions, protecting their content is a difficult matter which outlines the premise of our work. In this chapter, we present a novel security model for image content protection. In our model, we provide dynamic security rules based on first order logic to express constraints that can be applied to contextual information as well as low level features of images. We finally discuss a set of experiments and studies carried out to evaluate the proposed approach.

Using safety constraint for transactional dataset anonymization

In this paper, we address privacy breaches in transactional data where individuals have multiple tuples in a dataset. We provide a safe grouping principle to ensure that correlated values are grouped together in unique partitions that enforce l-diversity at the level of individuals. We conduct a set of experiments to evaluate privacy breach and the anonymization cost of safe grouping.