Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

 Increase in the user generated content on web  Rise in the online interactions and content sharing among users  More dynamic context  Need to provide precise control over the conditions under which users can share their personal information 2

Devise better privacy mechanisms to control the information flow in social networking systems. 3

Privacy control mechanism based on policy frameworks that are rich in semantic web technologies to control information flow in social networking applications. The privacy control mechanism  Provides users of the system better control while sharing information than the state of the art systems  Combines dynamic user context, For instance, current time, current location or current activity of the user 4

 Increase in the popularity of social networking systems(SNS) such as Facebook, MySpace, LiveJournal etc.  SNS allow creation of online profiles  Photos, videos and favorite links  ‘What’s on your mind’ or status updates  Content sharing with a huge list of friends and networks of friends 5

 Availability of GPS functionality on phone devices like iPhone, HTC-G1 and network based positioning methods on internet  Social network maps friends and their locations using Maps API on the web  Content sharing relative to location and time  Privacy is an important issue with the current systems like Google latitude, Loopt, Brightkite 6

 Privacy concerns when, how and to what extent information about someone is communicated to others  Distinguish among various peers in large network of friends  Capture continuous changes in the contextual information about users  Address privacy requirements subjective to individual 7

 RDF and OWL  Set of triples  Precise specification of classes used by policy languages  based on description logic, for which efficient reasoning systems are available  Notation3  expression of data and logic in the same language  simple and consistent grammar, greater expressiveness, and is a compact and readable alternative to RDF’s XML syntax  allow rules to be integrated smoothly with RDF  Policies based on semantic web technologies can better represent user context information and privacy preferences. 8

Static knowledge about user profile, and networks of friends Knowledge about dynamic user context like current activity, location Privacy enforcement rules Reasoning Engine Network Privacy Control Framework Content Preferences Content Aggregator Social Media Policy network ontology Database 9

 Policy network ontology  Integrates Rein and AIR policy ontology  Rein policies to provide access control and AIR policies to provide justification to the inferences made  Policies specified using N3 rules and Turtle  Reasoning engine  CWM, a forward chaining rule engine ▪ Pychinko, a forward chaining rule engine, written in Python, that implements Rete algorithm and allows for efficient processing of very large rule bases  Supports a significant subset of the math, string, time and logic built-ins 10

11 Policy(N3) Resource (User-location) Meta-Policy Policy Language (loc-access) Policy Language (loc-access) policy language meta-policy Request Requester Credentials Location-Access Answer Valid InValid access requester ans IsA Policy Network Ontology Request Ontology

Privacy Policy follows Deny-Access approach. It specifies authorization logic. Authentication is performed separately in the system.  What information user is willing to share  Location information with accuracy level  With whom  Friends  Group of friends  Under what conditions  Day and time of the week  Location of the user, specifying the area in which user can be seen  Accuracy level of the location information 12

Example policies can be :  Share my location with teachers on weekdays only if I am in the university campus and only between 9 am and 6 pm  Share exact location with members of family group all the time, in all locations  Do not share my location if user is at any of the sensitive locations  Do not share my activity status with teachers on weekends  Share my activity status with only close friends 13

Example of location access control policy: Share my location with teachers on weekdays only if I am in the university campus and only between 9 am and 6 pm 14

Example of location access control policy: Share exact location with members of family group all the time, in all locations 15

16 Example of location access control policy: Do not share my location if user is at any of the sensitive locations

17 Example of activity access control policy: Do not share my activity status with teachers on weekends

18 Example of activity access control policy: Do not share my location if user is at any of the sensitive locations

19 Example of Accountability Policy: Checks the compliance of location request with user's policy

 User shares her protected resources and defines the privacy preferences  System follows pull mechanism. All the different types of information sharing activities among participants are established by the privacy control module in the system.  Whenever any participant makes a query, it is sent to the privacy control module which in turn processes the query by reasoning over the policy networks associated with the resource, and returns the valid answer to the query.  Generalization is applied for the valid answers. 20

21 Query Form request and Assert required information Authenticate Requester Fetch knowledge about user Execute Reasoning Engine Apply generalization Result Assert Authorization Result Figure 3. Steps involved in query processing

 Client device is location aware device like GPS enabled phones or wi-fi enabled laptops  Google maps to plot user and her friends  User interface to define privacy preferences  Connects with Facebook accounts to fetch profile information and find networks of friends  Creates and stores policy ontology in persistent memory and reloads when required by reasoning engine 22

23

Privacy Configuration User Interface 24

Summary of features of our system and their comparison with the state of the art systems 25

Timing characteristics of various privacy rules with CWM and Pychinko. Policy1(location sharing rule with Math and time builtins), Policy 2 (activity sharing rule with Math and time builtins), Policy 3 (activity sharing without any builtins), Policy 4 (location sharing without any builtins). All timings shown are in milliseconds. 26

 We have described the system architecture of the policy based system and its various components and discussed implementation considerations. We demonstrated few examples of the policy that state of the art system does not support.  Future Work:  Improve scalability  Evaluate the utility  Predicting user privacy preferences 27

Privacy control mechanism based on policy frameworks that are rich in semantic web technologies to control information flow in social networking applications. The privacy control mechanism  Provides users of the system better control while sharing information than the state of the art systems  Combines dynamic user context, For instance, current time, current location or current activity of the user 28

Thank you 29