Secure Wiki System - A plugin-based solution to wiki security

Kasper Lindberg

AbstractWiki systems have become an important tool for knowledge sharing among people. From the small wikis for knowledge sharing in organizations to the larger project-related wikis on the Internet. In addition, Wikipedia, which is in a class of its own when it comes to size, has managed to collect an impressive amount of information based solely on the cooperation between strangers from around the world. Any open wiki, with a user-community so large that members of the community have a certain degree of anonymity, suffer from the effects of directed and random vandalism. This vandalism is a problem because it reduces the trustworthiness of the content provided by the wiki system. The secure wiki model is an integrity model that has been proposed to help prevent vandalism and improve the trustworthiness of articles in wiki system. This model is based on both static and dynamic document access controls, which enforce a simple integrity based security policy. This thesis improves this model by proposing a new policy for use with the model. The proposed policy is evaluated and compared to the original policy. The evaluation shows that the new policy is highly configurable and can be configured in such a way that it requires significantly less reviewers than the original policy, which can benefit small systems with a low number of users. An implementation of a base wiki system have been created, which on its own equals any other wiki in terms of its vulnerability to vandalism. In addition to this, an implementation of the secure wiki model has also been created. The implementation is made as a plugin to the base wiki system and adds an integrity model to the existing soft-security model that is used by the base system and other wiki implementations. The integrity model provides harder security guarantees and limits the ability of attackers to compromise the integrity of wiki articles, without compromising the all can edit policy of open wiki systems.
TypeMaster's thesis [Academic thesis]
Year2012
PublisherTechnical University of Denmark, DTU Informatics, E-mail: reception@imm.dtu.dk
AddressAsmussens Alle, Building 305, DK-2800 Kgs. Lyngby, Denmark
SeriesIMM-M.Sc.-2012-28
NoteSupervised by Associate Professor Christian Damsgaard Jensen, cdj@imm.dtu.dk, DTU Informatics
Electronic version(s)[pdf]
Publication linkhttp://www.imm.dtu.dk/English.aspx
BibTeX data [bibtex]
IMM Group(s)Computer Science & Engineering