Seminar on Control, Trust, and Privacy on the Social and Semantic Web[go to overview]
Summer Term 2009
- Course no.: 0401040
- Time: Tue 2pm - 4pm
- Room: F330.
- Target audience: Diplom/Master/Bachelor Inf/CV
- Course information in Klips
- Link to post your contribution Here
|Query for meta knowledge||30/06/09||14/07/09||Simon|
|Authentication using FOAF+SSL||07/07/09 PDF||21/07/09||Simon|
|Privacy in Social Networks||07/07/09||21/07/09||Maciej|
|Logical Aproach to Privacy-Aware Access||14/07/09 PDF||28/07/09||Noam|
|Anonymity on the web||14/07/09 PDF||28/07/09||olaf|
|Trust in P2P Networks||21/07/09||04/08/09||Olaf|
|Trust in Social Networks||21/07/09||04/08/09||Maciej|
Nowadays we live in a "web of data." Social web applications are present in our everyday life. We entrust them with such information as our private data, information about our friends, pictures, or our opinions. Semantic annotation of data - that is knowledge expressed in a machine understandable way, in contrast to the current document and user centric web - is increasingly used in web applications. It allows for better sharing of information across different systems as well as improving search and retrieval capabilities. However, the increasing number of semantically enabled and social applications leads to privacy issues, a loss in control over our data and issuest with trust in acquired information.
This seminar will focus on addressing problems with managing data in social and semantic web. Sessions will focus around the three key issues: controlling information flow, establishing trust in information and maintaining privacy.
Problems in trust, control and privacy of information are strongly connected to each other. Trust is an important factor in interpreting data, as nowadays anyone can publish information on the web. Trustworthiness of data can be analysed using its provenance -- establishing data origin (who created it) as well as the path that was used to acquire it (who manipulated it). More formally, provenance is metadata describing the creation, modification history, ownership, and other influences of data. Proper control mechanisms utilize such metadata to determine who can access information, what part of it is visible or even how it can be propagated. Privacy control, on one hand can be just an implementation of a specific control policy, but it may reach further as data is forwarded to agents which are able to interpret, combine, and act on information from multiple sources. In such cases we may analyze how to control the destiny of data by defining permission setups to the destination nodes, or - from a future perspective - verify whether access rights have not been violated. In this seminar, we will study state-of-the-art solutions and current research in these areas.
- Attendance at seminar meetings and participation in discussions.
- Presentation about selected topic (30 min) followed by discussion (about 15 min).
- Presentation is based on one or more research papers (almost all in English). Slides must be in English, but presentation itself can be in English or German.
- Written paper (10-15 pages) on presented topic. Format style: Springer Verlag LNCS. First version of paper should be prepared 2 weeks before the presentation for the review by 2 peers from the seminar and by the lecturer. Final version of the paper must be delivered within 2 weeks after the presentation.
- Peer review of 2 papers prepared and presented by other students.
Query Evaluation Control
An important goal of security in information systems is confidentiality. A confidentiality policy specifies which users should be forbidden to acquire what kind of information. Controlled query evaluation (CQE) preserves confidentiality in information systems at runtime. At each query, a censor checks whether the answer would enable the user to know some confidential information.
J. Biskup, L. Wiese, Preprocessing for controlled query evaluation with availability policy. Journal of Computer Security 16(4), pages 477-494, IOS Press, Amsterdam, 2008.
J. Biskup, T. Weibert: Keeping Secrets in Incomplete Databases. International Journal of Information Security 7(3), pages 199-217, Springer, 2008.
J. Biskup, P.A. Bonatti: Controlled query evaluation for known policies by combining lying and refusal In Annals of Mathematics and Artificial Intelligence, 40, , pp. 37-62, 2004, Kluwer Academic Publishers.
Inference Control in Logic Databases
Controlled query evaluation for logic-oriented information systems provides a model for the dynamic enforcement of confidentiality policies. By modeling a user's a priori knowledge appropriately, Controlled Query Evaluation not only controls access to certain database entries but also accounts for information inferred by the user, i.e. users are able to reason about a priori knowledge and the answers to previous queries.
J. Biskup, D.W. Embley, J.-H. Lochner, Reducing inference control to access control for normalized database schemas, Information Processing Letters 106 (2008), pages 8-12.
