330 likes | 479 Views
Using Social Semantic Web Data for Privacy Policies. Presentation of the Bachelor Thesis Emily Kigel. Overview . Motivation: Privacy on the Social Web Why Privacy Protection? How It is Now How It could be Contributions Social Semantic Web Data for Policy Reasoning
E N D
Using Social Semantic Web Data for Privacy Policies Presentation of the Bachelor Thesis Emily Kigel
Overview • Motivation: Privacy on the Social Web • Why Privacy Protection? • How It is Now • How It could be • Contributions • Social Semantic Web Data for Policy Reasoning • Policy-Based Access Control • Policy Specification using Social Semantic Web Data • Implementation • The Policy Framework Protune • Including Social Semantic Web Data into Protune • SPoX- a Use Case • Conclusions
Information Overload chat messages received poked Private messages Posts on the Wall Comments on personal data Tagged in photos Updates in groups Blog posts
Why Privacy Protection? • Uncontrolled information disclosure • Personal and sensitive data • Invisible audience • Different parts of the social environment of user dissolve • Employers, job recruiters, collegues, family, etc. • Information overload
Privacy Protection How It is Now • Checkboxes • Pre-defined • Static • Binary options
Privacy ProtectionHow It is Now • Social Web applications – like islands • No external data integration in privacy settings possible • hence, no usage of distributed (personal) Social data possible
Family.jpg Bob Landscape.jpg Privacy ProtectionHow It could be • Family pictures accessible by family and close friends (-> Flickr and Facebook) • Landscape pictures additionally accessible by Flickr group „France landscape“
Contributions of this thesis • Analysis of privacy settings of nowadays Social Web applications • Fine-grained privacy protection: • Arbitrary access control decisions based on user preferences • Crossing boundaries of nowadays Social Web applications • Exploiting Social Semantic Web data from various web information sources • Implementation using a policy language and integration into SPoX
Privacy Policy for acces control • allow(access(File, User)) isFamilyOrFriend(User), • familyPicture(File). • Facts: isFamilyOrFriend(Tom), familyPicture(Dinner.jpg) • Goal: allow(access(File, User)) • Evaluation of goal successful/ unsuccessful -> • access allowed/ denied
Policy-Based Access ControlWhat are policies? • Define behaviour of a system • Base decisions on specific conditions • Well-defined statements • Typically declarative rules • Formal syntax • Different Types: • Business rules • Security and privacy rules
Policy Specification using Social Semantic Web Data • Extending policy specification process • Using external information sources • Incorporation of Social Semantic Web data; • Retrieving data • Including and combining data for privacy policies • Definition of social relationships and properties of requester • Conditions for access: • Information beyond one Social Web application
Data Sources for Policy Decisions • 1. Proprietary Social Web data • Social Web applications • Personal information provided by user • User‘s social network • User- generated content • Data produced through active participation • Open interfaces • 2. Semantic Web data • SPARQL endpoints • Social Semantic Web data • FOAF profiles • Exporters of Social data from Social Web applications
The Definition of Concepts • Categorize people • Create appropriate groups • Using concepts as conditions in policies • A concept in Protune policy: MyFriendsFromUniversity(Person)
Example of a Concept • isMyFriend(Person) isFriendOnFacebook(Person). • isMyFriend(Person) isFriendOnFlickr(Person). • isMyFriend(Person) isFriendOnTwitter(Person).
Bob‘s policy for holiday photos • allow(access(Photo, User)) • isTagged(Photo, `private´), • familyAndCloseFriends(User). • allow(access(Photo, User)) • isTagged(Photo, `France´), • isMyFriend(User). • allow(access(Photo, User)) • isTagged(Photo; `France´), • isMemberInFlickrGroup(User, ``France Landscape´´).
Protune Framework • Automates the policy evaluation and decision process • Communicates with environment • Enforces policies • Checks whether policy is satisfied • Permits / denies access
Protune Framework Architecture Execution Handler: In charge of handling packages for external data. packages Wrappers Social Semantic Web data
ImplementationThe IN- Predicate • Using external information in policies: • isFriendOnTwitter(Person) • in([Person], twitterquery: isTwitterFriend("user_name")).
Including Social Semantic Web Data into Protune • Twitter API – Social Web data • Sparql endpoints (DBpedia, DBLP) – Semantic Web data • FOAF files (Flickr exporter) – • Social Semantic Web data
SPARQL Endpoint Wrapper • Import of data in RDF format • Access via SPARQL endpoints • Processes SELECT queries • DBpedia Wrapper • DBLP Wrapper • Is requester co-author of resource provider? • Example policy isCoAuthor(Person) in([Person], dblpEndpoint: areCoAuthorsByRealName(``Won Kim´´, ``William Kelley´´)).
RDF Wrapper • Queries RDF files • Needs URL of FOAF profile • Example policy: • isMyFOAFfriend(Person) • in([Person], foafQuery: isPersonFriend(``John Smith´´, • ``http://website.com/public/foaf.rdf´´)). • Flickr Wrapper • Uses the Flickr exporter
Twitter Wrapper • Queries Twitter • Twitter API • Protune needs access to Twitter account • Authentication on Twitter- OAuth • Example policy isMyTwitterFriend(Person) in([Person], twitterquery: isMemberOfFriendsList("user_name")).
SPoX- a Use Case • Integration of Protune into SPoX • Enforces policies upon Skype • Incorporates Social Semantic Web data • Privacy settings beyond boundaries of Skype • E.g. Only Flickr and Twitter friends can call on weekends
Conclusion • Insufficient privacy settings of nowadays Social Web applications • Introduction of policy-based access control • Extending policy specification with Social Semantic Web data • Result: fine-grained privacy protection • Implementation using Protune and integration into SPoX • Thank you for your attention.