compliance monitoring of third party applicatjons in
play

Compliance Monitoring of Third-Party Applicatjons in Online Social - PowerPoint PPT Presentation

Jan 17, 2024 •357 likes •1.2k views

Compliance Monitoring of Third-Party Applicatjons in Online Social Networks Florian Kelbert, Imperial College London Alexander Fromm, Technical University of Munich Problem Problem How to ensure that data is used in correspondence with

  1. Compliance Monitoring of Third-Party Applicatjons in Online Social Networks Florian Kelbert, Imperial College London Alexander Fromm, Technical University of Munich

  6. Problem

  7. Problem How to ensure that data is used in correspondence with policies?

  8. Problem How to ensure that data is used in correspondence with policies?

  9. Problem How to ensure that data is used in correspondence with policies?

  10. Problem How to ensure that data is used in correspondence with policies?

  11. Problem How to ensure that data is used in correspondence with policies?

  12. Problem How to ensure that data is used in correspondence with policies? “You may cache the content for up to 24 hours”

  13. Problem How to ensure that data is used in correspondence with policies? “You may cache the content for up to 24 hours” “Only use friend data in the person’s experience in your app”

  14. Problem How to ensure that data is used in correspondence with policies? “You may cache the content for up to 24 hours” “Only use friend data in the person’s experience in your app” “You may not disclose confidential information to a third party without the prior explicit consent of Tumblr.”

  15. To start with ...

  16. To start with ... Social Networks are trusted

  17. To start with ... Social Networks are trusted

  18. To start with ... Social Networks are trusted Third Party Applications are not

  19. To start with ... Social Networks are trusted Third Party Applications are not Thousands of apps and developers

  20. Overview

  21. Overview User Data OSN Operator (trusted)

  22. Overview User Data OSN Operator (trusted)

  23. Overview User Data 1. Policy Provisioning Policy Database OSN Operator (trusted)

  24. Overview Applications (untrusted) User Data 1. Policy Provisioning Policy Database OSN Operator (trusted)

  25. Overview Applications (untrusted) User Data 1. Policy Provisioning PaaS / SEE (trusted) Policy Database PaaS Provider (trusted) OSN Operator (trusted)

  26. Overview Applications (untrusted) User Data Libraries 1. Policy Provisioning PaaS / SEE (trusted) Policy Database PaaS Provider (trusted) OSN Operator (trusted)

  27. Overview Applications (untrusted) User Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) Policy Database PaaS Provider (trusted) OSN Operator (trusted)

  28. Overview Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) Policy Database PaaS Provider (trusted) OSN Operator (trusted)

  29. Overview Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request Policy Database Coordinator PaaS Provider (trusted) OSN Operator (trusted)

  30. Overview Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies Policy Database Coordinator PaaS Provider (trusted) OSN Operator (trusted)

  31. Overview Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies Policy 5. Policies Database Coordinator PaaS Provider (trusted) OSN Operator (trusted)

  32. Overview Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies Policy 5. Policies Database Coordinator Decision Engine PaaS Provider (trusted) OSN Operator (trusted)

  33. Overview Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies Policy 5. Policies Database 6. deployPolicy Coordinator Decision Engine PaaS Provider (trusted) OSN Operator (trusted)

  34. Overview 7. Request Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies Policy 5. Policies Database 6. deployPolicy Coordinator Decision Engine PaaS Provider (trusted) OSN Operator (trusted)

  35. Overview 7. Request 8. Response Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies Policy 5. Policies Database 6. deployPolicy Coordinator Decision Engine PaaS Provider (trusted) OSN Operator (trusted)

  36. Overview 7. Request 8. Response Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies 9. Response Policy 5. Policies Database 6. deployPolicy Coordinator Decision Engine PaaS Provider (trusted) OSN Operator (trusted)

  37. Overview 7. Request 8. Response Applications (untrusted) User 2. Request 10. Response Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies 9. Response Policy 5. Policies Database 6. deployPolicy Coordinator Decision Engine PaaS Provider (trusted) OSN Operator (trusted)