C. Aybar, M. Amihai: Why Is this User Asking so Many Questions? Explaining Sequences of Queries. DBSec 2004: 159-176
J. Biskup, Folgerungskontrolle zum Schutz von Informationen, digma -- Zeitschrift für Datenrecht und Informationssicherheit 6,4 (2008), pages 28-33.
Farkas, S. Jajodia: The inference problem: a survey. SIGKDD Explor. Newsl. 4, 2 (Dec. 2002), 6-11.
Inference Control (Semantic Web)
Context sharing among agents should be made privacy-conscious. Privacy preferences are generally specified to regulate the exchange of the information, where who have rights under what conditions to see what information. The inference problem occurs when sensitive information can be inferred from non-sensitive data by iteratively applying the inference rules. Therefore, the problem of inference control is a crucial need for protecting confidential information.
- C. Farkas, “Data Confidentiality on The Semantic Web: Is There an Inference Problem?,” book chapter in Web and Information Security, Editors E. Ferrari and B. Thuraisingham, Idea Group Inc., 2005.
- J. Lu, J. Wang, Y. Zhang, B. Zhou, Y. Li, Z. Miao - An Inference Control Algorithm for RDF(S) Repository. In PAISI pp. 262-268, 2007.
- A. Jain, C. Farkas. Secure resource description framework: an access control model. In Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies (Lake Tahoe, California, USA, June 07 - 09, 2006). SACMAT '06. ACM, New York, NY, 121-129.
- An, X., Jutla, D., and Cercone, N. 2006. Dynamic inference control in privacy preference enforcement. In Proceedings of the 2006 international Conference on Privacy, Security and Trust: Bridge the Gap between PST Technologies and Business Services (Markham, Ontario, Canada, October 30 - November 01, 2006). PST '06, vol. 380. ACM, New York, NY, 1-10.
- Xiangdong An, Dawn N. Jutla, Nick Cercone: Auditing and Inference Control for Privacy Preservation in Uncertain Environments. EuroSSC 2006: 159-173
Representing Access Control Models in OWL
Security and privacy are important components of the Semantic Web; the need for research in this area is widely recognized. In this topic, you will study the relationship between the Web Ontology Language (OWL) and different access control model as Role Based Access Control (RBAC) or Atribute Based Access Control (ABAC) model. Although OWL is a web ontology language and not specifically designed for expressing authorization policies, it has been used successfully for this purpose in previous work.
- Tim Finin, Anupam Joshi, Lalana Kagal, Jianwei Niu, Ravi Sandhu, William H Winsborough, and Bhavani Thuraisingham. ROWLBAC - Representing Role Based Access Control in OWL. Proceedings of the 13th Symposium on Access control Models and Technologies, June 2008
- A Role and Attribute Based Access Control System Using Semantic Web Technologies, Park, J.S. and Sandhu, R. and Ahn, G.J., ACM Transactions on Information and System Security, volume 4, pages 37-71, year 2001
- Supporting attribute-based access control with ontologies, Priebe, T. and Dobmeier, W. and Kamprath, N., Proceedings of the First International Conference on Availability, Reliability and Security (ARES’06), IEEE Computer Society, pages 465-472, year 2006
Querying for Meta Knowledge (assigned to Nadine K.)
When aggregating and querying data from multiple sources, we need to track where a particular piece of information comes from. Moreover, if we can infer new knowledge from this aggregation - as is the case with expressive knwledge representation languages - we also need to track, how the new knowledge is composed. Meta Knowledge refers to such information as source, trust degree or confidence in information, which can be tracked when aggregating knowledge.
- Bernhard Schueler, Sergej Sizov, Steffen Staab, Duc Thanh Tran: Querying for Meta Knowledge. WWW2008 2008. ACM. Bejing, China.
- Proceedings of the 17th International World Wide Web Conference. Simon Schenk: On the Semantics of Trust and Caching in the Semantic Web. 2008. ISWC2008: 7th International Semantic Web Conference.
Trust negotiation (assigned to Andreas H.)
Trust negotiation is the rule based negotiation of access rights to particular resources. For example, a personal ID might be needed to access a resource. This ID in turn is only disclosed to state officers, which first need to authenticate themselves to the original requester. Various rule based mechanisms exist to formalize and evaluate these trust negotiation problems.
