-
Private Approximate Query over Horizontal Data Federation
Authors:
Ala Eddine Laouir,
Abdessamad Imine
Abstract:
In many real-world scenarios, multiple data providers need to collaboratively perform analysis of their private data. The challenges of these applications, especially at the big data scale, are time and resource efficiency as well as end-to-end privacy with minimal loss of accuracy. Existing approaches rely primarily on cryptography, which improves privacy, but at the expense of query response tim…
▽ More
In many real-world scenarios, multiple data providers need to collaboratively perform analysis of their private data. The challenges of these applications, especially at the big data scale, are time and resource efficiency as well as end-to-end privacy with minimal loss of accuracy. Existing approaches rely primarily on cryptography, which improves privacy, but at the expense of query response time. However, current big data analytics frameworks require fast and accurate responses to large-scale queries, making cryptography-based solutions less suitable. In this work, we address the problem of combining Approximate Query Processing (AQP) and Differential Privacy (DP) in a private federated environment answering range queries on horizontally partitioned multidimensional data. We propose a new approach that considers a data distribution-aware online sampling technique to accelerate the execution of range queries and ensure end-to-end data privacy during and after analysis with minimal loss in accuracy. Through empirical evaluation, we show that our solution is able of providing up to 8 times faster processing than the basic non-secure solution while maintaining accuracy, formal privacy guarantees and resilience to learning-based attacks.
△ Less
Submitted 17 June, 2024;
originally announced June 2024.
-
Cryptocurrency Frauds for Dummies: How ChatGPT introduces us to fraud?
Authors:
Wail Zellagui,
Abdessamad Imine,
Yamina Tadjeddine
Abstract:
Recent advances in the field of large language models (LLMs), particularly the ChatGPT family, have given rise to a powerful and versatile machine interlocutor, packed with knowledge and challenging our understanding of learning. This interlocutor is a double-edged sword: it can be harnessed for a wide variety of beneficial tasks, but it can also be used to cause harm. This study explores the comp…
▽ More
Recent advances in the field of large language models (LLMs), particularly the ChatGPT family, have given rise to a powerful and versatile machine interlocutor, packed with knowledge and challenging our understanding of learning. This interlocutor is a double-edged sword: it can be harnessed for a wide variety of beneficial tasks, but it can also be used to cause harm. This study explores the complicated interaction between ChatGPT and the growing problem of cryptocurrency fraud. Although ChatGPT is known for its adaptability and ethical considerations when used for harmful purposes, we highlight the deep connection that may exist between ChatGPT and fraudulent actions in the volatile cryptocurrency ecosystem. Based on our categorization of cryptocurrency frauds, we show how to influence outputs, bypass ethical terms, and achieve specific fraud goals by manipulating ChatGPT prompts. Furthermore, our findings emphasize the importance of realizing that ChatGPT could be a valuable instructor even for novice fraudsters, as well as understanding and safely deploying complex language models, particularly in the context of cryptocurrency frauds. Finally, our study underlines the importance of using LLMs responsibly and ethically in the digital currency sector, identifying potential risks and resolving ethical issues. It should be noted that our work is not intended to encourage and promote fraud, but rather to raise awareness of the risks of fraud associated with the use of ChatGPT.
△ Less
Submitted 5 June, 2024;
originally announced June 2024.
