Using Social Semantic Web Data for Privacy Policies Presentation of the Bachelor Thesis Emily Kigel.

Using Social Semantic Web Data for Privacy Policies

Presentation of the Bachelor Thesis

Emily Kigel

2

Overview• Motivation: Privacy on the Social Web

Why Privacy Protection? How It is Now How It could be

• Contributions

• Social Semantic Web Data for Policy Reasoning Policy-Based Access Control Policy Specification using Social Semantic Web Data

• Implementation The Policy Framework Protune Including Social Semantic Web Data into Protune SPoX- a Use Case

• Conclusions

3

Social Web Why Privacy Protection?

4

Unintended Dislosure

5

Comments on

personal data

Tagged in photos

poked

chat messages received

Private message

s

Posts on the Wall

Updates in groups

Blog posts

Information Overload

6

Why Privacy Protection?

• Uncontrolled information disclosure• Personal and sensitive data• Invisible audience • Different parts of the social environment of

user dissolveEmployers, job recruiters, collegues, family,

etc.

• Information overload

7

Privacy ProtectionHow It is Now

8

Privacy Protection How It is Now

• Checkboxes• Pre-defined • Static• Binary options

9

Privacy Protection How It is Now

• Social Web applications – like islands

• No external data integration in privacy settings possible

hence, no usage of distributed (personal) Social data possible

10

Privacy Protection How It could be

11

Privacy ProtectionHow It could be

• Family pictures accessible by family and close friends (-> Flickr and Facebook)

• Landscape pictures additionally accessible by Flickr group „France landscape“

BobFamily.jpg Landscape.jpg

12

Contributions of this thesis

• Analysis of privacy settings of nowadays Social Web applications

• Fine-grained privacy protection: Arbitrary access control decisions based on user preferences

• Crossing boundaries of nowadays Social Web applications Exploiting Social Semantic Web data from various web information

sources

• Implementation using a policy language and integration into SPoX

13

Policy-Based Access Control

14

Privacy Policy for acces control

allow(access(File, User)) isFamilyOrFriend(User),

familyPicture(File).

• Facts: isFamilyOrFriend(Tom), familyPicture(Dinner.jpg)

• Goal: allow(access(File, User))• Evaluation of goal successful/ unsuccessful ->

access allowed/ denied

15

Policy-Based Access ControlWhat are policies?

• Define behaviour of a system• Base decisions on specific conditions• Well-defined statements• Typically declarative rules • Formal syntax• Different Types:

Business rulesSecurity and privacy rules

16

Policy Specification using Social Semantic Web Data

17

Policy Specification using Social Semantic Web Data

• Extending policy specification process• Using external information sources• Incorporation of Social Semantic Web data;

Retrieving data Including and combining data for privacy policies

• Definition of social relationships and properties of requester• Conditions for access:

Information beyond one Social Web application

18

Data Sources for Policy Decisions1. Proprietary Social Web data

Social Web applications Personal information provided by user User‘s social network User- generated content Data produced through active participation

Open interfaces

2. Semantic Web data SPARQL endpoints Social Semantic Web data

FOAF profiles Exporters of Social data from Social Web applications

19

The Definition of Concepts

20

The Definition of Concepts

• Categorize people

• Create appropriate groups

• Using concepts as conditions in policies

• A concept in Protune policy:MyFriendsFromUniversity(Person)

21

Example of a Concept

isMyFriend(Person) isFriendOnFacebook(Person).

isMyFriend(Person) isFriendOnFlickr(Person).

isMyFriend(Person) isFriendOnTwitter(Person).

22

Bob‘s policy for holiday photosallow(access(Photo, User))

isTagged(Photo, `private´),familyAndCloseFriends(User).

allow(access(Photo, User)) isTagged(Photo, `France´),isMyFriend(User).

allow(access(Photo, User)) isTagged(Photo; `France´), isMemberInFlickrGroup(User, ``France Landscape

´´).

23

Implementation The Policy Framework Protune

24

Protune Framework

• Automates the policy evaluation and decision process

• Communicates with environment• Enforces policies• Checks whether policy is satisfied• Permits / denies access

25

Protune Framework Architecture

Execution Handler:In charge of handling packages for

external data.packages Wrappers

Social Semantic Web data

26

ImplementationThe IN- Predicate

Using external information in policies:

isFriendOnTwitter(Person)

in([Person], twitterquery: isTwitterFriend("user_name")).

27

Including Social Semantic Web Data into Protune

• Twitter API – Social Web data

• Sparql endpoints (DBpedia, DBLP) – Semantic Web data

• FOAF files (Flickr exporter) –

Social Semantic Web data

28

SPARQL Endpoint Wrapper• Import of data in RDF format• Access via SPARQL endpoints• Processes SELECT queries• DBpedia Wrapper• DBLP Wrapper

Is requester co-author of resource provider?Example policy

isCoAuthor(Person) in([Person], dblpEndpoint: areCoAuthorsByRealName(``Won Kim´´,

``William Kelley´´)).

29

RDF Wrapper• Queries RDF files• Needs URL of FOAF profile• Example policy:

isMyFOAFfriend(Person)

in([Person], foafQuery: isPersonFriend(``John Smith´´,

``http://website.com/public/foaf.rdf´´)).

• Flickr Wrapper Uses the Flickr exporter

30

Twitter Wrapper

Queries TwitterTwitter APIProtune needs access to Twitter accountAuthentication on Twitter- OAuth

Example policy

isMyTwitterFriend(Person) in([Person],

twitterquery: isMemberOfFriendsList("user_name")).

31

SPoX- a Use Case

• Integration of Protune into SPoX

• Enforces policies upon Skype

• Incorporates Social Semantic Web data

• Privacy settings beyond boundaries of Skype

• E.g. Only Flickr and Twitter friends can call on weekends

32

SPoX- a Use Case

33

Conclusion• Insufficient privacy settings of nowadays Social Web

applications• Introduction of policy-based access control• Extending policy specification with Social Semantic Web

data• Result: fine-grained privacy protection• Implementation using Protune and integration into SPoX

Thank you for your attention.