Copyright ©2001-2004 Norman Sadeh Semantic Web Technologies to Reconcile Privacy and Context...
-
date post
22-Dec-2015 -
Category
Documents
-
view
214 -
download
0
Transcript of Copyright ©2001-2004 Norman Sadeh Semantic Web Technologies to Reconcile Privacy and Context...
Copyright ©2001-2004 Norman Sadeh
Semantic Web Technologies to Reconcile Privacy and Context
Awareness
Norman M. SadehNorman M. SadehISRI- School of Computer ScienceISRI- School of Computer Science
Carnegie Mellon UniversityCarnegie Mellon UniversityPittsburgh, PA - USAPittsburgh, PA - USA
Copyright ©2001-2004 Norman Sadeh
Mobility Challenge
Can no longer assume the user’s undivided Can no longer assume the user’s undivided attentionattention
Time criticalTime critical nature of many tasks nature of many tasks Limited input/outputLimited input/output functionality functionality
Copyright ©2001-2004 Norman Sadeh
Context Awareness
……All this argues for:All this argues for:Higher levels of automationContext awareness…True also in fixed Internet scenarios
Copyright ©2001-2004 Norman Sadeh
Sources of Contextual Information A user’s context information is distributed across a A user’s context information is distributed across a
number of disparate resourcesnumber of disparate resources CalendarCalendar Location trackingLocation tracking Address bookAddress book Buddy listsBuddy lists WeatherWeather
Available resources vary from one user to anotherAvailable resources vary from one user to another ……and over timeand over time
e.g. roaming across different networkse.g. roaming across different networks
Copyright ©2001-2004 Norman Sadeh
Vision A A growing collection of context-aware agentsgrowing collection of context-aware agents that that
users can buy or subscribe tousers can buy or subscribe to
Personal resources modeled as Personal resources modeled as Semantic Web Semantic Web
servicesservices
Service profile Service profile
Each user has a Each user has a Semantic eWalletSemantic eWallet
Automated identification and access Automated identification and access of a user’s of a user’s
personal resources subject topersonal resources subject to privacy preferences privacy preferences
Copyright ©2001-2004 Norman Sadeh
Semantic Web Approach Ontologies to explicitly represent and reason about:Ontologies to explicitly represent and reason about:
Personal/Contextual ResourcesPersonal/Contextual Resources Location tracking, calendar, organizational Location tracking, calendar, organizational
resources, messaging resources, preferences, etc.resources, messaging resources, preferences, etc. Contextual attributesContextual attributes
e.g. location, calendar activities, social or e.g. location, calendar activities, social or organizational context, etc.organizational context, etc.
PreferencesPreferences, incl. privacy preferences:, incl. privacy preferences: Access control preferencesAccess control preferences ““Obfuscation” rulesObfuscation” rules
Web servicesWeb services Automated service identification and accessAutomated service identification and access
Copyright ©2001-2004 Norman Sadeh
Personal Resource Ontology: An Example
PersonalResource
Activity Information
Resource
LocationInformation
ResourceList of Friends
Sprint PCSLocation Tracking
CMU LocationTracking
Microsoft OutlookCalendar
IS-A
INSTANCE
Copyright ©2001-2004 Norman Sadeh
MyCampus Project
MotivationMotivation:: Campus as “everyday life microcosm”Campus as “everyday life microcosm”
ObjectiveObjective:: Enhance campus life through context-aware services Enhance campus life through context-aware services
accessible over the WLANaccessible over the WLAN Methodology:Methodology:
Involve stakeholders in the designInvolve stakeholders in the designStudents and other members of the communityStudents and other members of the community
Evaluate and extrapolate to other environmentsEvaluate and extrapolate to other environmentsMobile Commerce, Mobile Enterprise, etc.Mobile Commerce, Mobile Enterprise, etc.
