visualizing privacy implications of access control
play

Visualizing Privacy Implications of Access Control Policies in - PowerPoint PPT Presentation

Jan 04, 2024 •31 likes •341 views

Visualizing Privacy Implications of Access Control Policies in Social Networks Mohd Anwar , Philip W. L. Fong , Xue-Dong Yang , Howard Hamilton University of Calgary, Alberta, Canada University of Regina, Saskatchewan,

  1. Visualizing Privacy Implications of Access Control Policies in Social Networks Mohd Anwar ∗ , Philip W. L. Fong ∗ , Xue-Dong Yang † , Howard Hamilton † ∗ University of Calgary, Alberta, Canada † University of Regina, Saskatchewan, Canada DPM 2009 Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 1 / 31

  2. Motivation In social networks, privacy settings allow users to choose access control policies Figure: Privacy Setting in Facebook What are the privacy implications of these policies? How do we help users assess topology-based policies? Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 2 / 31

  3. Related Work Privacy for Impression Management: Goffman 1961, Patil & Kobsa 2003 Privacy Preservation Model for Social Networks: Fong, Anwar, & Zhao 2009 Generating Social Graph: Chakrabarti et al. 2007 Visualization (Social Graph/Security Policies): Freeman 2000, Heer & boyd 2005, Reeder et al. 2008 Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 3 / 31

  4. Outline Privacy in Social Networks User Specified Policies in Facebook-style Social Network Systems (FSNS) Topology-based Policies Reflective Policy Assessment (RPA) Tool Support for RPA Issues & Discussions Work in Progress Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 4 / 31

  5. Privacy in Social Networks Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 5 / 31

  6. What is Privacy? Purpose of privacy is impression management ◮ Control the impression that other people form Control over what impression one wants to convey to whom ◮ What profile items to present to whom? ◮ e.g. disclose the sorority photos to only friends, but siteseeing photos to everybody Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 6 / 31

  7. Privacy and Access Control Policies Impression is conveyed according to relationship Relationship can be encoded into the topology of a graph (e.g. social graph) Therefore, topological access control policies help users control impression Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 7 / 31

  8. User Specified Policies in FSNS Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 8 / 31

  9. Search, Traversal, and Access Policies Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 9 / 31

  10. Communication Policies To initiate a communication primitive Search Policy Traversal Policies of receiver Global Traverse Social Graph Name Search Stage I Reach receiver’s search listing Communication Policy Stage II of communication primitive Communication Primitive Communication event occurs Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 10 / 31

  11. Topology-based Policies Facebook offers more general topology-based policies: “ only friends” and “friends of friends” Richer form of acquantance relationships can be represented: Figure: 5-clique Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 11 / 31

  12. Topology-based Policies Figure: 3 common-friends Figure: distance 4 Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 12 / 31

  13. Anti-monotonic Policies Under an anti-monotonic policy, access becomes more difficult as the social graph becomes denser Disclosure of information only to those who do not know you well ◮ e.g. stranger ( ¬ distance k ) Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 13 / 31

  14. Reflective Policy Assessment (RPA) Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 14 / 31

  15. Idea of RPA A mirror allows us to see what others see when they look at us To create a desired impression, we repeatedly look into the mirror and adjust our getup The process of formulating access control policies is similar to what it takes to create a desired look A user needs to repeatedly assess and adjust their policies We propose that a profile owner inspect her profile from the view point of a potential accessor Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 15 / 31

  16. Privacy Dilemma with RPA A user must begin with identifying a potential accessor who is of interest to her. A potential accessor may not want her identity to be disclosed to the user conducting the policy assessment. This dilemma is rooted in the asymmetric nature of trust. . . . i u . . . v n o t u - t r a v e r s a b l e To address this dilemma, we propose approximating the extended neighbourhood of a user. Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 16 / 31

  17. Tool Support for RPA Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 17 / 31

  18. Policy assessment is nontrivial Authorization depends on the existing topology of social graph Social Graph constantly changes, so do privacy needs It is nontrivial to comprehend the privacy consequence of adjusting privacy settings Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 18 / 31

  19. Proposed Tool To facilitate RPA, we devise a tool that visually depicts the extended neighbourhood allows the profile owner to point to any user in the extended neighbourhood as a potential accessor The tool displays a succinct representation of the profile, as seen from the eyes of the potential accessor Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 19 / 31

  20. Properties of Social Graph We use the following properties to establish the correctness of algorithm for generating social graph: Property 1. Given an origin, every neighbour of an interior node is reachable , and thus, no hidden edge can have an interior node as an end. Property 2. Suppose an origin is given. By definition, at least one end of each visible edge is an interior node. Therefore, no visible edge can join two fringe nodes . Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 20 / 31

