Abstract
During the past decade, online collaboration has grown from a practice primarily associated with the workplace to a social phenomenon, where ordinary people share information about their life, hobbies, interests, politics etc. In particular, social software, such as open collaborative authoring systems like wikis, has become increasingly popular. This is probably best illustrated through the immense popularity of the Wikipedia, which is a free encyclopedia collaboratively edited by thousands of Internet users with a minimum of administration.
As more and more people come to rely on the information stored in open collaborative authoring systems, security is becoming an important concern for such systems. Inaccuracies in the Wikipedia have been rumoured to cause students to fail courses, innocent people have been associated with the murder of John F. Kennedy, etc. Improving the correctness, completeness and integrity of information in collaboratively authored documents is therefore of vital importance to the continued success of such systems.
It has previously been observed that integrity is the most important security property in open collaborative authoring systems. In this paper we propose a general security model for open collaborative authoring systems based on a combination of classic integrity mechanisms from computer security and reputation systems. The model is able to accommodate a number of different integrity policies and three different policies are presented in the paper. While the model provides a reputation based assessment of the trustworthiness of the information contained in a document, the primary objective is to prevent untrustworthy authors from compromising the integrity of the document. In order to determine the effectiveness of the proposed integrity model, we present an attacker model for open collaborative authoring systems, which allows us to calculate the vulnerability of a given document based on the fraction of malicious authors in the system.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
What is Wiki, http://www.wiki.org/wiki.cgi?WhatIsWiki (visited December 28, 2006)
Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Wiki (visited December 28, 2006)
Denning, P., Horning, J., Parnas, D., Weinstein, L.: Wikipedia Risks, in Inside Risks 186. Communications of the ACM 48(12) (2005)
Meyer, B.: Defense and Illustration of Wikipedia (2006), http://se.ethz.ch/~meyer/publications/wikipedia/wikipedia.pdf (visited January 15, 2009)
Orlowski, A.: Avoid Wikipedia, warns Wikipedia chief, It can seriously damage your grades. The Register (June 15, 2006)
Seigenthaler, J.: A false Wikipedia ’biography’. Editorial in USA TODAY (November 29, 2005)
Chittenden, M.: Comedy of errors hits the world of Wikipedia. The Sunday Times (February 12, 2006)
Giles, J.: Internet encyclopaedias go head to head. Nature (December 15, 2005)
Britannica, E.: Fatally Flawed. Refuting the recent study on encyclopedic accuracy by the journal Nature (March 2006)
Jensen, C.D.: Integrity in in Open Collaborative Authoring Systems. In: Proceedings of the Joint iTrust and PST Conferences on Privacy, Trust Management and Security (2007)
Amazon website, http://www.amazon.com (visited December 28, 2008)
eBay Internet auction website, http://www.ebay.com (visited March 12, 2009)
Against Intuition, Inc.: WOT website, http://www.mywot.com/en/wot/home (visited December 28, 2008)
Jøsang, A., Ismail, R., Boyd, C.: A Survey of Trust and Reputation Systems for Online Service Provision. Decision Support Systems 43(2), 618–644 (2007)
Zaihrayeu, I., da Silva, P.P., McGuinness, D.L.: IWTrust: Improving user trust in answers from the web. In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 384–392. Springer, Heidelberg (2005)
Dondio, P., Barrett, S., Weber, S., Seigneur, J.-M.: Extracting Trust from Domain Analysis: A Case Study on the Wikipedia Project. In: Yang, L.T., Jin, H., Ma, J., Ungerer, T. (eds.) ATC 2006. LNCS, vol. 4158, pp. 362–373. Springer, Heidelberg (2006)
Thomas Adler, B., de Alfaro, L.: A Content-Driven Reputation System for the Wikipedia. In: Proceedings of the 16th international conference on World Wide Web, pp. 261–270 (2007)
Kramer, M., Gregorowicz, A., Iyer, B.: Wiki Trust Metrics based on Phrasal Analysis. In: Proceedings of the 4th International Symposium on Wikis (WikiSym 2008), Porto, Portugal (2008)
Kittur, A., Suh, B., Chi, E.H.: Can you ever trust a wiki?: impacting perceived trustworthiness in wikipedia. In: Proceedings of the ACM 2008 Conference on Computer Supported Cooperative Work, pp. 477–480 (2008)
Douceur, J.: The Sybil Attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002)
Back, A.: Hashcash – A Denial of Service Counter-Measure. Technical report (2002)
Dwork, C., Naor, M.: Pricing via Processing or Combating Junk Mail. In: Proceedings of Twelfth Annual International Cryptology Conference, pp. 139–147 (1992)
Clark, D., Wilson, D.: A comparison of commercial and military security policies. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 184–195 (1987)
Biba, K.J.: Integrity Considerations for Secure Computer Systems. Technical Report MTR-3153, The MITRE Corporation, Bedford, Massachusetts, U.S.A. (1977)
Bell, D.E., LaPadula, L.J.: Secure Computer Systems: Mathematical Foundations. Technical Report MTR-2547 (Volume I + Volume II), The MITRE Corporation (1973)
Fraser, T.: LOMAC: LowWater-Mark Integrity Protection for COTS Environments. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 230–245 (2000)
Thomas Adler, B., Chatterjee, K., de Alfaro, L., Faella, M., Pye, I., Raman, V.: Assigning Trust to Wikipedia Content. In: Proceedings of the 4th International Symposium on Wikis (WikiSym 2008), Porto, Portugal (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Jensen, C.D. (2009). Security in Wiki-Style Authoring Systems. In: Ferrari, E., Li, N., Bertino, E., Karabulut, Y. (eds) Trust Management III. IFIPTM 2009. IFIP Advances in Information and Communication Technology, vol 300. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02056-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-02056-8_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02055-1
Online ISBN: 978-3-642-02056-8
eBook Packages: Computer ScienceComputer Science (R0)