Copyright ©2001-2004 Norman Sadeh
Overall Architecture
Wireless LAN
Wireless LAN
Calendar
Location Tracking
Internet and Intranet Semantic
Web-enabled Services
Internet and Intranet Semantic
Web-enabled Services
Task-SpecificAgents
e-Wallet
User’s Personal Environment
Social Context
Preferences
Semantic Web-enabled
Context Resources
Personal ResourceDirectory
(incl. Privacy Pref.)
Personal Resource Ontologies
Contextual Ontologies
PersonalPreference Ontologies
Service Ontologies
Semantic WebService Directory
Copyright ©2001-2004 Norman Sadeh
Semantic eWallet Context-independent knowledgeContext-independent knowledge
Name, email address, context-independent preferencesName, email address, context-independent preferences Context-dependent knowledgeContext-dependent knowledge
““When driving, I don’t want to receive instant messages”When driving, I don’t want to receive instant messages” Service invocation rulesService invocation rules
Automated service identification and accessAutomated service identification and access Map contextual attributes onto different resources Map contextual attributes onto different resources
(personal and public)(personal and public) Privacy rulesPrivacy rules
Access control rulesAccess control rules ““Only my classmates can see my location”Only my classmates can see my location”
Obfuscation rulesObfuscation rules ““My classmates can only see the building I am in but My classmates can only see the building I am in but
not the actual room”not the actual room”
Copyright ©2001-2004 Norman Sadeh
Location Tracking as Web Service
Location Trackingas a Web Service
Copyright ©2001-2004 Norman Sadeh
e-e-
Asserting elementary needs for authorized information
Pre-check access rights
Post-checkaccess rights
Fetch usefulstatic knowledge
Application ofobfuscation rules
Query contextassertionQuery
Assertion ofauthorized knowledge
Result
Call relevant external services
Example : Example : Query from John inquiring about Mary’s locationQuery from John inquiring about Mary’s location the sender of the query is Johnthe sender of the query is John John’s query requires accessing Mary’s locationJohn’s query requires accessing Mary’s location
1.1.Is John allowed to see Mary’s location given what we know Is John allowed to see Mary’s location given what we know about the context of the query?about the context of the query?
2.2.Mary said she only allows colleagues to see her location when Mary said she only allows colleagues to see her location when she is on campusshe is on campus
3.3.John is a colleague of MaryJohn is a colleague of Mary Access location tracking functionality or Mary’s calendarAccess location tracking functionality or Mary’s calendar Is Mary on campus?Is Mary on campus? Mary is willing to disclose the building but not the room she is Mary is willing to disclose the building but not the room she is
inin Mary is in Smith HallMary is in Smith Hall
Copyright ©2001-2004 Norman Sadeh
FIP
A A
CL
messages an
d O
WL
C
onten
t
JADE platform
User InteractionAgent
Directory FacilitatorAgent (FIPA)
Agent ManagementAgent (FIPA)
e-Wallet Manager Agent
Ontologist Agent
Task-Specific Agents
Copyright ©2001-2004 Norman Sadeh
Directory FacilitatorAgent (FIPA)
Agent ManagementAgent (FIPA)
FIP
A A
CL
messages an
d O
WL
C
onten
tUser InteractionAgent
HTTP Request
e-Wallet Manager Agent
Ontologist Agent
Task-Specific Agents JADE platform
Copyright ©2001-2004 Norman Sadeh
privacy
query
answer
Design of an e-Wallet Three-layer architecture: Three-layer architecture: security through security through
typingtyping Core knowledgeCore knowledge: User static & context-: User static & context-
sensitive knowledgesensitive knowledge Service LayerService Layer: Automatic identification : Automatic identification
and invocation of external sourcesand invocation of external sourcesof knowledge (e.g. public web services of knowledge (e.g. public web services and and personal resources)and and personal resources)
Privacy layerPrivacy layer: Enforces privacy rules: Enforces privacy rulesaccess control & obfuscation access control & obfuscation
