Semantics for Privacy and Context

Tim FininUniversity of Maryland, Baltimore County

Joint work with

Anupam Joshi, Prajit Das, Primal Pappachan,Eduado Mena and Roberto Yus

http://ebiq.org/r/363

The plot outline• Today’s focus on big data requires semantics

→ Variety → Need for integration & fusion → Must understand data semantics→ Use semantic languages & tools (reasoners, ML)→ Have shared ontologies & background knowledge

• Relevance to privacy and security – Protect personal information, esp. in mobile/IOT– Understanding and using context is often useful if not

critical– Security relevant as as intrusions lead to loss of

privacy

Use Case ExamplesWe’ve used semantic technologies in support of assured information tasks including– Representing & enforcing information sharing policies– Negotiating for cloud services respecting organizational

constraints (e.g., data privacy, location, …)– Modeling context for mobile users and using this to

manage information sharing– Acquiring, using and sharing knowledge for

situationally-aware intrusion detection systemsKey technologies include Semantic Web languages (OWL, RDF) and tools and information extraction from text

Context-Aware Privacy & Security

• Smart mobile devices know a great deal abouttheir users, including their current context

• Sensor data, email, calendar, social media, …• Acquiring & using this knowledge helps

them provide better services• Context-aware policies can be used to limit

information sharing as well as to control theactions and information access of mobile apps

• Sharing context with other users, organizationsand service providers can also be beneficial

• Context is more than time and GPS coordinates

We’re in a two-hour budget meeting at X with A, B and C

We’re in a impor-tant meeting

We’re busy

http://ebiq.org/p/589

Simple Context Ontology• Light-weight, upper level

context OWL ontology• Centered around the

concepts for: users, conceptual places, geo-places, activities, roles, space, and time

• Conceptual places such as at work and at home

• Activities occur at places & involve users filling roles

• LOD resources provide background knowledge

Context / situation recognition

Train Classifiers

Decision TreesNaïve Bayes

SVM

Feature Vector

Time, Noise level in db (avg, min, max), accel 3 axis (avg,

min, max, magnitude, wifis, …

Train HMM models

Context-aware Privacy PoliciesWe use declarative policies that can access the user’s profile and context model for privacy and security• One use is to control what information we

share with whom and in what context• Another is to control the actions that an app

can take (e.g., enable camera, access SD card) depending on the context

• A third is to obfuscate some shared information (e.g., location)

Context-aware Policies for Sharing

Android's policies are limited• Privacy controls in existing

applications are limited– Friends Only and Invisible restrictions common– Not context-dependent but static and pre-

determined

• Controls to share other data largely non-existent

Context-aware Policies for Sharing

Android's policies are very limited• Privacy controls in existing location

sharing applications are limited– Friends Only and Invisible restrictions common– Not context-dependent but static and pre-

determined

• Controls to share other data largely non-existent

Static Information

Aspects of Context

Generalization of Context

Temporal Restrictions

Context Restrictions

Requester’s Context

Location Generalization

GeoNames spatial containment knowledge from the LOD cloud is used when populating the KB–Share my location with manager on weekdays from

9am-5pm• User’s exact location in terms of GPS co-ordinates is

shared

The user may prohibit sharing GPS co-ordinates but permit sharing city-level location

–Share my building-wide location with co workers not in my team on weekdays from 9am-5pm

–Do not share location on weekends.

Location Generalization

GeoNames spatial containment knowledge from the LOD cloud is used when populating the KB–Share my location with teachers on weekdays

from 9am-5pm• User’s exact location in terms of GPS co-ordinates is

shared • The user may prohibit sharing GPS co-ordinates but

permit sharing city-level location–Share my building-wide location with teachers

on weekdays from 9am-5pm

Activity Generalization– Share my activity with friends on weekends

• User’s current activity shared with friends on weekends

• Share more generalized activity rather that precise• confidential project meeting => Office Meeting =>

Working => Busy, Date => Meeting Friends– User clearly needs to obfuscate certain pieces of

activity information to protect her context info– Share my public activity with friends on weekends

• Public is a visibility option

Activity Generalization– Share my activity with friends on weekends

• User’s current activity shared with friends on weekends

• Share more generalized activity rather that precise• confidential project meeting => Working, Date =>

Meeting– User clearly needs to obfuscate certain pieces of

activity information to protect her context info– Share my public activity with friends on weekends

• Public is a visibility option

Context-aware power management • Maintaining context model uses power• We empirically determine power usage for a

phone’s sensors and use this for optimization

Context-aware power management

• Maintaining the context model use power• We developed an accurate power models for a

phone’s sensors and use this for optimization

When updating context model1. Only enable sensors required by policy, reuse

recent sensor readings whenever appropriatee.g., disable GPS sensor when at home in evening

2. Prefer sensors with lower energy footprint or already in use when several available

e.g., Choose Wifi to GPS for location at office during day3.Reorder rule conditions to reduce energy use

e.g., Check conditions requiring no sensor access first

http://ebiq.org/p/632

Collaborative Context Sharing• Like Blanche DuBois, we have always depended

on the kindness of strangers• We are cooperative & ask one another for info.

–Stanger on the street: Does this bus go to the aquarium?–Random classmate in next seat: When is HW6 due?

• Devices can use ad hoc networks (e.g., Bluetooth) to query nearby devices for desired information

• Each device uses a policy for what triples it’s willing to share with whom in what context

• Mobile Ad Hoc Knowledge Network

Collaboratively Constructed Contexts

• A co-located group of devices can collaborate to share some context information

–Exploit their different sensors and context detection/modeling capabilities

–Consensus modeling can improve accuracy and overcome errors & malicious misinformation

• Policies and context determine what to share with whom and in what context

• We’ve designed an approach to detect/create groups and share information and used an Android prototype for simple evaluations

Collaborative Context Use Case

Four GCC students with five devices in GCC library. All what to know where they are and what they’re doing

Collaborative Context Use Case

Abed, Annie & Jeff are in a study group. Jeff has a phone and tablet. Pierce just happens to be there.

Collaborative Context Use Case

Jeff’s phone knows it in room 7 and that he’s talking; Annie’s tablet think’s she’s at home.

Context Sharing

With help from context synthesizers, participants can have an appropriate consensus model• Study group (Abed, Annie, Jeff): “study group

about Spanish, duration of one hour, partici-pants: Jeff, Abed, Annie”

• In room (all): “in study room 7, in Greendale Community College, temp: 25oC, lights on”

• Jeff's devices: + "heart_rate:70bpm"

Context Ontology• Assume devices

use a shared, ontology for context

• Prototype uses JFact for DL reasoning on Android devices

Architecture

• Context providers have information to share

• Context synthesizers integrate, de-conflict & enrich data

• Prototype uses secure communication over Bluetooth

Context Groups• Context synthesizer

recognizes groups and creates default groups

• Predefined (e.g., ACM student chapter)

• Default groups created for identity, location and activity

• Provider’s own policies control what is shared with a group

Context integration and reconciliation

• coments

Faceblock

http://ebiq.org/p/666

Click image to play 80 second video or go to Youtube

Conclusion• Google’s new slogan: things, not strings• We can construct context models in semantic

languages using data from sensors, calendars and other sources

• Semantic policies for information sharing can manage what is shared with whom and in what context

• Additional protocols and infrastructure will permit dynamic collaborative context models

http://ebiq.org/r/363