  38. Overview 7. Request 8. Response Applications (untrusted) User 2. Request 10. Response Data Continuous policy evaluation Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies 9. Response Policy 5. Policies Database 6. deployPolicy Coordinator Decision Engine PaaS Provider (trusted) OSN Operator (trusted)

  39. Some details follow ...

  40. Some details follow ... Policy Provisioning

  41. Some details follow ... Policy Provisioning

  42. Some details follow ... Policy Provisioning

  43. Policy Provisioning

  44. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date”

  45. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” →

  46. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours”

  47. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours” →

  48. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours” → Event: Condition: Action:

  49. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours” → Event: process(data) Condition: Action:

  50. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours” → Event: process(data) Condition: Action: <inhibit>

  51. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours” → Event: process(data) Condition: not(repmin(24[hours], 1, receive(data))) Action: <inhibit>

  52. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours” Complex LTL formulas: → ● propositional ● temporal ● cardinal Event: process(data) ● spatial constraints Condition: not(repmin(24[hours], 1, receive(data))) Action: <inhibit>

  53. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours” Complex LTL formulas: → ● propositional ● temporal ● cardinal Event: process(data) ● spatial constraints Condition: not(repmin(24[hours], 1, receive(data))) Action: <inhibit>

  54. Some details follow ... Policy Provisioning Application Deployment

  55. Some details follow ... Policy Provisioning Application Deployment

  56. Some details follow ... Policy Provisioning Application Deployment

  57. Applicatjon Deployment

  58. Applicatjon Deployment Analysis of binary app to find

  59. Applicatjon Deployment Analysis of binary app to find Data sources e.g., retrieve from OSN

  60. Applicatjon Deployment Analysis of binary app to find Data sources e.g., retrieve from OSN Data sinks e.g., data usage/sharing

  61. Applicatjon Deployment Analysis of binary app to find Data sources e.g., retrieve from OSN Data sinks e.g., data usage/sharing Dependencies between them

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A competitive advantage for your company through Third Party Monitoring ODIS THIRD PARTY

A competitive advantage for your company through Third Party Monitoring ODIS THIRD PARTY

A competitive advantage for your company through Third Party Monitoring ODIS THIRD PARTY (CONTRACT) MANAGEMENT (TPM) Index Introduction Complexity, governance and risk Past, Present and Future, where are you in the evolution?

295 views • 15 slides
THIRD PARTY COMPLIANCE IN INDIA Red Flags, Cultural Hurdles &amp; Emerging Best Practices Manish

THIRD PARTY COMPLIANCE IN INDIA Red Flags, Cultural Hurdles &amp; Emerging Best Practices Manish

Dun &amp; Bradstreet presents: THIRD PARTY COMPLIANCE IN INDIA Red Flags, Cultural Hurdles &amp; Emerging Best Practices Manish Sinha Managing Director India Satyajit Nandi Abhay Bhat Senior Manager, Third Party Compliance Head, Legal

334 views • 10 slides
BBH Grants Monitoring &amp; Compliance Brandy Byrnside, Director, Compliance Division Lewisburg,

BBH Grants Monitoring &amp; Compliance Brandy Byrnside, Director, Compliance Division Lewisburg,

BBH Grants Monitoring &amp; Compliance Brandy Byrnside, Director, Compliance Division Lewisburg, WV September 18, 2019 What is Grants Monitoring &amp; Compliance? Adopting and consistently applying systematic procedures to assure: that

439 views • 19 slides
Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done Party!!!!!! Party!!!!!! Curling Orientation Party!!!!!! Party!!!!!! Party!!!!!! National day parade Airport picking-uping Party!!!!!!

1.18k views • 69 slides
SECURITY. RISKS. COMPLIANCE. How Can Third Party Assurance Help Your Business Drive

SECURITY. RISKS. COMPLIANCE. How Can Third Party Assurance Help Your Business Drive

SECURITY. RISKS. COMPLIANCE. How Can Third Party Assurance Help Your Business Drive Efficiencies and Build Market Trust? IIA/ISACA Chicago Hacking Conference October 28, 2019 BDO USA, LLP, a Delaware limited liability partnership, is the U.S.

