Document and Author Promotion Strategies in the Secure Wiki Model
Wiki systems form a subclass of the more general Open Collaborative Authoring Systems, where content is created by a user community. The ability of anyone to edit the content is, at the same time, their strength and their weakness. Anyone can write documents that improve the value of the wiki-system, but this also means that anyone can introduce errors into documents, either by accident or on purpose.
A security model for wiki-style authoring systems, called the Secure Wiki Model, has previously been proposed to address this problem. This model is designed to prevent corruption of good quality documents, by limiting updates, to such documents, to users who have demonstrated their ability to produce documents of similar or better quality. While this security model prevents all user from editing all documents, it does respect the wiki philosophy by allowing any author who has produced documents of a certain quality to edit all other documents of similar or poorer quality. Moreover, authors who consistently produce top quality documents will eventually be allowed to edit all documents in the wiki.
Collaborative filtering is used to evaluate the quality of documents that an author has contributed to the system, thus determining what other documents that the author can edit. This collaborative filtering mechanism, determines the promotion and demotion of documents and authors in the Secure Wiki Model. The original Secure Wiki Model only considers explicit promotion and demotion of documents, authors are implicitly promoted/demoted depending on the promotion/demotion of the documents that they contribute. In this paper, we revisit the question of promotion of documents and authors and propose a new security policy with explicit promotion of authors. This policy also incorporates a new collaborative filtering mechanism with a higher degree of parametrisation, so that the new policy can be adapted to the specific needs of a particular wiki.
KeywordsSecurity Policy Security Model Integrity Level Access Control Mechanism Sybil Attack
- 1.Biba, K.J.: Integrity considerations for secure computer systems. Technical Report MTR-3153, The MITRE Corporation, Bedford, Massachusetts, U.S.A. (1977)Google Scholar
- 2.Douceur, J.R.: The Sybil Attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002), http://portal.acm.org/citation.cfm?id=646334.687813 CrossRefGoogle Scholar
- 4.Sander, P.: Sikkerhed i wiki-lignende systemer. Master’s thesis, Technical University of Denmark, Department of Informatics & Mapthematical Modelling (2009) (in Danish)Google Scholar
- 5.Weissman, C.: Security controls in the adept-50 time-sharing system. In: Proceedings of the Fall Joint Computer Conference, Las Vegas, Nevada, U.S.A., November 18-20, pp. 119–133 (1969)Google Scholar