  21. Graph Generation Algorithm 1. Construct a graph consisting of all reachable nodes and visible edges P r o p e r t y 1 May J o e Guy J o n O r i g i n L i z J o y Me L i n Bob Doe J a y Moe Ada M e l Interior ( r e a c h a b l e a n d t r a v e r s a b l e ) P r o p e r t y 2 F r i n g e ( r e a c h a b l e b u t n o n - t r a v e r s a b l e ) Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 21 / 31

  22. Graph Generation Algorithm 2. Temporarily remove all interior nodes and visible edges. J o e J o n Doe Moe Ada M e l Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 22 / 31

  23. Graph Generation Algorithm 3. Add n “synthetic nodes” in the social graph. J o e J o n Doe Moe Ada M e l Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 23 / 31

  24. Graph Generation Algorithm 4. Use R-MAT ( Chakrabarti et al. 2007 ) to randomly generate m “synthetic edges” J o e J o n Doe Moe Ada M e l Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 24 / 31

  25. Graph Generation Algorithm 5. Add back the interior nodes and visible edges removed in step 2, and return the resulting graph. Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 25 / 31

  26. Prototypical visualization tool May J o e Guy J o n L i z J o y Me L i n Bob Doe J a y Moe Ada p o t e n t i a l a c c e s s o r M e l C a n A c c e s s : Basic Information ( 4 - c l i q u e ) ( c o m m o n - f r i e n d - 2 ) Education & Work C a n T r a v e r s e T o : i n t e r e s t i n g a c c e s s s c e n a r i o s Moe, Doe, Joy C a n I n i t i a t e : Messaging Figure: The black node is the profile owner, the double-circled node depicts a potential accessor representing an interesting access scenario. Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 26 / 31

  27. Issues & Discussion Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 27 / 31

  28. No Information Leakage by RPA Visible edges are already accessible by the profile owner. Hidden edges do not take part in the policy assessment. Topological information revealed by RPA is either already available (visible edges) or anonymized (synthetic edges). Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 28 / 31

  29. RPA Recommends Access Scenarios Our visualization tool recommends nodes (potential accessors) that represent interesting access scenarios Based on the various profile appearances, partition the nodes into equivalence classes. ◮ Two nodes that (both satisfies and violates the same policy predicates) produce the same profile appearance belong to the same access scenario. Each equivalent class represents a distinct access scenario. The tool will selectively highlight a node if it corresponds to a novel access scenario. Mohd Anwar (UofC) Privacy Implications of Access Control Policies DPM 2009 29 / 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson DIG @ CSAIL Monday 12 July 2010 Alternate Definitions of Privacy In 1890, Brandeis and Warren defined privacy as the right to be let alone

541 views • 11 slides
Short Paper: WifiLeaks: Underestimated Privacy Implications of the ACCESS WIFI STATE Android

Short Paper: WifiLeaks: Underestimated Privacy Implications of the ACCESS WIFI STATE Android

Introduction User Survey Application Analysis Potential Solution and Conclusion Short Paper: WifiLeaks: Underestimated Privacy Implications of the ACCESS WIFI STATE Android Permission Jagdish Prasad Achara, Mathieu Cunche, Vincent Roca, and

714 views • 43 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Privacy Implications of Privacy Settings and Tagging in Facebook Stan Damen, Nicola Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook Stan Damen, Nicola Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook 1 Privacy Implications of Privacy Settings and Tagging in Facebook Stan Damen, Nicola Zannone Eindhoven University of Technology 10th VLDB Workshop on Secure Data Management

476 views • 19 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
Direct-to-Consumer Neurotechnology: Privacy Implications Deven McGraw, JD, MPH, LLM Partner

Direct-to-Consumer Neurotechnology: Privacy Implications Deven McGraw, JD, MPH, LLM Partner

Direct-to-Consumer Neurotechnology: Privacy Implications Deven McGraw, JD, MPH, LLM Partner Manatt, Phelps & Phillips, LLP August 20, 2014 Why do we care about privacy? 1 Without privacy protections, people will engage in privacy-

577 views • 8 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search Ph.D. Dissertation Defense Zeeshan Pervez Department of Computer Engineering Kyung Hee University, Global Campus, Korea email:

650 views • 24 slides
W3C Workshop on Access Control Application Scenarios November 17 th 2009 Luxembourg Outlines

W3C Workshop on Access Control Application Scenarios November 17 th 2009 Luxembourg Outlines

Laurent Bussard and Moritz Y. Becker Microsoft (EMIC and MSRC) W3C Workshop on Access Control Application Scenarios November 17 th 2009 Luxembourg Outlines Scenario: Privacy Policies and Preferences Links with Access Control Our

636 views • 17 slides
SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
= no shared accounts In open systems it should rely on authenticity of the information, in

= no shared accounts In open systems it should rely on authenticity of the information, in

