1 / 33

Using Social Semantic Web Data for Privacy Policies

Using Social Semantic Web Data for Privacy Policies. Presentation of the Bachelor Thesis Emily Kigel. Overview . Motivation: Privacy on the Social Web Why Privacy Protection? How It is Now How It could be Contributions Social Semantic Web Data for Policy Reasoning

vanig
Download Presentation

Using Social Semantic Web Data for Privacy Policies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using Social Semantic Web Data for Privacy Policies Presentation of the Bachelor Thesis Emily Kigel

  2. Overview • Motivation: Privacy on the Social Web • Why Privacy Protection? • How It is Now • How It could be • Contributions • Social Semantic Web Data for Policy Reasoning • Policy-Based Access Control • Policy Specification using Social Semantic Web Data • Implementation • The Policy Framework Protune • Including Social Semantic Web Data into Protune • SPoX- a Use Case • Conclusions

  3. Social WebWhy Privacy Protection?

  4. Unintended Dislosure

  5. Information Overload chat messages received poked Private messages Posts on the Wall Comments on personal data Tagged in photos Updates in groups Blog posts

  6. Why Privacy Protection? • Uncontrolled information disclosure • Personal and sensitive data • Invisible audience • Different parts of the social environment of user dissolve • Employers, job recruiters, collegues, family, etc. • Information overload

  7. Privacy ProtectionHow It is Now

  8. Privacy Protection How It is Now • Checkboxes • Pre-defined • Static • Binary options

  9. Privacy ProtectionHow It is Now • Social Web applications – like islands • No external data integration in privacy settings possible •  hence, no usage of distributed (personal) Social data possible

  10. Privacy Protection How It could be

  11. Family.jpg Bob Landscape.jpg Privacy ProtectionHow It could be • Family pictures accessible by family and close friends (-> Flickr and Facebook) • Landscape pictures additionally accessible by Flickr group „France landscape“

  12. Contributions of this thesis • Analysis of privacy settings of nowadays Social Web applications • Fine-grained privacy protection: • Arbitrary access control decisions based on user preferences • Crossing boundaries of nowadays Social Web applications • Exploiting Social Semantic Web data from various web information sources • Implementation using a policy language and integration into SPoX

  13. Policy-Based Access Control

  14. Privacy Policy for acces control • allow(access(File, User))  isFamilyOrFriend(User), • familyPicture(File). • Facts: isFamilyOrFriend(Tom), familyPicture(Dinner.jpg) • Goal: allow(access(File, User)) • Evaluation of goal successful/ unsuccessful -> • access allowed/ denied

  15. Policy-Based Access ControlWhat are policies? • Define behaviour of a system • Base decisions on specific conditions • Well-defined statements • Typically declarative rules • Formal syntax • Different Types: • Business rules • Security and privacy rules

  16. Policy Specification using Social Semantic Web Data

  17. Policy Specification using Social Semantic Web Data • Extending policy specification process • Using external information sources • Incorporation of Social Semantic Web data; • Retrieving data • Including and combining data for privacy policies • Definition of social relationships and properties of requester • Conditions for access: • Information beyond one Social Web application

  18. Data Sources for Policy Decisions • 1. Proprietary Social Web data • Social Web applications • Personal information provided by user • User‘s social network • User- generated content • Data produced through active participation • Open interfaces • 2. Semantic Web data • SPARQL endpoints • Social Semantic Web data • FOAF profiles • Exporters of Social data from Social Web applications

  19. The Definition of Concepts

  20. The Definition of Concepts • Categorize people • Create appropriate groups • Using concepts as conditions in policies • A concept in Protune policy: MyFriendsFromUniversity(Person)

  21. Example of a Concept • isMyFriend(Person)  isFriendOnFacebook(Person). • isMyFriend(Person)  isFriendOnFlickr(Person). • isMyFriend(Person)  isFriendOnTwitter(Person).

  22. Bob‘s policy for holiday photos • allow(access(Photo, User))  • isTagged(Photo, `private´), • familyAndCloseFriends(User). • allow(access(Photo, User))  • isTagged(Photo, `France´), • isMyFriend(User). • allow(access(Photo, User))  • isTagged(Photo; `France´), • isMemberInFlickrGroup(User, ``France Landscape´´).

  23. Implementation The Policy Framework Protune

  24. Protune Framework • Automates the policy evaluation and decision process • Communicates with environment • Enforces policies • Checks whether policy is satisfied • Permits / denies access

  25. Protune Framework Architecture Execution Handler: In charge of handling packages for external data. packages  Wrappers Social Semantic Web data

  26. ImplementationThe IN- Predicate • Using external information in policies: • isFriendOnTwitter(Person)  • in([Person], twitterquery: isTwitterFriend("user_name")).

  27. Including Social Semantic Web Data into Protune • Twitter API – Social Web data • Sparql endpoints (DBpedia, DBLP) – Semantic Web data • FOAF files (Flickr exporter) – • Social Semantic Web data

  28. SPARQL Endpoint Wrapper • Import of data in RDF format • Access via SPARQL endpoints • Processes SELECT queries • DBpedia Wrapper • DBLP Wrapper • Is requester co-author of resource provider? • Example policy isCoAuthor(Person) in([Person], dblpEndpoint: areCoAuthorsByRealName(``Won Kim´´, ``William Kelley´´)).

  29. RDF Wrapper • Queries RDF files • Needs URL of FOAF profile • Example policy: • isMyFOAFfriend(Person)  • in([Person], foafQuery: isPersonFriend(``John Smith´´, • ``http://website.com/public/foaf.rdf´´)). • Flickr Wrapper • Uses the Flickr exporter

  30. Twitter Wrapper • Queries Twitter • Twitter API • Protune needs access to Twitter account • Authentication on Twitter- OAuth • Example policy isMyTwitterFriend(Person)  in([Person], twitterquery: isMemberOfFriendsList("user_name")).

  31. SPoX- a Use Case • Integration of Protune into SPoX • Enforces policies upon Skype • Incorporates Social Semantic Web data • Privacy settings beyond boundaries of Skype • E.g. Only Flickr and Twitter friends can call on weekends

  32. SPoX- a Use Case

  33. Conclusion • Insufficient privacy settings of nowadays Social Web applications • Introduction of policy-based access control • Extending policy specification with Social Semantic Web data • Result: fine-grained privacy protection • Implementation using Protune and integration into SPoX • Thank you for your attention.

More Related