All facts represented in OWLAll facts represented in OWL Backward chaining Backward chaining migration rulesmigration rules: privacy : privacy
rules, service rules, static migration rulesrules, service rules, static migration rules
service
CoreKnow-ledge
Copyright ©2001-2004 Norman Sadeh
privacy
query
answer
e-e-
Design of an e-Wallet Three-layer architecture: Three-layer architecture: security through security through
typingtyping Core knowledgeCore knowledge: user static & context-: user static & context-
sensitive knowledgesensitive knowledge Service LayerService Layer: automatic identification : automatic identification
and invocation of personal and public and invocation of personal and public semantic web servicessemantic web services
Privacy layerPrivacy layer: enforces privacy rules: enforces privacy rules access control obfuscation rulesaccess control obfuscation rules
Asserting elementary needs for authorized information
Pre-check access rights
Post-checkaccess rights
Fetch usefulstatic knowledge
Application ofobfuscation rules
Query contextassertionQuery
Assertion ofauthorized knowledge
Result
Call relevant external services
service
CoreKnow-ledge
Copyright ©2001-2004 Norman Sadeh
Implementation DetailsOWL
Meta-modelin CLIPS
OWLMeta-model
in CLIPS
Ontologyin OWL
Ontologyin OWL
Annotationin OWL
Annotationin OWL
Rulein (R)OWL
Rulein (R)OWL
Servicesin (W)OWLServices
in (W)OWL
Privacyin (S)OWL
Privacyin (S)OWL
Queryin (Q)OWL
Queryin (Q)OWL
OntologystylesheetOntologystylesheet
&
AnnotationstylesheetAnnotationstylesheet
&
Rulestylesheet
Rulestylesheet
&
Servicestylesheet
Servicestylesheet
&
Privacystylesheet
Privacystylesheet
&
Querystylesheet
Querystylesheet
&
Ontologyin CLIPSOntologyin CLIPS
Annotationin CLIPS
Annotationin CLIPS
Rulein CLIPS
Rulein CLIPS
Service rulein CLIPS
Service rulein CLIPS
Privacy rulein CLIPS
Privacy rulein CLIPS
Query rulesin CLIPS
Query rulesin CLIPS
XSLT Engine
Resultin OWLResultin OWL
JESS
Copyright ©2001-2004 Norman Sadeh
Visualizing & Editing Preferences
Visualizing & editing a privacy rule
Copyright ©2001-2004 Norman Sadeh
Obfuscation Example User location finderUser location finder
City block level City level level
Copyright ©2001-2004 Norman Sadeh
Empirical Evaluation Initial prototype working on Carnegie Mellon’s campusInitial prototype working on Carnegie Mellon’s campus
Restaurant concierge agent, message filtering agent, Restaurant concierge agent, message filtering agent, etc.etc.
Integration with calendar, location tracking, user Integration with calendar, location tracking, user profile, etc.profile, etc.
EvaluationEvaluation Context awareness adds valueContext awareness adds value Requires access to a broad range of resources/attributesRequires access to a broad range of resources/attributes Privacy concerns have to be addressedPrivacy concerns have to be addressed
Additional validation on context-aware enterprise and Additional validation on context-aware enterprise and DoD applicationsDoD applications
Copyright ©2001-2004 Norman Sadeh
Concluding Remarks Context awareness helps overcome the limitations of mobile Context awareness helps overcome the limitations of mobile
devices and the time criticality of mobile scenariosdevices and the time criticality of mobile scenarios Context awareness makes privacy even more criticalContext awareness makes privacy even more critical Our experiments indicate that user preferences are often complexOur experiments indicate that user preferences are often complex
Incl. context-sensitive preferencesIncl. context-sensitive preferences Capturing these preferences is far from trivialCapturing these preferences is far from trivial
Default profiles, learning, dialogs, Default profiles, learning, dialogs, How far can we go?How far can we go?
Semantic Web approachSemantic Web approach Allows for policies that refer to concepts introduced in any Allows for policies that refer to concepts introduced in any
number of domain-specific ontologiesnumber of domain-specific ontologies Opportunities for reconciliation with P3P/APPELOpportunities for reconciliation with P3P/APPEL