-
Developers Need Protection, Too: Perspectives and Research Challenges for Privacy in Social Coding Platforms
Authors:
Nicolás E. Díaz Ferreyra,
Abdessamad Imine,
Melina Vidoni,
Riccardo Scandariato
Abstract:
Social Coding Platforms (SCPs) like GitHub have become central to modern software engineering thanks to their collaborative and version-control features. Like in mainstream Online Social Networks (OSNs) such as Facebook, users of SCPs are subjected to privacy attacks and threats given the high amounts of personal and project-related data available in their profiles and software repositories. Howev…
▽ More
Social Coding Platforms (SCPs) like GitHub have become central to modern software engineering thanks to their collaborative and version-control features. Like in mainstream Online Social Networks (OSNs) such as Facebook, users of SCPs are subjected to privacy attacks and threats given the high amounts of personal and project-related data available in their profiles and software repositories. However, unlike in OSNs, the privacy concerns and practices of SCP users have not been extensively explored nor documented in the current literature. In this work, we present the preliminary results of an online survey (N=105) addressing developers' concerns and perceptions about privacy threats steaming from SCPs. Our results suggest that, although users express concern about social and organisational privacy threats, they often feel safe sharing personal and project-related information on these platforms. Moreover, attacks targeting the inference of sensitive attributes are considered more likely than those seeking to re-identify source-code contributors. Based on these findings, we propose a set of recommendations for future investigations addressing privacy and identity management in SCPs.
△ Less
Submitted 3 March, 2023;
originally announced March 2023.
-
Private Link Exchange over Social Graphs
Authors:
Hiep H. Nguyen,
Abdessamad Imine,
Michael Rusinowitch
Abstract:
Currently, most of the online social networks (OSN) keep their data secret and in centralized manner. Researchers are allowed to crawl the underlying social graphs (and data) but with limited rates, leading to only partial views of the true social graphs. To overcome this constraint, we may start from user perspective, the contributors of the OSNs. More precisely, if users cautiously collaborate w…
▽ More
Currently, most of the online social networks (OSN) keep their data secret and in centralized manner. Researchers are allowed to crawl the underlying social graphs (and data) but with limited rates, leading to only partial views of the true social graphs. To overcome this constraint, we may start from user perspective, the contributors of the OSNs. More precisely, if users cautiously collaborate with one another, they can use the very infrastructure of the OSNs to exchange noisy friend lists with their neighbors in several rounds. In the end, they can build local subgraphs, also called local views of the true social graph. In this paper, we propose such protocols for the problem of \textit{private link exchange} over social graphs.
The problem is unique in the sense that the disseminated data over the links are the links themselves. However, there exist fundamental questions about the feasibility of this model. The first question is how to define simple and effective privacy concepts for the link exchange processes. The second question comes from the high volume of link lists in exchange which may increase exponentially round after round. While storage and computation complexity may be affordable for desktop PCs, communication costs are non-trivial. We address both questions by a simple $(α,β)$-exchange using Bloom filters.
△ Less
Submitted 6 September, 2016;
originally announced September 2016.
-
Detecting Communities under Differential Privacy
Authors:
Hiep H. Nguyen,
Abdessamad Imine,
Michael Rusinowitch
Abstract:
Complex networks usually expose community structure with groups of nodes sharing many links with the other nodes in the same group and relatively few with the nodes of the rest. This feature captures valuable information about the organization and even the evolution of the network. Over the last decade, a great number of algorithms for community detection have been proposed to deal with the increa…
▽ More
Complex networks usually expose community structure with groups of nodes sharing many links with the other nodes in the same group and relatively few with the nodes of the rest. This feature captures valuable information about the organization and even the evolution of the network. Over the last decade, a great number of algorithms for community detection have been proposed to deal with the increasingly complex networks. However, the problem of doing this in a private manner is rarely considered. In this paper, we solve this problem under differential privacy, a prominent privacy concept for releasing private data. We analyze the major challenges behind the problem and propose several schemes to tackle them from two perspectives: input perturbation and algorithm perturbation. We choose Louvain method as the back-end community detection for input perturbation schemes and propose the method LouvainDP which runs Louvain algorithm on a noisy super-graph. For algorithm perturbation, we design ModDivisive using exponential mechanism with the modularity as the score. We have thoroughly evaluated our techniques on real graphs of different sizes and verified their outperformance over the state-of-the-art.
△ Less
Submitted 7 July, 2016;
originally announced July 2016.
