modeling social networking privacy
play

Modeling Social Networking Privacy Carolina Dania IMDEA Software - PowerPoint PPT Presentation

Dec 09, 2023 •207 likes •1.31k views

Modeling Social Networking Privacy Carolina Dania IMDEA Software Institute - Spain Universidad Complutense de Madrid (Partially funded by NeSSOS) Supervisors Manuel Clavel Marina Egea IMDEA Software Institute Atos Research & Innovation

  1. Outline • Social Networks - Facebook - Privacy - Example • Research project - Goals - Requirements • Preliminary results • Research plan Tuesday, February 21, 12

  2. Goals Tuesday, February 21, 12

  3. Goals • develop a methodology for modeling and analyzing social networking privacy policies Tuesday, February 21, 12

  4. Goals • develop a methodology for modeling and analyzing social networking privacy policies - modeling means for us to use formal model with rigorous semantics Tuesday, February 21, 12

  5. Goals • develop a methodology for modeling and analyzing social networking privacy policies - modeling means for us to use formal model with rigorous semantics - analyzing means for us to use formal methods (as automated as possible) Tuesday, February 21, 12

  6. Goals • develop a methodology for modeling and analyzing social networking privacy policies - modeling means for us to use formal model with rigorous semantics - analyzing means for us to use formal methods (as automated as possible) • validate this methodology with a case study: modeling and analyzing Facebook’s privacy policy Tuesday, February 21, 12

  7. Requirements Tuesday, February 21, 12

  8. Requirements • [modeling] it is crucial to use a language able to formalize fine-grained access control policies (dynamic access control) Tuesday, February 21, 12

  9. Requirements • [modeling] it is crucial to use a language able to formalize fine-grained access control policies (dynamic access control) E.g. Can Peter see a photo in Alice’s wall if Peter is a friend of Alice? Tuesday, February 21, 12

  10. Requirements • [modeling] it is crucial to use a language able to formalize fine-grained access control policies (dynamic access control) E.g. Can Peter see a photo in Alice’s wall if Peter is a friend of Alice? simple RBAC is not sufficient Tuesday, February 21, 12

  11. Requirements • [modeling] it is crucial to use a language able to formalize fine-grained access control policies (dynamic access control) E.g. Can Peter see a photo in Alice’s wall if Peter is a friend of Alice? simple RBAC is not sufficient • [analyzing] it is crucial to use a language with a formal semantics Tuesday, February 21, 12

  12. Requirements • [modeling] it is crucial to use a language able to formalize fine-grained access control policies (dynamic access control) E.g. Can Peter see a photo in Alice’s wall if Peter is a friend of Alice? simple RBAC is not sufficient • [analyzing] it is crucial to use a language with a formal semantics E.g. XACML currently lacks of a formal semantics Tuesday, February 21, 12

  13. SecureUML Tuesday, February 21, 12

  14. SecureUML • formal language for modeling fine-grained access control policies, both static and dynamic Tuesday, February 21, 12

  15. SecureUML • formal language for modeling fine-grained access control policies, both static and dynamic - dynamic access control policies depend on the run-time satisfaction of authorization constraints Tuesday, February 21, 12

  16. OCL Tuesday, February 21, 12

  17. OCL • a strongly typed declarative language Tuesday, February 21, 12

  18. OCL • a strongly typed declarative language • using OCL you can: Tuesday, February 21, 12

  19. OCL • a strongly typed declarative language • using OCL you can: - refer to any, some, or all the elements in a scenario Tuesday, February 21, 12

  20. OCL • a strongly typed declarative language • using OCL you can: - refer to any, some, or all the elements in a scenario - refer to the value of any properties of any element in a scenario Tuesday, February 21, 12

  21. OCL • a strongly typed declarative language • using OCL you can: - refer to any, some, or all the elements in a scenario - refer to the value of any properties of any element in a scenario - perform standard operations on primitive types, or collections of elements in a scenario Tuesday, February 21, 12

  22. Outline • Social Networks - Facebook - Privacy - Example • Research project - Goals - Requirements • Preliminary results • Research plan Tuesday, February 21, 12

  23. Modeling Facebook (posting and tagging) Tuesday, February 21, 12

  24. Modeling Facebook (posting and tagging) • Facebook’s profile, walls, posts, photos, tags, etc, can be modeled as entities, and privacy settings can be modeled as attributes Tuesday, February 21, 12

