Using Social Semantic Web Data for Privacy Policies
description
Transcript of Using Social Semantic Web Data for Privacy Policies
![Page 1: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/1.jpg)
Using Social Semantic Web Data for Privacy Policies
Presentation of the Bachelor Thesis
Emily Kigel
![Page 2: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/2.jpg)
2
Overview• Motivation: Privacy on the Social Web
Why Privacy Protection? How It is Now How It could be
• Contributions
• Social Semantic Web Data for Policy Reasoning Policy-Based Access Control Policy Specification using Social Semantic Web Data
• Implementation The Policy Framework Protune Including Social Semantic Web Data into Protune SPoX- a Use Case
• Conclusions
![Page 3: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/3.jpg)
3
Social Web Why Privacy Protection?
![Page 4: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/4.jpg)
4
Unintended Dislosure
![Page 5: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/5.jpg)
5
Comments on
personal data
Tagged in photos
poked
chat messages received
Private message
s
Posts on the Wall
Updates in groups
Blog posts
Information Overload
![Page 6: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/6.jpg)
6
Why Privacy Protection?
• Uncontrolled information disclosure• Personal and sensitive data• Invisible audience • Different parts of the social environment of
user dissolveEmployers, job recruiters, collegues, family,
etc.
• Information overload
![Page 7: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/7.jpg)
7
Privacy ProtectionHow It is Now
![Page 8: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/8.jpg)
8
Privacy Protection How It is Now
• Checkboxes• Pre-defined • Static• Binary options
![Page 9: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/9.jpg)
9
Privacy Protection How It is Now
• Social Web applications – like islands
• No external data integration in privacy settings possible
hence, no usage of distributed (personal) Social data possible
![Page 10: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/10.jpg)
10
Privacy Protection How It could be
![Page 11: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/11.jpg)
11
Privacy ProtectionHow It could be
• Family pictures accessible by family and close friends (-> Flickr and Facebook)
• Landscape pictures additionally accessible by Flickr group „France landscape“
BobFamily.jpg Landscape.jpg
![Page 12: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/12.jpg)
12
Contributions of this thesis
• Analysis of privacy settings of nowadays Social Web applications
• Fine-grained privacy protection: Arbitrary access control decisions based on user preferences
• Crossing boundaries of nowadays Social Web applications Exploiting Social Semantic Web data from various web information
sources
• Implementation using a policy language and integration into SPoX
![Page 13: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/13.jpg)
13
Policy-Based Access Control
![Page 14: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/14.jpg)
14
Privacy Policy for acces control
allow(access(File, User)) isFamilyOrFriend(User),
familyPicture(File).
• Facts: isFamilyOrFriend(Tom), familyPicture(Dinner.jpg)
• Goal: allow(access(File, User))• Evaluation of goal successful/ unsuccessful ->
access allowed/ denied
![Page 15: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/15.jpg)
15
Policy-Based Access ControlWhat are policies?
• Define behaviour of a system• Base decisions on specific conditions• Well-defined statements• Typically declarative rules • Formal syntax• Different Types:
Business rulesSecurity and privacy rules
![Page 16: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/16.jpg)
16
Policy Specification using Social Semantic Web Data
![Page 17: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/17.jpg)
17
Policy Specification using Social Semantic Web Data
• Extending policy specification process• Using external information sources• Incorporation of Social Semantic Web data;
Retrieving data Including and combining data for privacy policies
• Definition of social relationships and properties of requester• Conditions for access:
Information beyond one Social Web application
![Page 18: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/18.jpg)
18
Data Sources for Policy Decisions1. Proprietary Social Web data
Social Web applications Personal information provided by user User‘s social network User- generated content Data produced through active participation
Open interfaces
2. Semantic Web data SPARQL endpoints Social Semantic Web data
FOAF profiles Exporters of Social data from Social Web applications
![Page 19: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/19.jpg)
19
The Definition of Concepts
![Page 20: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/20.jpg)
20
The Definition of Concepts
• Categorize people
• Create appropriate groups
• Using concepts as conditions in policies
• A concept in Protune policy:MyFriendsFromUniversity(Person)
![Page 21: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/21.jpg)
21
Example of a Concept
isMyFriend(Person) isFriendOnFacebook(Person).
isMyFriend(Person) isFriendOnFlickr(Person).
isMyFriend(Person) isFriendOnTwitter(Person).
![Page 22: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/22.jpg)
22
Bob‘s policy for holiday photosallow(access(Photo, User))
isTagged(Photo, `private´),familyAndCloseFriends(User).
allow(access(Photo, User)) isTagged(Photo, `France´),isMyFriend(User).
allow(access(Photo, User)) isTagged(Photo; `France´), isMemberInFlickrGroup(User, ``France Landscape
´´).
![Page 23: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/23.jpg)
23
Implementation The Policy Framework Protune
![Page 24: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/24.jpg)
24
Protune Framework
• Automates the policy evaluation and decision process
• Communicates with environment• Enforces policies• Checks whether policy is satisfied• Permits / denies access
![Page 25: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/25.jpg)
25
Protune Framework Architecture
Execution Handler:In charge of handling packages for
external data.packages Wrappers
Social Semantic Web data
![Page 26: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/26.jpg)
26
ImplementationThe IN- Predicate
Using external information in policies:
isFriendOnTwitter(Person)
in([Person], twitterquery: isTwitterFriend("user_name")).
![Page 27: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/27.jpg)
27
Including Social Semantic Web Data into Protune
• Twitter API – Social Web data
• Sparql endpoints (DBpedia, DBLP) – Semantic Web data
• FOAF files (Flickr exporter) –
Social Semantic Web data
![Page 28: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/28.jpg)
28
SPARQL Endpoint Wrapper• Import of data in RDF format• Access via SPARQL endpoints• Processes SELECT queries• DBpedia Wrapper• DBLP Wrapper
Is requester co-author of resource provider?Example policy
isCoAuthor(Person) in([Person], dblpEndpoint: areCoAuthorsByRealName(``Won Kim´´,
``William Kelley´´)).
![Page 29: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/29.jpg)
29
RDF Wrapper• Queries RDF files• Needs URL of FOAF profile• Example policy:
isMyFOAFfriend(Person)
in([Person], foafQuery: isPersonFriend(``John Smith´´,
``http://website.com/public/foaf.rdf´´)).
• Flickr Wrapper Uses the Flickr exporter
![Page 30: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/30.jpg)
30
Twitter Wrapper
Queries TwitterTwitter APIProtune needs access to Twitter accountAuthentication on Twitter- OAuth
Example policy
isMyTwitterFriend(Person) in([Person],
twitterquery: isMemberOfFriendsList("user_name")).
![Page 31: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/31.jpg)
31
SPoX- a Use Case
• Integration of Protune into SPoX
• Enforces policies upon Skype
• Incorporates Social Semantic Web data
• Privacy settings beyond boundaries of Skype
• E.g. Only Flickr and Twitter friends can call on weekends
![Page 32: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/32.jpg)
32
SPoX- a Use Case
![Page 33: Using Social Semantic Web Data for Privacy Policies](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814de0550346895dbb4c03/html5/thumbnails/33.jpg)
33
Conclusion• Insufficient privacy settings of nowadays Social Web
applications• Introduction of policy-based access control• Extending policy specification with Social Semantic Web
data• Result: fine-grained privacy protection• Implementation using Protune and integration into SPoX
Thank you for your attention.