Privacy preference mechanisms in Personal Data Storage (PDS).

In this thesis, we study frameworks for managing user's privacy when disclosing personal data with third parties from Personal Data Storage (PDS). PDS is a secure digital space which allows individuals to collect, store, and give access to third parties. So, PDS has inaugurated a substantial change to the way people can store and control their personal data, by moving from a service-centric to a user-centric model. Up to now, most of the research on PDS has focused on how to enforce user privacy preferences and how to secure data stored into the PDS. In contrast, this thesis aims at designing a Privacy-aware Personal Data Storage (P-PDS), that is, a PDS able to automatically take privacy-aware decisions on third parties access requests in accordance with user preferences. This thesis first demonstrates that semi-supervised learning can be successfully exploited to make a PDS able to automatically decide whether an access request has to be authorized or not. Furthermore, we have revised our first contribution by defining strategies able to obtain good accuracy without requiring too much effort from the user in the training phase. At this aim, we exploit active learning with semi-supervised approach so as to improve the quality of the labeled training dataset. This ables to improve the performance of learning models to predict user privacy preferences correctly. Moreover, in the second part of the thesis we study how user's contextual information play a vital role in term of taking decision of whether to share personal data with third parties. As such, consider that a service provider may provide a request for entertainment service to PDS owner during his/her office hours. In such case, PDS owner may deny this service as he/she is in office. That implies individual would like to accept/deny access requests by considering his/her contextual information. Prior studies on PDS have not considered user's contextual information so far. Moreover, prior research has shown that user privacy preferences may vary based on his/her contextual information. To address this issue, this thesis also focuses to implement a contextual privacy-aware framework for PDS (CP-PDS) which exploits contextual information to build a learning classifier that can predict user privacy preferences under various contextual scenarios. We run several experiments on a realistic dataset and exploiting groups of evaluators. The obtained results show the effectiveness of the proposed approaches

Enhancing data privacy and security related process through machine learning

In this thesis, we exploit the advantages of Machine learning (ML) in the domains of data security and data privacy. ML is one of the most exciting technologies being developed in the world today. The major advantages of ML technology are its prediction capability and its ability to reduce the need for human activities to perform tasks. These benefits motivated us to exploit ML to improve users' data privacy and security. Firstly, we use ML technology to try to predict the best privacy settings for users, since ML has a strong prediction ability and the average user might find it difficult to properly set up privacy settings due to a lack of knowledge and subsequent lack of decision-making abilities regarding the privacy of their data. Besides, since the ML approach has the potential to considerably cut down on manual efforts by humans, our second task in this thesis is to exploit ML technology to redesign security mechanisms of social media environments that rely on human participation for providing such services. In particular, we use ML to train spam filters for identifying and removing violent, insulting, aggressive, and harassing content creators (a.k.a. spammers) from a social media platform. It helps to solve violent and aggressive issues that have been growing on social media environments. The experimental results show that our proposals are efficient and effective

Personal Data Stores (PDS): A Review

Internet services have collected our personal data since their inception. In the beginning, the personal data collection was uncoordinated and was limited to a few selected data types such as names, ages, birthdays, etc. Due to the widespread use of social media, more and more personal data has been collected by different online services. We increasingly see that Internet of Things (IoT) devices are also being adopted by consumers, making it possible for companies to capture personal data (including very sensitive data) with much less effort and autonomously at a very low cost. Current systems architectures aim to collect, store, and process our personal data in the cloud with very limited control when it comes to giving back to citizens. However, Personal Data Stores (PDS) have been proposed as an alternative architecture where personal data will be stored within households, giving us complete control (self-sovereignty) over our data. This paper surveys the current literature on Personal Data Stores (PDS) that enable individuals to collect, control, store, and manage their data. In particular, we provide a comprehensive review of related concepts and the expected benefits of PDS platforms. Further, we compare and analyse existing PDS platforms in terms of their capabilities and core components. Subsequently, we summarise the major challenges and issues facing PDS platforms’ development and widespread adoption

Privacy preference mechanisms in Personal Data Storage (PDS).

In this thesis, we study frameworks for managing user's privacy when disclosing personal data with third parties from Personal Data Storage (PDS). PDS is a secure digital space which allows individuals to collect, store, and give access to third parties. So, PDS has inaugurated a substantial change to the way people can store and control their personal data, by moving from a service-centric to a user-centric model. Up to now, most of the research on PDS has focused on how to enforce user privacy preferences and how to secure data stored into the PDS. In contrast, this thesis aims at designing a Privacy-aware Personal Data Storage (P-PDS), that is, a PDS able to automatically take privacy-aware decisions on third parties access requests in accordance with user preferences. This thesis first demonstrates that semi-supervised learning can be successfully exploited to make a PDS able to automatically decide whether an access request has to be authorized or not. Furthermore, we have revised our first contribution by defining strategies able to obtain good accuracy without requiring too much effort from the user in the training phase. At this aim, we exploit active learning with semi-supervised approach so as to improve the quality of the labeled training dataset. This ables to improve the performance of learning models to predict user privacy preferences correctly. Moreover, in the second part of the thesis we study how user's contextual information play a vital role in term of taking decision of whether to share personal data with third parties. As such, consider that a service provider may provide a request for entertainment service to PDS owner during his/her office hours. In such case, PDS owner may deny this service as he/she is in office. That implies individual would like to accept/deny access requests by considering his/her contextual information. Prior studies on PDS have not considered user's contextual information so far. Moreover, prior research has shown that user privacy preferences may vary based on his/her contextual information. To address this issue, this thesis also focuses to implement a contextual privacy-aware framework for PDS (CP-PDS) which exploits contextual information to build a learning classifier that can predict user privacy preferences under various contextual scenarios. We run several experiments on a realistic dataset and exploiting groups of evaluators. The obtained results show the effectiveness of the proposed approaches

Learning Privacy Habits of PDS Owners

The concept of Personal Data Storage (PDS) has recently emerged as an alternative and innovative way of managing personal data w.r.t. the service-centric one commonly used today. The PDS offers a unique logical repository, allowing individuals to collect, store, and give access to their data to third parties. The research on PDS has so far mainly focused on the enforcement mechanisms, that is, on how user privacy preferences can be enforced. In contrast, the fundamental issue of preference specification has been so far not deeply investigated. In this paper, we do a step in this direction by proposing different learning algorithms that allow a fine-grained learning of the privacy aptitudes of PDS owners. The learned models are then used to answer third party access requests. The extensive experiments we have performed show the effectiveness of the proposed approach