- Bistarelli, S., Martinelli, F., and Santini, F. 2008. Weighted Datalog and Levels of Trust. In Proceedings of the 2008 Third international Conference on Availability, Reliability and Security - Volume 00 (March 04 - 07, 2008). ARES. IEEE Computer Society, Washington, DC, 1128-1134. DOI= http://dx.doi.org/10.1109/ARES.2008.197
- Juri L. De Coi and Daniel Olmedilla. A flexible policy-driven trust negotiation model. In IEEE/WIC/ACM International Conference on Intelligent Agent Technology, Silicon Valley, November 2007. IEEE Computer Society.
Trust in social networks (assigned to Zebaze M.)
Social networking has become a major trend in the web and trust in social contacts is a major issue. It is important to understand and define, what users mean when say that they trust someone and how much they trust them. We can rely only on information provided by users in profiles, their actions, opinions and overall structure of the social network. We can use several metrics to measure and express different aspects of trust. Question is: what is specific and important for trust in social networks, how it incorporates semantics (in what sense)?
Jennifer Golbeck. Trust and Nuanced Profile Similarity in Online Social Networks. ACM Transactions on the Web, 2008.
Cai-Nicolas Ziegler, Jennifer Golbeck. Investigating Interactions of Trust and Interest Similarity. Decision Support Systems 43 (2), pp. 460-475, February 2007; Elsevier Science.
Alternate title: "Investigating Correlations of Trust and Interest Similarity"
Donovan Artza, Yolanda Gil: A survey of trust in computer science and the Semantic Web. 2007 Journal of Web Semantics: Science, Services and Agents on the World Wide Web (vol. 7 issue 1)
Trust in Peer-To-Peer Networks (assigned to Marek L.)
The quality of service in collaborative systems, like in a peer-to-peer network, depends highly on the participation of each user. Malicious users may easily compromise or significantly influence such a system. Hence, trust plays an important role.
Runfang Zhou, Kai Hwang. PowerTrust: A Robust and Scalable Reputation System for Trusted Peer-to-Peer Computing. IEEE Transactions on Parallel and Distributed Systems. 2006
Kumari, Reddy, Devi, Kalidindi, Raju. Credibility Based Corrective Mechanism for Reputation Computation in Peer-to-Peer Communities. International Journal of Computer Science and Network Security. 2008
Gia Hen Nguyen, Philippe Chatalic, Christine Rousset. A probabilistic trust model for semantic peer to peer systems. Proceedings of the 2008 international workshop on Data management in peer-to-peer systems
Kevin Hoffman, David Zage, Cristina Nita-Rotaru. A Survey of Attack and Defense Techniques for Reputation Systems ACM Computing Surveys, 2008
Sepandar D. Kamvar, Mario T. Schlosser, Hector Garcia-Molina. The Eigentrust algorithm for reputation management in P2P networks. 12th International World Wide Web Conference (WWW 2003), Budapest, Hungary, 2003
Privacy persevering can prevent unauthorized access to confidential information and services further to being a hindrance for disclosure of private personal information. Important questions are how users can provide or limit access to confidential information, what benefits they might receive in exchange for a bit of information, and how they perceive the value of those benefits.
Nematzadeh, L. Pournajaf: Privacy Concerns of Semantic Web, In ITNG '08: Proceedings of the Fifth International Conference on Information Technology: New Generations}, (2008), pages 1272-1273.IEEE Computer Society. Washington, DC, USA.
Miller, J. 2008. Who Are You? The Trade-Off between Information Utility and Privacy. IEEE Internet Computing 12, 4 (Jul. 2008), 93-96.
Chander, A., Gelman, L., and Radin, M. 2008 Securing Privacy in the Internet Age. 1st. Stanford University Press.
Foaf +TSL / FOAF + SSL (assigned to Alexandra W.)
FOAF+SSL is a authentication and authorization protocol that links a Web ID to a public key, thereby enabling a global, decentralized/distributed, and open yet secure social network. It functions with existing browsers.
It uses PKI standards — usually thought of as hierarchical trust management tools — in a decentralized "web of trust" way. The web of trust is built using semantic web vocabularies (particularly FOAF) published in RESTful manner to form Linked Data.
- Resources available at http://esw.w3.org/topic/foaf+ssl and blog entries on http://blogs.sun.com/bblfish/ .
