Post on 25-Feb-2016
description
transcript
A Policy Based Infrastructurefor Social Data Access
with Privacy GuaranteesTim Finin (UMBC) for:
Palanivel Kodeswaran (UMBC) Evelyne Viegas (Microsoft Research)
POLICY 2010, Fairfax VA21 July 2010
http://ebiquity.umbc.edu/paper/html/id/493/
Connected Data• We “leave” our digital
footprints online in discussion forums, social networks, web searches
• Copying and sharing Data is easy
• Users have no control over how their data is used and inferences that can be made based on their data
Personalization
Garden Veggie with minimal
cheese
Personalization?
That’s not enough running!!
Sub: Insurance RenewalDear John,In reviewing your record, we have decided to increase your premium to better serve your needs and that of your family.
User Control over Private Data
There is a need for a framework in which users can specify their privacy preferences in terms of who can access their data and how it can be used
Sticky Policy
Phone Number
Phone number can be used for emergency contact
Phone number can’t be used for marketing
Data Sharing for Scientific Research
• Large amounts of Data behind closed walls – Medical data, search data, finance data
• Trend continues with user generated data as well– Facebook, Health Vault
• Researchers can benefit from access to this data– User trends, epidemiology models, search ranking– Most research can be performed with aggregate data
• But remember the AOL fiasco
Policy Based Infrastructure
We’ve describe a policy-based infrastructure that– Allows users to specify who can access what and
why – Adds additional access modes for releasing data
at different granularities– Extends the traditional binary semantics of
access control viz. allow/deny with emerging privacy preserving analysis techniques
Complete Access
Facebook FriendsHealth Vault Custodian & Invitee
Picture from [ars]
Access to the complete and detailed data
Abstract Access
Financial Websites like Covester allow sharing abstract portfolio information
Google Latitude for location information
Picture from [gpsobsessed]
Access to data encoded using more general,abstract concepts, e.g., in Baltimore asopposed to at given lat-lon coordinates
Statistical AccessUser trends in search data using differential privacy
The number of distinct users searching over the duration of a day at different epsilon levels
C. Dwork, Differential privacy, Int. Col. Automata, languages and programming, pp. 1-12, Springer, 2006.
Example Policies
Alice says ?Bob can readCompleteAccess /MyHealth
if ?Bob is PrimaryPhysician
Alice says ?Bob can readAbstractAccess /MyFinance
if ?Bob is InvestorFriend
MS says ?Bob can readStatisticalAccess /SearchData
if ?Bob is Researcher