Policies based privacy control mechanisms for social networking systems
-
Upload
seth-perkins -
Category
Documents
-
view
27 -
download
1
description
Transcript of Policies based privacy control mechanisms for social networking systems
![Page 1: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/1.jpg)
Policies based privacy control mechanisms for social
networking systems
Audumbar ChormaleAdvisor: Dr. Anupam Joshi
M.S. Thesis Defense
http://ebiquity.umbc.edu/
![Page 2: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/2.jpg)
2
Motivation
Increase in the user generated content on web
Rise in the online interactions and content sharing among users
More dynamic context Need to provide precise control over
the conditions under which users can share their personal information
![Page 3: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/3.jpg)
3
Problem statement
Devise better privacy mechanisms to control the information flow in social networking systems.
![Page 4: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/4.jpg)
4
Contributions
Privacy control mechanism based on policy frameworks that are rich in semantic web technologies to control information flow in social networking applications. The privacy control mechanism
Provides users of the system better control while sharing information than the state of the art systems
Combines dynamic user context, For instance, current time, current location or current activity of the user
![Page 5: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/5.jpg)
5
Introduction
Increase in the popularity of social networking systems(SNS) such as Facebook, MySpace, LiveJournal etc.
SNS allow creation of online profiles Photos, videos and favorite links
‘What’s on your mind’ or status updates
Content sharing with a huge list of friends and networks of friends
![Page 6: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/6.jpg)
6
Mobile geo-social networking systems
Availability of GPS functionality on phone devices like iPhone, HTC-G1 and network based positioning methods on internet
Social network maps friends and their locations using Maps API on the web
Content sharing relative to location and time
Privacy is an important issue with the current systems like Google latitude, Loopt, Brightkite
![Page 7: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/7.jpg)
7
Privacy issues in SNS
Privacy concerns when, how and to what extent information about someone is communicated to others
Distinguish among various peers in large network of friends
Capture continuous changes in the contextual information about users
Address privacy requirements subjective to individual
![Page 8: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/8.jpg)
8
Semantic web and policies RDF and OWL
Set of triples Precise specification of classes used by policy languages based on description logic, for which efficient reasoning
systems are available Notation3
expression of data and logic in the same language simple and consistent grammar, greater expressiveness, and
is a compact and readable alternative to RDF’s XML syntax allow rules to be integrated smoothly with RDF
Policies based on semantic web technologies can better represent user context information and privacy preferences.
![Page 9: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/9.jpg)
9
Static knowledge about user profile, and networks of friends
Knowledge about dynamic user context like current activity, location
Privacy enforcement rules
Reasoning Engine
Network
Privacy Control Framework
Content Preferences
Content Aggregator
Social Media
Policy network ontology
Database
Architectural view of the system
![Page 10: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/10.jpg)
10
Components of Privacy Framework
Policy network ontology Integrates Rein and AIR policy ontology Rein policies to provide access control and AIR
policies to provide justification to the inferences made
Policies specified using N3 rules and Turtle Reasoning engine
CWM, a forward chaining rule engine▪ Pychinko, a forward chaining rule engine, written in Python,
that implements Rete algorithm and allows for efficient processing of very large rule bases
Supports a significant subset of the math, string, time and logic built-ins
![Page 11: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/11.jpg)
11
Example of location access policy network ontology
Policy(N3)
Resource(User-
location)
Meta-Policy
Policy Language
(loc-access)
policy
policy language meta-policy
RequestRequester Credentials
Location-Access
Answer
Valid
InValid
access
requester
ans IsA
IsA
Policy Network Ontology
Request Ontology
![Page 12: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/12.jpg)
12
Policy Description
Privacy Policy follows Deny-Access approach.It specifies authorization logic. Authentication is
performed separately in the system. What information user is willing to share
Location information with accuracy level With whom
Friends Group of friends
Under what conditions Day and time of the week Location of the user, specifying the area in which user
can be seen Accuracy level of the location information
![Page 13: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/13.jpg)
13
Example Policies
Example policies can be : Share my location with teachers on weekdays
only if I am in the university campus and only between 9 am and 6 pm
Share exact location with members of family group all the time, in all locations
Do not share my location if user is at any of the sensitive locations
Do not share my activity status with teachers on weekends
Share my activity status with only close friends
![Page 14: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/14.jpg)
14
Example Policies Contd.
Example of location access control policy: Share my location with teachers on weekdays only if I am in the university campus and only between 9 am and 6 pm
![Page 15: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/15.jpg)
15
Example Policies Contd.
Example of location access control policy: Share exact location with membersof family group all the time, in all locations
![Page 16: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/16.jpg)
16
Example Policies Contd.
Example of location access control policy: Do not share my location if user is at any of the sensitive locations
![Page 17: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/17.jpg)
17
Example Policies Contd.
Example of activity access control policy: Do not share my activity status with teachers on weekends
![Page 18: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/18.jpg)
18
Example Policies Contd.
Example of activity access control policy: Do not share my location if user is at any of the sensitive locations
![Page 19: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/19.jpg)
19
Accountability
Example of Accountability Policy: Checks the compliance of location request with user's policy
![Page 20: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/20.jpg)
20
Policy Execution
User shares her protected resources and defines the privacy preferences
System follows pull mechanism. All the different types of information sharing activities among participants are established by the privacy control module in the system.
Whenever any participant makes a query, it is sent to the privacy control module which in turn processes the query by reasoning over the policy networks associated with the resource, and returns the valid answer to the query.
Generalization is applied for the valid answers.
![Page 21: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/21.jpg)
21
Steps involved in processing a query
Query
Form request and Assert required information
Authenticate Requester
Fetch knowledge about user
Execute Reasoning Engine
Apply generalization
Result
Assert Authorization Result
Figure 3. Steps involved in query processing
![Page 22: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/22.jpg)
22
Implementation details
Client device is location aware device like GPS enabled phones or wi-fi enabled laptops
Google maps to plot user and her friends User interface to define privacy preferences Connects with Facebook accounts to fetch
profile information and find networks of friends
Creates and stores policy ontology in persistent memory and reloads when required by reasoning engine
![Page 23: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/23.jpg)
23
Implementation details
![Page 24: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/24.jpg)
24
Implementation details
Privacy Configuration User Interface
![Page 25: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/25.jpg)
25
Results
Summary of features of our system and their comparison with the state of theart systems
![Page 26: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/26.jpg)
26
Performance
Timing characteristics of various privacy rules with CWM and Pychinko. Policy1(location sharing rule with Math and time builtins), Policy 2 (activity sharing rule with Math and time builtins), Policy 3 (activity sharing without any builtins), Policy 4 (location sharing
without any builtins). All timings shown are in milliseconds.
![Page 27: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/27.jpg)
27
Conclusion and future work We have described the system architecture
of the policy based system and its various components and discussed implementation considerations. We demonstrated few examples of the policy that state of the art system does not support.
Future Work: Improve scalability Evaluate the utility Predicting user privacy preferences
![Page 28: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/28.jpg)
28
Contributions
Privacy control mechanism based on policy frameworks that are rich in semantic web technologies to control information flow in social networking applications. The privacy control mechanism
Provides users of the system better control while sharing information than the state of the art systems
Combines dynamic user context, For instance, current time, current location or current activity of the user
![Page 29: Policies based privacy control mechanisms for social networking systems](https://reader035.fdocuments.net/reader035/viewer/2022070401/56813663550346895d9df181/html5/thumbnails/29.jpg)
29
Thank you