  25. Modeling Facebook (posting and tagging) • Facebook’s profile, walls, posts, photos, tags, etc, can be modeled as entities, and privacy settings can be modeled as attributes • Facebook’s privacy clauses are modeled using OCL Tuesday, February 21, 12

  26. Facebook data model Tuesday, February 21, 12

  27. Facebook data model Tuesday, February 21, 12

  28. Facebook (authorization constraints) Tuesday, February 21, 12

  29. Facebook (authorization constraints) Tuesday, February 21, 12

  30. Facebook (authorization constraints) • anybody (@caller) can read any post (@post) that is posted in his/her wall, independently of the creator of the post Tuesday, February 21, 12

  31. Facebook (authorization constraints) • anybody (@caller) can read any post (@post) that is posted in his/her wall, independently of the creator of the post @caller=@post.posted.profile Tuesday, February 21, 12

  32. Facebook (authorization constraints) • anybody (@caller) can read any post (@post) that is posted in his/her wall, independently of the creator of the post @caller=@post.posted.profile • anybody (@caller) can read any post (@post) that is posted in a wall when he/she is a friend of the owner of the wall and the audience selected is “Friends” Tuesday, February 21, 12

  33. Facebook (authorization constraints) • anybody (@caller) can read any post (@post) that is posted in his/her wall, independently of the creator of the post @caller=@post.posted.profile • anybody (@caller) can read any post (@post) that is posted in a wall when he/she is a friend of the owner of the wall and the audience selected is “Friends” @post.posted.profile.friends->includes(@caller) and @post.audience=‘Friends’ Tuesday, February 21, 12

  34. Facebook (authorization constraints) Tuesday, February 21, 12

  35. Facebook (authorization constraints) Tuesday, February 21, 12

  36. Facebook (authorization constraints) • anybody (@caller) can read any post (@post) that is posted in a wall, - when the audience selected is “Friends”, - he/she is a friend of somebody tagged on the post, - he/she is not blocked by the owner of the wall, and - the owner of the post happens to be the creator of the post Tuesday, February 21, 12

  37. Facebook (authorization constraints) • anybody (@caller) can read any post (@post) that is posted in a wall, - when the audience selected is “Friends”, - he/she is a friend of somebody tagged on the post, - he/she is not blocked by the owner of the wall, and - the owner of the post happens to be the creator of the post @post.audience=‘Friends’ and @post.tags.profiling.friends->includes(@caller) and @post.posted.profile.blocks->excludes(@caller) and @post.posted.profile=@post.creator Tuesday, February 21, 12

  38. Outline • Social Networks - Facebook - Privacy • Research project - Goals - Requirements • Preliminary results • Research plan Tuesday, February 21, 12

  39. Research plan Tuesday, February 21, 12

  40. Research plan • we have formalized, using SecureUML +OCL, the Facebook’s privacy policy for tagging and posting Tuesday, February 21, 12

  41. Research plan • we have formalized, using SecureUML +OCL, the Facebook’s privacy policy for tagging and posting - our understanding of this policy is based on the available information and our “experiments”. Tuesday, February 21, 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

xBook: Redesigning Privacy Control in Social xBook: Redesigning Privacy Control in Social

xBook: Redesigning Privacy Control in Social xBook: Redesigning Privacy Control in Social

xBook: Redesigning Privacy Control in Social xBook: Redesigning Privacy Control in Social Networking Platforms Networking Platforms Kapil Singh, Sumeer Bhola and Wenke Lee Social networking is growing 2 Privacy concerns are growing

779 views • 54 slides
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Ariel

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Ariel

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Ariel J. Feldman Princeton UPenn Joint work with: Aaron Blankstein, Michael J. Freedman, and Edward W. Felten Social Networking with

661 views • 27 slides
Kids and Social Networking Introduction Kids and Social Networking Social Networking sites play

Kids and Social Networking Introduction Kids and Social Networking Social Networking sites play

Learwood Middle School Parent Handbook Kids and Social Networking Introduction Kids and Social Networking Social Networking sites play an important role in connecting the lives of people. Research has shown that social media is the preferred

542 views • 9 slides
Privacy Crisis and Alternative Social Networking Sites: Empirical Findings and Critical

Privacy Crisis and Alternative Social Networking Sites: Empirical Findings and Critical