Privacy in Social Networks (assigned to Andreas Z.)
Social networks are great to participate in different communities, without being physically present in different places. But when joining such networks we give up some or our privacy -- by adding information to profiles, posting opinions or photos. Moreover, due to popularity of social applications, users became more often targets of identity attacks. Are we really aware of it and can we manage our privacy? What is possible to protect the privacy, and what seems only to be illusion of privacy?
Elena Zheleva and Lise Getoor. To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. (WWW 2009)
Anna Squicciarini, Mohamed Shehab and Federica Paci. Collective Privacy Management in Social Networks. (WWW 2009)
L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks, 18th International World Wide Web Conference (WWW 2009), Madrid, April 2009
A Logical Approach to Privacy-Aware Access to Data (assigned to Dennis F.)
From the idea of answering query in Description Logic using pre-computed view describe in the paper , you work will be to extend this method with a mechanism develop in  to extract a authorization view. This idea will be to adapt the solution which exists in the database community for the semantic web. This topic can be the first step for a bachelor or master thesis.
Diego Calvanese, De Giacomo, Giuseppe, Maurizio Lenzerini, Riccardo Rosati. View-based Query Answering over Description Logic Ontologies. Proc. of the 11th Int. Conf. on the Principles of Knowledge Representation and Reasoning (KR 2008), pages 242-251,2008
Zheng Zhang, Alberto O. Mendelzon. Authorization Views and Conditional Query Containment.Database Theory ICDT 2005, pages 259-273, 2005
Query re-writing for enable Access Control
Semantic Web databases allow efficient storage and access to RDF statements. Applications are able to use expressive query languages in order to retrieve relevant metadata to perform different tasks. However, access to metadata may not be public to just any application or service. Unfortunately, current RDF stores do not provide fine-grained protection. In this topic, you will study a specific technique, called query rewriting. Those techniques consist in extending the query with statement based on expressive policies in order to protect access to the data.
F. Abel, JL De Coi, N. Henze, A.W. Koesling, D. Krause, D. Olmedilla, Enabling Advanced and Context-Dependent Access Control in RDF stores, 6th International Semantic Web Conference (ISWC 2007), Busan, Korea, 2007
Bernardo Cuenca Grau and Ian Horrocks. Privacy-Preserving Query Answering in Logic-based Information Systems. Proc. of the 18th Conference on Artificial Intelligence(ECAI~2008), 2008
Li, J. and Cheung, W. K. 2008. Query Rewriting for Access Control on Semantic Web. In Proceedings of the 5th VLDB Workshop on Secure Data Management (Auckland, New Zealand, August 24 - 24, 2008). W. Jonker and M. Petković, Eds. Lecture Notes In Computer Science, vol. 5159. Springer-Verlag, Berlin, Heidelberg, 151-168. DOI= http://dx.doi.org/10.1007/978-3-540-85259-9_10
Distributed Authorization in P2P
A common challenge in fully distributed storage systems is the management of access rights. Several techniques to ensure the aware-privacy control in such system were proposed in the recent years. Some of them allow the reasoning through the authorization.
Winslett, M., Zhang, C. C., and Bonatti, P. A. 2005. PeerAccess: a logic for distributed authorization. In Proceedings of the 12th ACM Conference on Computer and Communications Security (Alexandria, VA, USA, November 07 - 11, 2005). CCS '05. ACM, New York, NY, 168-179. read here
Koc, E. and Baur, M. and Caronni, G. 2007. PACISSO: P2P Access Control Incorporating Scalability and Self-Organization for Storage Systems. Never published can be read here
Anonymity on the web (assigned to Sin Mei Mak)
Tracking user activity on the internet is becoming much easier as more and more sensitive user information is stored at different places. Moreover, new laws are made to gather even more private information which might be useful for different federal investigations. This leads to a new unmatched transparency not everyone wants to be part of. As a countermeasure, different techniques for protecting one's anonymity on the web have evolved in recent years.
George Danezis, Claudia Diaz. A survey of anonymous communication channels. Journal of Privacy Technology. 2008
Roger Dingledine and Nick Mathewson. Anonymity Loves Company: Usability and the Network Effect. In Proceedings of the Fifth Workshop on the Economics of Information Security (WEIS 2006)
Roger Dingledine, Nick Mathewson, Paul Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium. 2004