153 views • 13 slides
Regulation update Monitoring and Compliance 2016 Statement of Compliance Evidence required

Regulation update Monitoring and Compliance 2016 Statement of Compliance Evidence required

Regulation update Monitoring and Compliance 2016 Statement of Compliance Evidence required for Conditions: A6 Risk management A7, B3 Event management and notification A1.3 Activity in Wales I3.1 Certificate design

340 views • 17 slides
C. KBL Post-Fire Hydrogeological Assessment of Site Third party review of the fire monitoring

C. KBL Post-Fire Hydrogeological Assessment of Site Third party review of the fire monitoring

innovative environmental solutions I Post-Fire Water Quality I Monitoring at Solid Waste Disposal Facilities C. KBL Post-Fire Hydrogeological Assessment of Site Third party review of the fire monitoring data (Beckingham Hay River Landfill

550 views • 9 slides
Monitoring for Compliance Murray Darling A Basin Scale Solution Association AGM October 2019

Monitoring for Compliance Murray Darling A Basin Scale Solution Association AGM October 2019

Monitoring for Compliance Murray Darling A Basin Scale Solution Association AGM October 2019 Current compliance monitoring approach Fragmented no consistent approach Puts onus on irrigators &amp; farmers Huge up front &amp;

477 views • 13 slides
C. KBL Background Third Party Consultant review of historical groundwater monitoring data and

C. KBL Background Third Party Consultant review of historical groundwater monitoring data and

innovative environmental solutions I Groundwater Monitoring Network I Design at the SWDF C. KBL Background Third Party Consultant review of historical groundwater monitoring data and recommendations. Review included an in depth review of:

614 views • 10 slides
The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why

The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why

The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why a Mobile Application Code? Extend the NAI compliance program into the mobile application space Provide extra flexibility for this rapidly

319 views • 18 slides
Implementing a Consistent and Efficient Third-Party Due Diligence Process Practical insight into

Implementing a Consistent and Efficient Third-Party Due Diligence Process Practical insight into

Implementing a Consistent and Efficient Third-Party Due Diligence Process Practical insight into technology deployment and review to ensure ongoing compliance Paul Hommes Risk &amp; Compliance Specialist LexisNexis June 2016 Agenda

466 views • 43 slides
FCPA Compliance: Third-Party Due Diligence Minimizing Corruption Risks When Using Foreign Agents,

FCPA Compliance: Third-Party Due Diligence Minimizing Corruption Risks When Using Foreign Agents,

Presenting a live 90-minute webinar with interactive Q&amp;A FCPA Compliance: Third-Party Due Diligence Minimizing Corruption Risks When Using Foreign Agents, Distributors and Other Intermediaries WEDNESDAY, JANUARY 16, 2013 1pm Eastern |

720 views • 59 slides
Whats on the Horizon? Accountability, Compliance &amp; Monitoring will have some changes based

Whats on the Horizon? Accountability, Compliance &amp; Monitoring will have some changes based

Whats on the Horizon? Accountability, Compliance &amp; Monitoring will have some changes based on mandates under Senate Bill 1, Rider 70 Texas 83 rd Legislative Session, 2013 Impl plem emen entation tion of of St Stan and Al Alone Specia

286 views • 5 slides
Compliance

Compliance

20/03/17 Compliance Workshop 1 - 2017 Identification of clients, Complicate structures, Risk assessment &amp; monitoring of transactions www.cfa.org.cy

657 views • 44 slides
Compliance Monitoring and Enforcement Program Annual Report Ed Kichline, Senior Counsel and

Compliance Monitoring and Enforcement Program Annual Report Ed Kichline, Senior Counsel and

Agenda Item 3 Compliance Monitoring and Enforcement Program Annual Report Ed Kichline, Senior Counsel and Director of Enforcement Oversight Steven Noess, Director of Regulatory Programs Compliance Committee Meeting February 5, 2020 RELI ABI

256 views • 22 slides
Third Party Compliance Model Records Management Plan Review NRS PRSA Stakeholder Forum 25 th

Third Party Compliance Model Records Management Plan Review NRS PRSA Stakeholder Forum 25 th