Privacy Crisis and Alternative Social Networking Sites: Empirical Findings and Critical Reflections Sebastian Sevignani Presentation at Communication, Crisis, and Critique in Contemporary Capitalism: Conference of the European Sociological

495 views • 11 slides
CS683 - Security and Privacy: Reviewing Computer Networking (2/2) Karim Eldefrawy

CS683 - Security and Privacy: Reviewing Computer Networking (2/2) Karim Eldefrawy

CS683 - Security and Privacy: Reviewing Computer Networking (2/2) Karim Eldefrawy keldefrawy@usfca.edu Universit of San Francisco Overview of Networking, TCP/IP Stack, ARP, IP 1 Networking Concepts Protocol Architecture (Stack or Suite)

1.59k views • 57 slides
Internet Privacy Options Options Other Issues Networking Sirindhorn International Institute of

Internet Privacy Options Options Other Issues Networking Sirindhorn International Institute of

Networking Privacy Options The Internet Internet Security Internet Privacy Options Options Other Issues Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014

805 views • 38 slides
Privacy-Enabling Social Networking Over Untrusted Networks Jonathan Anderson, Claudia Diaz * ,

Privacy-Enabling Social Networking Over Untrusted Networks Jonathan Anderson, Claudia Diaz * ,

Privacy-Enabling Social Networking Over Untrusted Networks Jonathan Anderson, Claudia Diaz * , Joseph Bonneau and Frank Stajano {jonathan.anderson,joseph.bonneau,frank.stajano}@cl.cam.ac.uk claudia.diaz@esat.kuleuven.be Computer Laboratory *

574 views • 54 slides
Social Networking and Mobile Learning Outcome : To identify the benefits of incorporating social

Social Networking and Mobile Learning Outcome : To identify the benefits of incorporating social

Social Networking and Mobile Learning Outcome : To identify the benefits of incorporating social networking tools in mobile learning. 1 Social Media Penetration Feb 2013 Source: wearesocial.sg; Social, digital, and mobile worldwide. February

343 views • 13 slides
Social Networking Trends and Social Networking Trends and Social Networking Trends and Social

Social Networking Trends and Social Networking Trends and Social Networking Trends and Social

Social Networking Trends and Social Networking Trends and Social Networking Trends and Social Networking Trends and Dynamics Detection Dynamics Detection via a Cloud via a Cloud- -based Framework Design based Framework Design Athena A h

734 views • 25 slides
Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy

Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy

Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy important? If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.

725 views • 31 slides
CS683- Security and Privacy: Overview of Computer Networking (1/2) Karim Eldefrawy

CS683- Security and Privacy: Overview of Computer Networking (1/2) Karim Eldefrawy

CS683- Security and Privacy: Overview of Computer Networking (1/2) Karim Eldefrawy keldefrawy@usfca.edu University of San Francisco A Good Text Book (if you need one) 1/24/18 Introduction 1-2 Networking Overview: Roadmap overview : our

1.34k views • 76 slides
The Value of Social: Comparing Open Student Modeling and Open Social Student Modeling Peter

The Value of Social: Comparing Open Student Modeling and Open Social Student Modeling Peter

The Value of Social: Comparing Open Student Modeling and Open Social Student Modeling Peter Brusilovsky, Sibel Somyurek, Julio Guerra, Roya Hosseini, Vladimir Zadorozhny, University of Pittsburgh Overview The past Why we are doing

651 views • 37 slides
What is LinkedIn? Which one is not like the others? Title: Social Networking vs. Social Media

What is LinkedIn? Which one is not like the others? Title: Social Networking vs. Social Media

What is LinkedIn? Which one is not like the others? Title: Social Networking vs. Social Media Business Trusted Closed LinkedIn vs. Facebook Consumer Open What is LinkedIn? 145m 2009 - 2011 110m 65m Complete Profile 1. A Current

561 views • 32 slides
SHOULD SOCIAL NETWORK COMPANIES CARE ABOUT USERS PRIVACY? Ral Pardo pardo@chalmers.se

SHOULD SOCIAL NETWORK COMPANIES CARE ABOUT USERS PRIVACY? Ral Pardo pardo@chalmers.se

SHOULD SOCIAL NETWORK COMPANIES CARE ABOUT USERS PRIVACY? Ral Pardo pardo@chalmers.se @raparuldo OUTLINE Define privacy Look at privacy issues in Social Network Sites (SNS) Ethically Theoretically (Informational