-
A Constraint-based Approach for Generating Transformation Patterns
Authors:
Asma Cherif,
Abdessamad Imine
Abstract:
Undoing operations is an indispensable feature for many collaborative applications, mainly collaborative editors. It provides the ability to restore a correct state of shared data after erroneous operations. In particular, selective undo allows to undo any operation and is based on rearranging operations in the history thanks to the Operational Transformation (OT) approach. OT is an optimistic r…
▽ More
Undoing operations is an indispensable feature for many collaborative applications, mainly collaborative editors. It provides the ability to restore a correct state of shared data after erroneous operations. In particular, selective undo allows to undo any operation and is based on rearranging operations in the history thanks to the Operational Transformation (OT) approach. OT is an optimistic replication technique allowing for updating the shared data concurrently while maintaining convergence. It is a challenging task how to meaningfully combine OT and undo approaches. Indeed, undoing operations that are received and executed out-of-order at different sites leads to divergence cases. Even though various undo solutions have been proposed over the recent years, they are either limited or erroneous.
In this paper, we propose a constraint-based approach to address the undo problem. We use Constraint Satisfaction Problem (CSP) theory to devise correct and undoable transformation patterns (w.r.t OT and undo properties) which considerably simplifies the design of collaborative objects.
△ Less
Submitted 23 December, 2015;
originally announced December 2015.
-
Efficient Polling Protocol for Decentralized Social Networks
Authors:
Bao-Thien Hoang,
Abdessamad Imine
Abstract:
We address the polling problem in social networks where individuals collaborate to choose the most favorite choice amongst some options, without divulging their vote and publicly exposing their potentially malicious actions. Given this social interaction model, Guerraoui et al. recently proposed polling protocols that do not rely on any central authority or cryptography system, using a simple secr…
▽ More
We address the polling problem in social networks where individuals collaborate to choose the most favorite choice amongst some options, without divulging their vote and publicly exposing their potentially malicious actions. Given this social interaction model, Guerraoui et al. recently proposed polling protocols that do not rely on any central authority or cryptography system, using a simple secret sharing scheme along with verification procedures to accurately compute the poll's final result. However, these protocols can be deployed safely and efficiently provided that, inter alia, the social graph structure should be transformed into a ring structure-based overlay and the number of participating users is perfect square. Consequently, designing \emph{secure} and \emph{efficient} polling protocols regardless these constraints remains a challenging issue.
In this paper, we present EPol, a simple decentralized polling protocol that relies on the current state of social graphs. More explicitly, we define one family of social graphs that satisfy what we call the $m$-broadcasting property (where $m$ is less than or equal to the minimum node degree) and show their structures enable low communication cost and constitute necessary and sufficient condition to ensure vote privacy and limit the impact of dishonest users on the accuracy of the polling output. Our protocol is effective to compute more precisely the final result. Furthermore, despite the use of richer social graph structures, the communication and spatial complexities of EPol are close to be linear.
△ Less
Submitted 24 December, 2014;
originally announced December 2014.
-
Anonymizing Social Graphs via Uncertainty Semantics
Authors:
Hiep H. Nguyen,
Abdessamad Imine,
Michaël Rusinowitch
Abstract:
Rather than anonymizing social graphs by generalizing them to super nodes/edges or adding/removing nodes and edges to satisfy given privacy parameters, recent methods exploit the semantics of uncertain graphs to achieve privacy protection of participating entities and their relationship. These techniques anonymize a deterministic graph by converting it into an uncertain form. In this paper, we pro…
▽ More
Rather than anonymizing social graphs by generalizing them to super nodes/edges or adding/removing nodes and edges to satisfy given privacy parameters, recent methods exploit the semantics of uncertain graphs to achieve privacy protection of participating entities and their relationship. These techniques anonymize a deterministic graph by converting it into an uncertain form. In this paper, we propose a generalized obfuscation model based on uncertain adjacency matrices that keep expected node degrees equal to those in the unanonymized graph. We analyze two recently proposed schemes and show their fitting into the model. We also point out disadvantages in each method and present several elegant techniques to fill the gap between them. Finally, to support fair comparisons, we develop a new tradeoff quantifying framework by leveraging the concept of incorrectness in location privacy research. Experiments on large social graphs demonstrate the effectiveness of our schemes.