Third Party Compliance Model Records Management Plan Review NRS PRSA Stakeholder Forum 25 th August 2018 Heather Jack Talk topics Background Obligations, resources and guidance Themes and issues to explore Addressing issues,

415 views • 6 slides
Application-Integrated Data Collection for Security Monitoring Magnus Almgren and Ulf Lindqvist

Application-Integrated Data Collection for Security Monitoring Magnus Almgren and Ulf Lindqvist

Application-Integrated Data Collection for Security Monitoring Magnus Almgren and Ulf Lindqvist System Design Lab, SRI International The work described here was funded by DARPA under contract number F30602-99-C-0149 and F30602-98-C-0059. The

536 views • 21 slides
protoDUNE-SP Data Quality Monitoring Maxim Potekhin (BNL) ProtoDUNE-SP Data Exploitation

protoDUNE-SP Data Quality Monitoring Maxim Potekhin (BNL) ProtoDUNE-SP Data Exploitation

protoDUNE-SP Data Quality Monitoring Maxim Potekhin (BNL) ProtoDUNE-SP Data Exploitation Readiness Review@FNAL May 10th 2018 Overview The focus of this talk is mainly on infrastructure implemented for the support of the Data Quality

689 views • 37 slides
Huge Codebases Application Monitoring with Hystrix 30 Jan. 2016 Roman Mohr Red Hat FOSDEM 2016

Huge Codebases Application Monitoring with Hystrix 30 Jan. 2016 Roman Mohr Red Hat FOSDEM 2016

Huge Codebases Application Monitoring with Hystrix 30 Jan. 2016 Roman Mohr Red Hat FOSDEM 2016 1 Huge Codebases Application Monitoring with Hystrix About Me Roman Mohr Software Engineer at Red Hat Member of the SLA team in oVirt

903 views • 38 slides
11/23/2009 Examples of Data Stream Applications Continuous, unbounded, rapid, time-varying

11/23/2009 Examples of Data Stream Applications Continuous, unbounded, rapid, time-varying

11/23/2009 Examples of Data Stream Applications Continuous, unbounded, rapid, time-varying streams of data elements (tuples). Data Streams Market Analysis Streams of Stock Exchange Data Critical Care From Niagara Falls to Aurora

448 views • 9 slides
An Analysis of a Large An Analysis of a Large John Anderson, College of the John Anderson,

An Analysis of a Large An Analysis of a Large John Anderson, College of the John Anderson,

The Problem The Problem An Analysis of a Large An Analysis of a Large John Anderson, College of the John Anderson, College of the Scale Habitat Monitoring Scale Habitat Monitoring Atlantic Atlantic Application Application

194 views • 5 slides
OFS: An Overlay File System for Cloud-Assisted Mobile Applications Jianchen Shan, Nafize R.

OFS: An Overlay File System for Cloud-Assisted Mobile Applications Jianchen Shan, Nafize R.

OFS: An Overlay File System for Cloud-Assisted Mobile Applications Jianchen Shan, Nafize R. Paiker, Xiaoning Ding, Narain Gehani, Reza Curtmola, Cristian Borcea Mobile apps need cloud assistance Mobile devices have limited resources

559 views • 33 slides
Application and Use of Passive Samplers for Monitoring Organic Contaminants at Superfund Sediment

Application and Use of Passive Samplers for Monitoring Organic Contaminants at Superfund Sediment

Application and Use of Passive Samplers for Monitoring Organic Contaminants at Superfund Sediment Sites 26 August 2013 1 of x The Use of Passive Samplers to Monitor Organic Contaminants at Superfund Sediment Sites Background Management of

729 views • 23 slides
Multimedia Applications Multimedia Applications Srinidhi Varadarajan Multimedia Applications

Multimedia Applications Multimedia Applications Srinidhi Varadarajan Multimedia Applications

Multimedia Applications Multimedia Applications Srinidhi Varadarajan Multimedia Applications Multimedia Applications Multimedia requirements Streaming Phone over IP Recovering from Jitter and Loss RTP Diff-serv, Int-serv,

483 views • 27 slides

More recommend