296 views • 25 slides
Social Networking (A Summary) Presented by Gerald Bauer JB Systems, LLC Networking In The

Social Networking (A Summary) Presented by Gerald Bauer JB Systems, LLC Networking In The

Social Networking (A Summary) Presented by Gerald Bauer JB Systems, LLC Networking In The Digital Age Welcome Overview: History of Networking 7 Minutes of Facebook 7 Minutes of Linked In 7 Minutes of Blogging 7 Minutes of Q&A

310 views • 30 slides
Social Networking Sites In The Work Environment Developing criteria for successful application

Social Networking Sites In The Work Environment Developing criteria for successful application

Social Networking Sites In The Work Environment Developing criteria for successful application Andr Calero Valdez Anne Kathrin Schaar Martina Ziefle Agenda Demographic change and changes in employment biographies Social Networking

288 views • 28 slides
Building a Scalable Recommender System with Apache Spark, Apache Kafka and Elasticsearch About

Building a Scalable Recommender System with Apache Spark, Apache Kafka and Elasticsearch About

Nov / 14 / 16 Nick Pentreath Building a Scalable Recommender System with Apache Spark, Apache Kafka and Elasticsearch About @MLnick Principal Engineer, IBM Apache Spark PMC Focused on machine learning Author of Machine Learning

666 views • 53 slides
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1314 Chapter 18: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1314 Chapter 18: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1314 Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTML + HTTP CSS data request web server backend systems Chapter 18: 3 Web 1.0 Shorthand

1.09k views • 91 slides
Hacking Web Sites Cross Site Scripting Emmanuel Benoist Fall Term 2020/2021 Berner

Hacking Web Sites Cross Site Scripting Emmanuel Benoist Fall Term 2020/2021 Berner

Hacking Web Sites Cross Site Scripting Emmanuel Benoist Fall Term 2020/2021 Berner Fachhochschule | Haute ecole sp ecialis ee bernoise | Berne University of Applied Sciences 1 Table of Contents Presentation Stored XSS Reflected

792 views • 50 slides
Real World Java Web Security Java User Group Karlsruhe Dominik Schadow | bridgingIT Who thinks

Real World Java Web Security Java User Group Karlsruhe Dominik Schadow | bridgingIT Who thinks

Real World Java Web Security Java User Group Karlsruhe Dominik Schadow | bridgingIT Who thinks about architecture while coding? architecture before coding? Who thinks about security while coding? security before

738 views • 70 slides
Natural experiments in online social network assembly Abigail Jacobs | University of Colorado

Natural experiments in online social network assembly Abigail Jacobs | University of Colorado

Natural experiments in online social network assembly Abigail Jacobs | University of Colorado Boulder IC2S2 | June 25, 2016 + Sam Way (Colorado), Johan Ugander (Stanford), Aaron Clauset (Colorado) Assembling thefacebook: using heterogeneity to

661 views • 37 slides
Presenters: Courtney Crowley, Digital Marketing Specialist Emily OMalley, Digital Marketing

Presenters: Courtney Crowley, Digital Marketing Specialist Emily OMalley, Digital Marketing

Presenters: Courtney Crowley, Digital Marketing Specialist Emily OMalley, Digital Marketing Specialist Facebooks History Mark Zuckerberg founded the platform in 2004 for Harvard University students. Within 24 hours of launching the

524 views • 23 slides
Crypto developments A bit about me Daniel J. Bernstein Designer of: qmail , used by Yahoo

Crypto developments A bit about me Daniel J. Bernstein Designer of: qmail , used by Yahoo

Crypto developments A bit about me Daniel J. Bernstein Designer of: qmail , used by Yahoo Research Professor, to handle Internet mail; University of Illinois at Chicago tinydns , used by Facebook Hoogleraar, to publish server

625 views • 43 slides
Todays Agenda Introduction Adwerx Social Media REsource Agent Icon Lalapoint

Todays Agenda Introduction Adwerx Social Media REsource Agent Icon Lalapoint

Todays Agenda Introduction Adwerx Social Media REsource Agent Icon Lalapoint BHHS Forever Cloud The 4 th Industrial Revolution When Was The Internet Invented? 1969 ARPANET 1989 - World Wide Web When Was Google

366 views • 17 slides

More recommend