△ Less
Submitted 6 August, 2014;
originally announced August 2014.
-
On Consistency of Operational Transformation Approach
Authors:
Aurel Randolph,
Hanifa Boucheneb,
Abdessamad Imine,
Alejandro Quintero
Abstract:
The Operational Transformation (OT) approach, used in many collaborative editors, allows a group of users to concurrently update replicas of a shared object and exchange their updates in any order. The basic idea of this approach is to transform any received update operation before its execution on a replica of the object. This transformation aims to ensure the convergence of the different repl…
▽ More
The Operational Transformation (OT) approach, used in many collaborative editors, allows a group of users to concurrently update replicas of a shared object and exchange their updates in any order. The basic idea of this approach is to transform any received update operation before its execution on a replica of the object. This transformation aims to ensure the convergence of the different replicas of the object, even though the operations are executed in different orders. However, designing transformation functions for achieving convergence is a critical and challenging issue. Indeed, the transformation functions proposed in the literature are all revealed incorrect.
In this paper, we investigate the existence of transformation functions for a shared string altered by insert and delete operations. From the theoretical point of view, two properties - named TP1 and TP2 - are necessary and sufficient to ensure convergence. Using controller synthesis technique, we show that there are some transformation functions which satisfy only TP1 for the basic signatures of insert and delete operations. As a matter of fact, it is impossible to meet both properties TP1 and TP2 with these simple signatures.
△ Less
Submitted 13 February, 2013;
originally announced February 2013.
-
A General Approach for Securely Querying and Updating XML Data
Authors:
Houari Mahfoud,
Abdessamad Imine
Abstract:
Over the past years several works have proposed access control models for XML data where only read-access rights over non-recursive DTDs are considered. A few amount of works have studied the access rights for updates. In this paper, we present a general model for specifying access control on XML data in the presence of update operations of W3C XQuery Update Facility. Our approach for enforcing su…
▽ More
Over the past years several works have proposed access control models for XML data where only read-access rights over non-recursive DTDs are considered. A few amount of works have studied the access rights for updates. In this paper, we present a general model for specifying access control on XML data in the presence of update operations of W3C XQuery Update Facility. Our approach for enforcing such updates specifications is based on the notion of query rewriting where each update operation defined over arbitrary DTD (recursive or not) is rewritten to a safe one in order to be evaluated only over XML data which can be updated by the user. We investigate in the second part of this report the secure of XML updating in the presence of read-access rights specified by a security views. For an XML document, a security view represents for each class of users all and only the parts of the document these users are able to see. We show that an update operation defined over a security view can cause disclosure of sensitive data hidden by this view if it is not thoroughly rewritten with respect to both read and update access rights. Finally, we propose a security view based approach for securely updating XML in order to preserve the confidentiality and integrity of XML data.
△ Less
Submitted 31 January, 2012;
originally announced February 2012.