Access Control Pierangela Samarati Dipartimento di Tecnologie dellInformazione Universit` a degli Studi di Milano e mail: samarati@dti.unimi.it FOSAD 2008 1 Privacy and Data Protection Pierangela Samarati c Access control It

1.41k views • 77 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Government and Big Data: Privacy Risks and Solutions Ontarios Access and Privacy Laws The

Government and Big Data: Privacy Risks and Solutions Ontarios Access and Privacy Laws The

Brian Beamish Information and Privacy Commissioner of Ontario January 26, 2017 Government and Big Data: Privacy Risks and Solutions Ontarios Access and Privacy Laws The Freedom of Information and Protection of Privacy Act (FIPPA) o

356 views • 17 slides
RAV premia and implications for the price control RAV premia and implications for the price

RAV premia and implications for the price control RAV premia and implications for the price

RAV premia and implications for the price control RAV premia and implications for the price control Ken Linge Finance Director Finance Director CE Electric UK Introduction Long-term businesses, but subj ect to regular short-interval L b

513 views • 16 slides
Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc

Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc

Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc Langheinrich Institut fr Pervasive Computing ETH Zrich Februar 11. 2006 ZiF-Workshop: Privacy and 1 Surveillance Technologies Privacy in Ubiquitous

573 views • 32 slides
Meeting and protocol Joseph Zennamo Your goal Our goal in DC is two fold: Advocate for

Meeting and protocol Joseph Zennamo Your goal Our goal in DC is two fold: Advocate for

Meeting and protocol Joseph Zennamo Your goal Our goal in DC is two fold: Advocate for High Energy Physics Make a good impression of our field The first is driven by the second, if you make a bad impression they will often times

113 views • 9 slides
Market Design in Display Advertising R. Preston McAfee Yahoo! Research - 1 - Yahoo!

Market Design in Display Advertising R. Preston McAfee Yahoo! Research - 1 - Yahoo!

Market Design in Display Advertising R. Preston McAfee Yahoo! Research - 1 - Yahoo! Confidential Display Advertising Impressions 2 11/2/2009 McAfee: Internet - 2 - Yahoo! Confidential Ad i i Display Advertising Contracts purchased

561 views • 9 slides
Social Psychology Session 9 SOCIAL PERCEPTION Lecturer: Dr. Peace Mamle Tetteh, Department of

Social Psychology Session 9 SOCIAL PERCEPTION Lecturer: Dr. Peace Mamle Tetteh, Department of

SOCI 323 Social Psychology Session 9 SOCIAL PERCEPTION Lecturer: Dr. Peace Mamle Tetteh, Department of Sociology Contact Information: ptetteh@ug.edu.gh College of Education School of Continuing and Distance Education 2014/2015

510 views • 27 slides
Bare-Bones Measurement Data Archiving Dave Plonka University of Wisconsin Madison DoIT

Bare-Bones Measurement Data Archiving Dave Plonka University of Wisconsin Madison DoIT

Bare-Bones Measurement Data Archiving Dave Plonka University of Wisconsin Madison DoIT & WAIL ISMA @ SDSC, June 3, 2004 Overview Our Data Archiving Namespaces Annotations Encoding / Anonymization / Obfuscation

310 views • 10 slides
Luatodonotes: Boundary Labeling for Annotations in Texts Philipp Kindermann Fabian Lipp

Luatodonotes: Boundary Labeling for Annotations in Texts Philipp Kindermann Fabian Lipp

Luatodonotes: Boundary Labeling for Annotations in Texts Philipp Kindermann Fabian Lipp Alexander Wolff Julius-Maximilians-Universitt Wrzburg September 24, Graph Drawing 2014 The following text is taken from the blindtext package for

668 views • 54 slides
Development of a true-3D animation of landscape formation and comparison to other geological

Development of a true-3D animation of landscape formation and comparison to other geological

Faculty of Environmental Sciences, Institute of Cartography Development of a true-3D animation of landscape formation and comparison to other geological visualization methods. Examples: Saxon Switzerland, Germany and Maule, Chile Joseph-Hermann

158 views • 12 slides
Arthur packets for unipotent representations Andrew Fiori and Qing Zhang of the p -adic

Arthur packets for unipotent representations Andrew Fiori and Qing Zhang of the p -adic

Arthur packets for unipotent representations of the p -adic exceptional group G 2 Clifton Cunningham, Arthur packets for unipotent representations Andrew Fiori and Qing Zhang of the p -adic exceptional group G 2 Objective Strategy G2

583 views • 36 slides
Verification System Martin Saveski 18 May 2010 Introduction Biometrics the use of

Verification System Martin Saveski 18 May 2010 Introduction Biometrics the use of

Development of an Automated Development of an Automated Fingerprint Fingerprint Verification System Verification System Martin Saveski 18 May 2010 Introduction Biometrics the use of distinctive anatomical and behavioral

380 views • 26 slides

More recommend