using social semantic web data for privacy policies presentation of the bachelor thesis emily kigel
Post on 19-Dec-2015
215 Views
Preview:
TRANSCRIPT
2
Overview• Motivation: Privacy on the Social Web
Why Privacy Protection? How It is Now How It could be
• Contributions
• Social Semantic Web Data for Policy Reasoning Policy-Based Access Control Policy Specification using Social Semantic Web Data
• Implementation The Policy Framework Protune Including Social Semantic Web Data into Protune SPoX- a Use Case
• Conclusions
5
Comments on
personal data
Tagged in photos
poked
chat messages received
Private message
s
Posts on the Wall
Updates in groups
Blog posts
Information Overload
6
Why Privacy Protection?
• Uncontrolled information disclosure• Personal and sensitive data• Invisible audience • Different parts of the social environment of
user dissolveEmployers, job recruiters, collegues, family,
etc.
• Information overload
9
Privacy Protection How It is Now
• Social Web applications – like islands
• No external data integration in privacy settings possible
hence, no usage of distributed (personal) Social data possible
11
Privacy ProtectionHow It could be
• Family pictures accessible by family and close friends (-> Flickr and Facebook)
• Landscape pictures additionally accessible by Flickr group „France landscape“
BobFamily.jpg Landscape.jpg
12
Contributions of this thesis
• Analysis of privacy settings of nowadays Social Web applications
• Fine-grained privacy protection: Arbitrary access control decisions based on user preferences
• Crossing boundaries of nowadays Social Web applications Exploiting Social Semantic Web data from various web information
sources
• Implementation using a policy language and integration into SPoX
14
Privacy Policy for acces control
allow(access(File, User)) isFamilyOrFriend(User),
familyPicture(File).
• Facts: isFamilyOrFriend(Tom), familyPicture(Dinner.jpg)
• Goal: allow(access(File, User))• Evaluation of goal successful/ unsuccessful ->
access allowed/ denied
15
Policy-Based Access ControlWhat are policies?
• Define behaviour of a system• Base decisions on specific conditions• Well-defined statements• Typically declarative rules • Formal syntax• Different Types:
Business rulesSecurity and privacy rules
17
Policy Specification using Social Semantic Web Data
• Extending policy specification process• Using external information sources• Incorporation of Social Semantic Web data;
Retrieving data Including and combining data for privacy policies
• Definition of social relationships and properties of requester• Conditions for access:
Information beyond one Social Web application
18
Data Sources for Policy Decisions1. Proprietary Social Web data
Social Web applications Personal information provided by user User‘s social network User- generated content Data produced through active participation
Open interfaces
2. Semantic Web data SPARQL endpoints Social Semantic Web data
FOAF profiles Exporters of Social data from Social Web applications
20
The Definition of Concepts
• Categorize people
• Create appropriate groups
• Using concepts as conditions in policies
• A concept in Protune policy:MyFriendsFromUniversity(Person)
21
Example of a Concept
isMyFriend(Person) isFriendOnFacebook(Person).
isMyFriend(Person) isFriendOnFlickr(Person).
isMyFriend(Person) isFriendOnTwitter(Person).
22
Bob‘s policy for holiday photosallow(access(Photo, User))
isTagged(Photo, `private´),familyAndCloseFriends(User).
allow(access(Photo, User)) isTagged(Photo, `France´),isMyFriend(User).
allow(access(Photo, User)) isTagged(Photo; `France´), isMemberInFlickrGroup(User, ``France Landscape
´´).
24
Protune Framework
• Automates the policy evaluation and decision process
• Communicates with environment• Enforces policies• Checks whether policy is satisfied• Permits / denies access
25
Protune Framework Architecture
Execution Handler:In charge of handling packages for
external data.packages Wrappers
Social Semantic Web data
26
ImplementationThe IN- Predicate
Using external information in policies:
isFriendOnTwitter(Person)
in([Person], twitterquery: isTwitterFriend("user_name")).
27
Including Social Semantic Web Data into Protune
• Twitter API – Social Web data
• Sparql endpoints (DBpedia, DBLP) – Semantic Web data
• FOAF files (Flickr exporter) –
Social Semantic Web data
28
SPARQL Endpoint Wrapper• Import of data in RDF format• Access via SPARQL endpoints• Processes SELECT queries• DBpedia Wrapper• DBLP Wrapper
Is requester co-author of resource provider?Example policy
isCoAuthor(Person) in([Person], dblpEndpoint: areCoAuthorsByRealName(``Won Kim´´,
``William Kelley´´)).
29
RDF Wrapper• Queries RDF files• Needs URL of FOAF profile• Example policy:
isMyFOAFfriend(Person)
in([Person], foafQuery: isPersonFriend(``John Smith´´,
``http://website.com/public/foaf.rdf´´)).
• Flickr Wrapper Uses the Flickr exporter
30
Twitter Wrapper
Queries TwitterTwitter APIProtune needs access to Twitter accountAuthentication on Twitter- OAuth
Example policy
isMyTwitterFriend(Person) in([Person],
twitterquery: isMemberOfFriendsList("user_name")).
31
SPoX- a Use Case
• Integration of Protune into SPoX
• Enforces policies upon Skype
• Incorporates Social Semantic Web data
• Privacy settings beyond boundaries of Skype
• E.g. Only Flickr and Twitter friends can call on weekends
33
Conclusion• Insufficient privacy settings of nowadays Social Web
applications• Introduction of policy-based access control• Extending policy specification with Social Semantic Web
data• Result: fine-grained privacy protection• Implementation using Protune and integration into SPoX
Thank you for your attention.
top related