Download presentation
Presentation is loading. Please wait.
1
Using Social Semantic Web Data for Privacy Policies Presentation of the Bachelor Thesis Emily Kigel
2
2 Overview Motivation: Privacy on the Social Web Why Privacy Protection? How It is Now How It could be Contributions Social Semantic Web Data for Policy Reasoning Policy-Based Access Control Policy Specification using Social Semantic Web Data Implementation The Policy Framework Protune Including Social Semantic Web Data into Protune SPoX- a Use Case Conclusions
3
3 Social Web Why Privacy Protection?
4
4 Unintended Dislosure
5
5 Comment s on personal data Tagged in photos poked chat messages received Private message s Posts on the Wall Updates in groups Blog posts Information Overload
6
6 Why Privacy Protection? Uncontrolled information disclosure Personal and sensitive data Invisible audience Different parts of the social environment of user dissolve Employers, job recruiters, collegues, family, etc. Information overload
7
7 Privacy Protection How It is Now
8
8 Checkboxes Pre-defined Static Binary options
9
9 Privacy Protection How It is Now Social Web applications – like islands No external data integration in privacy settings possible hence, no usage of distributed (personal) Social data possible
10
10 Privacy Protection How It could be
11
11 Privacy Protection How It could be Family pictures accessible by family and close friends (-> Flickr and Facebook) Landscape pictures additionally accessible by Flickr group „France landscape“ Bob Family.jpg Landscape.jpg
12
12 Contributions of this thesis Analysis of privacy settings of nowadays Social Web applications Fine-grained privacy protection: Arbitrary access control decisions based on user preferences Crossing boundaries of nowadays Social Web applications Exploiting Social Semantic Web data from various web information sources Implementation using a policy language and integration into SPoX
13
13 Policy-Based Access Control
14
14 Privacy Policy for acces control allow(access(File, User)) isFamilyOrFriend(User), familyPicture(File). Facts: isFamilyOrFriend(Tom), familyPicture(Dinner.jpg) Goal: allow(access(File, User)) Evaluation of goal successful/ unsuccessful -> access allowed/ denied
15
15 Policy-Based Access Control What are policies? Define behaviour of a system Base decisions on specific conditions Well-defined statements Typically declarative rules Formal syntax Different Types: Business rules Security and privacy rules
16
16 Policy Specification using Social Semantic Web Data
17
17 Policy Specification using Social Semantic Web Data Extending policy specification process Using external information sources Incorporation of Social Semantic Web data; Retrieving data Including and combining data for privacy policies Definition of social relationships and properties of requester Conditions for access: Information beyond one Social Web application
18
18 Data Sources for Policy Decisions 1. Proprietary Social Web data Social Web applications Personal information provided by user User‘s social network User- generated content Data produced through active participation Open interfaces 2. Semantic Web data SPARQL endpoints Social Semantic Web data FOAF profiles Exporters of Social data from Social Web applications
19
19 The Definition of Concepts
20
20 The Definition of Concepts Categorize people Create appropriate groups Using concepts as conditions in policies A concept in Protune policy: MyFriendsFromUniversity(Person)
21
21 Example of a Concept isMyFriend(Person) isFriendOnFacebook(Person). isMyFriend(Person) isFriendOnFlickr(Person). isMyFriend(Person) isFriendOnTwitter(Person).
22
22 Bob‘s policy for holiday photos allow(access(Photo, User)) isTagged(Photo, `private´), familyAndCloseFriends(User). allow(access(Photo, User)) isTagged(Photo, `France´), isMyFriend(User). allow(access(Photo, User)) isTagged(Photo; `France´), isMemberInFlickrGroup(User, ``France Landscape´´).
23
23 Implementation The Policy Framework Protune
24
24 Protune Framework Automates the policy evaluation and decision process Communicates with environment Enforces policies Checks whether policy is satisfied Permits / denies access
25
25 Protune Framework Architecture Execution Handler: In charge of handling packages for external data. packages Wrappers Social Semantic Web data
26
26 Implementation The IN- Predicate Using external information in policies: isFriendOnTwitter(Person) in([Person], twitterquery: isTwitterFriend("user_name")).
27
27 Including Social Semantic Web Data into Protune Twitter API – Social Web data Sparql endpoints (DBpedia, DBLP) – Semantic Web data FOAF files (Flickr exporter) – Social Semantic Web data
28
28 SPARQL Endpoint Wrapper Import of data in RDF format Access via SPARQL endpoints Processes SELECT queries DBpedia Wrapper DBLP Wrapper Is requester co-author of resource provider? Example policy isCoAuthor(Person) in([Person], dblpEndpoint: areCoAuthorsByRealName(``Won Kim´´, ``William Kelley´´)).
29
29 RDF Wrapper Queries RDF files Needs URL of FOAF profile Example policy: isMyFOAFfriend(Person) in([Person], foafQuery: isPersonFriend(``John Smith´´, ``http://website.com/public/foaf.rdf´´)). Flickr Wrapper Uses the Flickr exporter
30
30 Twitter Wrapper Queries Twitter Twitter API Protune needs access to Twitter account Authentication on Twitter- OAuth Example policy isMyTwitterFriend(Person) in([Person], twitterquery: isMemberOfFriendsList("user_name")).
31
31 SPoX- a Use Case Integration of Protune into SPoX Enforces policies upon Skype Incorporates Social Semantic Web data Privacy settings beyond boundaries of Skype E.g. Only Flickr and Twitter friends can call on weekends
32
32 SPoX- a Use Case
33
33 Conclusion Insufficient privacy settings of nowadays Social Web applications Introduction of policy-based access control Extending policy specification with Social Semantic Web data Result: fine-grained privacy protection Implementation using Protune and integration into SPoX Thank you for your attention.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.