Title: Policies based privacy control mechanisms for social networking systems
1Policies based privacy control mechanisms for
social networking systems
- Audumbar Chormale
- Advisor Dr. Anupam Joshi
- M.S. Thesis Defense
http//ebiquity.umbc.edu/
2Motivation
- Increase in the user generated content on web
- Rise in the online interactions and content
sharing among users - More dynamic context
- Need to provide precise control over the
conditions under which users can share their
personal information
3Problem statement
- Devise better privacy mechanisms to control the
information flow in social networking systems.
4Contributions
- Privacy control mechanism based on policy
frameworks that are rich in semantic web
technologies to control information flow in
social networking applications. The privacy
control mechanism - Provides users of the system better control
while sharing information than the state of the
art systems - Combines dynamic user context, For instance,
current time, current location or current
activity of the user
5Introduction
- Increase in the popularity of social networking
systems(SNS) such as Facebook, MySpace,
LiveJournal etc. - SNS allow creation of online profiles
- Photos, videos and favorite links
- Whats on your mind or status updates
- Content sharing with a huge list of friends and
networks of friends
6Mobile geo-social networking systems
- Availability of GPS functionality on phone
devices like iPhone, HTC-G1 and network based
positioning methods on internet - Social network maps friends and their locations
using Maps API on the web - Content sharing relative to location and time
- Privacy is an important issue with the current
systems like Google latitude, Loopt, Brightkite
7Privacy issues in SNS
- Privacy concerns when, how and to what extent
information about someone is communicated to
others - Distinguish among various peers in large network
of friends - Capture continuous changes in the contextual
information about users - Address privacy requirements subjective to
individual
8Semantic web and policies
- RDF and OWL
- Set of triples
- Precise specification of classes used by policy
languages - based on description logic, for which efficient
reasoning systems are available - Notation3
- expression of data and logic in the same language
- simple and consistent grammar, greater
expressiveness, and is a compact and readable
alternative to RDFs XML syntax - allow rules to be integrated smoothly with RDF
- Policies based on semantic web technologies can
better represent user context information and
privacy preferences. -
9Architectural view of the system
10Components of Privacy Framework
- Policy network ontology
- Integrates Rein and AIR policy ontology
- Rein policies to provide access control and AIR
policies to provide justification to the
inferences made - Policies specified using N3 rules and Turtle
- Reasoning engine
- CWM, a forward chaining rule engine
- Pychinko, a forward chaining rule engine, written
in Python, that implements Rete algorithm and
allows for efficient processing of very large
rule bases - Supports a significant subset of theĀ math,
string, time and logic built-ins
11Example of location access policy network ontology
Policy(N3)
Meta-Policy
policy language
policy
meta-policy
Policy Network Ontology
Resource (User-location)
Policy Language (loc-access)
Location-Access
access
Request Ontology
Request
Requester Credentials
requester
Valid
IsA
ans
Answer
IsA
InValid
12Policy Description
- Privacy Policy follows Deny-Access approach.
- It specifies authorization logic. Authentication
is performed separately in the system. - What information user is willing to share
- Location information with accuracy level
- With whom
- Friends
- Group of friends
- Under what conditions
- Day and time of the week
- Location of the user, specifying the area in
which user can be seen - Accuracy level of the location information
13Example Policies
- Example policies can be
- Share my location with teachers on weekdays only
if I am in the university campus and only between
9 am and 6 pm - Share exact location with members of family group
all the time, in all locations - Do not share my location if user is at any of the
sensitive locations - Do not share my activity status with teachers on
weekends - Share my activity status with only close friendsĀ
14Example Policies Contd.
- Example of location access control policy Share
my location with teachers on weekdays only if I
am in the university campus and only between 9 am
and 6 pm
15Example Policies Contd.
- Example of location access control policy Share
exact location with members - of family group all the time, in all locations
16Example Policies Contd.
Example of location access control policy Do not
share my location if user is at any of the
sensitive locations
17Example Policies Contd.
Example of activity access control policy Do not
share my activity status with teachers on weekends
18Example Policies Contd.
Example of activity access control policy Do not
share my location if user is at any of the
sensitive locations
19Accountability
Example of Accountability Policy Checks the
compliance of location request with user's policy
20Policy Execution
- User shares her protected resources and defines
the privacy preferences - System follows pull mechanism. All the different
types of information sharing activities among
participants are established by the privacy
control module in the system. - Whenever any participant makes a query, it is
sent to the privacy control module which in turn
processes the query by reasoning over the policy
networks associated with the resource, and
returns the valid answer to the query. - Generalization is applied for the valid answers.
21Steps involved in processing a query
22Implementation details
- Client device is location aware device like GPS
enabled phones or wi-fi enabled laptops - Google maps to plot user and her friends
- User interface to define privacy preferences
- Connects with Facebook accounts to fetch profile
information and find networks of friends - Creates and stores policy ontology in persistent
memory and reloads when required by reasoning
engine
23Implementation details
24Implementation details
- Privacy Configuration User Interface
25Results
- Summary of features of our system and their
comparison with the state of the - art systems
26Performance
- Timing characteristics of various privacy rules
with CWM and Pychinko. - Policy1(location sharing rule with Math and time
builtins), - Policy 2 (activity sharing rule with Math and
time builtins), - Policy 3 (activity sharing without any builtins),
Policy 4 (location sharing without any builtins).
- All timings shown are in milliseconds.
27Conclusion and future work
- We have described the system architecture of the
policy based system and its various components
and discussed implementation considerations. We
demonstrated few examples of the policy that
state of the art system does not support. - Future Work
- Improve scalability
- Evaluate the utility
- Predicting user privacy preferences
28Contributions
- Privacy control mechanism based on policy
frameworks that are rich in semantic web
technologies to control information flow in
social networking applications. The privacy
control mechanism - Provides users of the system better control
while sharing information than the state of the
art systems - Combines dynamic user context, For instance,
current time, current location or current
activity of the user
29