Problem: an attacker obtains the credentials used by a user to login to their SAFE Network data. There are many malicious actions that could be performed that involve accessing the data either browsing it for sensitive nuggets, or downloading it en mass, but these all involve the attacker gaining a copy of some part of the data. Deletion/corruption is ineffective because MaidSafe never actually deletes and keeps each version of a file, so data could be undeleted/rolled back.
I can imagine two ways of dealing with this, which can ultimately be combined:
- Within the users data, but read/written only by the node they login with, SAFE maintains usage profile for how the user accesses private data (such as how often, times of day, duration, where from etc). Independent of this, the network maintains a population of attacker profiles, which are optimised and added to based on ?user feedback? While the user is active, his node and it’s near neighbours compare his usage with his profile, and with the library of attacker profiles. As the likelihood of an attack increases, SAFE escalates through defensive measures such as challenges to the user (e.g. passwords, memorable data, and two factor authorisation), imposing access restrictions to all or part of the user’s data, or limits on the rate of data access (to inhibit the effectiveness of search or mass copying), and raising alarms to alert the legitimate user.
I think we should create a system which does not rely on user configuration, and which can adapt as attack profiles develop. We may or may not give users some way to override defaults, either to strengthen or weaken them, or to broaden or narrow their scope.
- Granularity of security, where the user has in advance indicated the level of security to be applied to data stored according to: a) which app saved it, b) which app has accessed it, c) which folder it resides in, d) file size, type (extension), names etc. e) time since last read/written and so on.
The Malicious Applications topic discusses
providing app related granularity of data access - to prevent a rogue app from gaining access to data of other apps used by the same user. Clearly any measures used to combat that specific attack overlap with the more general cases I’m targeting here.