-
Secure Querying of Recursive XML Views: A Standard XPath-based Technique
Authors:
Houari Mahfoud,
Abdessamad Imine
Abstract:
Most state-of-the art approaches for securing XML documents allow users to access data only through authorized views defined by annotating an XML grammar (e.g. DTD) with a collection of XPath expressions. To prevent improper disclosure of confidential information, user queries posed on these views need to be rewritten into equivalent queries on the underlying documents. This rewriting enables us t…
▽ More
Most state-of-the art approaches for securing XML documents allow users to access data only through authorized views defined by annotating an XML grammar (e.g. DTD) with a collection of XPath expressions. To prevent improper disclosure of confidential information, user queries posed on these views need to be rewritten into equivalent queries on the underlying documents. This rewriting enables us to avoid the overhead of view materialization and maintenance. A major concern here is that query rewriting for recursive XML views is still an open problem. To overcome this problem, some works have been proposed to translate XPath queries into non-standard ones, called Regular XPath queries. However, query rewriting under Regular XPath can be of exponential size as it relies on automaton model. Most importantly, Regular XPath remains a theoretical achievement. Indeed, it is not commonly used in practice as translation and evaluation tools are not available. In this paper, we show that query rewriting is always possible for recursive XML views using only the expressive power of the standard XPath. We investigate the extension of the downward class of XPath, composed only by child and descendant axes, with some axes and operators and we propose a general approach to rewrite queries under recursive XML views. Unlike Regular XPath-based works, we provide a rewriting algorithm which processes the query only over the annotated DTD grammar and which can run in linear time in the size of the query. An experimental evaluation demonstrates that our algorithm is efficient and scales well.
△ Less
Submitted 12 December, 2011;
originally announced December 2011.
-
On Coordinating Collaborative Objects
Authors:
Abdessamad Imine
Abstract:
A collaborative object represents a data type (such as a text document) designed to be shared by a group of dispersed users. The Operational Transformation (OT) is a coordination approach used for supporting optimistic replication for these objects. It allows the users to concurrently update the shared data and exchange their updates in any order since the convergence of all replicas, i.e. th…
▽ More
A collaborative object represents a data type (such as a text document) designed to be shared by a group of dispersed users. The Operational Transformation (OT) is a coordination approach used for supporting optimistic replication for these objects. It allows the users to concurrently update the shared data and exchange their updates in any order since the convergence of all replicas, i.e. the fact that all users view the same data, is ensured in all cases. However, designing algorithms for achieving convergence with the OT approach is a critical and challenging issue. In this paper, we propose a formal compositional method for specifying complex collaborative objects. The most important feature of our method is that designing an OT algorithm for the composed collaborative object can be done by reusing the OT algorithms of component collaborative objects. By using our method, we can start from correct small collaborative objects which are relatively easy to handle and incrementally combine them to build more complex collaborative objects.
△ Less
Submitted 28 July, 2010;
originally announced July 2010.
-
Experiments in Model-Checking Optimistic Replication Algorithms
Authors:
Hanifa Boucheneb,
Abdessamad Imine
Abstract:
This paper describes a series of model-checking experiments to verify optimistic replication algorithms based on Operational Transformation (OT) approach used for supporting collaborative edition. We formally define, using tool UPPAAL, the behavior and the main consistency requirement (i.e. convergence property) of the collaborative editing systems, as well as the abstract behavior of the enviro…
▽ More
This paper describes a series of model-checking experiments to verify optimistic replication algorithms based on Operational Transformation (OT) approach used for supporting collaborative edition. We formally define, using tool UPPAAL, the behavior and the main consistency requirement (i.e. convergence property) of the collaborative editing systems, as well as the abstract behavior of the environment where these systems are supposed to operate. Due to data replication and the unpredictable nature of user interactions, such systems have infinitely many states. So, we show how to exploit some features of the UPPAAL specification language to attenuate the severe state explosion problem. Two models are proposed. The first one, called concrete model, is very close to the system implementation but runs up against a severe explosion of states. The second model, called symbolic model, aims to overcome the limitation of the concrete model by delaying the effective selection and execution of editing operations until the construction of symbolic execution traces of all sites is completed. Experimental results have shown that the symbolic model allows a significant gain in both space and time. Using the symbolic model, we have been able to show that if the number of sites exceeds 2 then the convergence property is not satisfied for all OT algorithms considered here. A counterexample is provided for every algorithm.
△ Less
Submitted 21 April, 2008; v1 submitted 18 April, 2008;
originally announced April 2008.
