Challenges and Opportunities in Applying Semantics to Improve Access Control in the Field of Internet of Things

The increased number of IoT devices results in continuously generated massive amounts of raw data. Parts of this data are private and highly sensitive as they reflect owner’s behavior, obligations, habits, and preferences. In this paper, we point out that flexible and comprehensive access control policies are “a must” in the IoT domain. The Semantic Web technologies can address many of the challenges that the IoT access control is facing with today. Therefore, we analyze the current state of the art in this area and identify the challenges and opportunities for improved access control in a semantically enriched IoT environment. Applying semantics to IoT access control opens a lot of opportunities, such as semantic inference and reasoning, easy data sharing, data trading, new approaches to authentication, security policies based on a natural language and enhances the interoperability using a common ontology

Linked Research on the Decentralised Web

This thesis is about research communication in the context of the Web. I analyse literature which reveals how researchers are making use of Web technologies for knowledge dissemination, as well as how individuals are disempowered by the centralisation of certain systems, such as academic publishing platforms and social media. I share my findings on the feasibility of a decentralised and interoperable information space where researchers can control their identifiers whilst fulfilling the core functions of scientific communication: registration, awareness, certification, and archiving. The contemporary research communication paradigm operates under a diverse set of sociotechnical constraints, which influence how units of research information and personal data are created and exchanged. Economic forces and non-interoperable system designs mean that researcher identifiers and research contributions are largely shaped and controlled by third-party entities; participation requires the use of proprietary systems. From a technical standpoint, this thesis takes a deep look at semantic structure of research artifacts, and how they can be stored, linked and shared in a way that is controlled by individual researchers, or delegated to trusted parties. Further, I find that the ecosystem was lacking a technical Web standard able to fulfill the awareness function of research communication. Thus, I contribute a new communication protocol, Linked Data Notifications (published as a W3C Recommendation) which enables decentralised notifications on the Web, and provide implementations pertinent to the academic publishing use case. So far we have seen decentralised notifications applied in research dissemination or collaboration scenarios, as well as for archival activities and scientific experiments. Another core contribution of this work is a Web standards-based implementation of a clientside tool, dokieli, for decentralised article publishing, annotations and social interactions. dokieli can be used to fulfill the scholarly functions of registration, awareness, certification, and archiving, all in a decentralised manner, returning control of research contributions and discourse to individual researchers. The overarching conclusion of the thesis is that Web technologies can be used to create a fully functioning ecosystem for research communication. Using the framework of Web architecture, and loosely coupling the four functions, an accessible and inclusive ecosystem can be realised whereby users are able to use and switch between interoperable applications without interfering with existing data. Technical solutions alone do not suffice of course, so this thesis also takes into account the need for a change in the traditional mode of thinking amongst scholars, and presents the Linked Research initiative as an ongoing effort toward researcher autonomy in a social system, and universal access to human- and machine-readable information. Outcomes of this outreach work so far include an increase in the number of individuals self-hosting their research artifacts, workshops publishing accessible proceedings on the Web, in-the-wild experiments with open and public peer-review, and semantic graphs of contributions to conference proceedings and journals (the Linked Open Research Cloud). Some of the future challenges include: addressing the social implications of decentralised Web publishing, as well as the design of ethically grounded interoperable mechanisms; cultivating privacy aware information spaces; personal or community-controlled on-demand archiving services; and further design of decentralised applications that are aware of the core functions of scientific communication

Social Semantic Network-Based Access Control

International audienceSocial networks are the basis of the so called Web 2.0, raising many new challenges to the research community. In particular, the ability of these networks to allow the users to share their own personal information with other people opens new issues concerning privacy and access control. Nowadays the Web has further evolved into the Social Semantic Web where social networks are integrated and enhanced by the use of semantic conceptual models, e.g., the ontologies, where the social information and links among the users become semantic information and links. In this paper, we discuss which are the benefits of introducing semantics in social network-based access control. In particular, we analyze and detail two approaches to manage the access rights of the social network users relying on Semantic Web languages only, and we highlight, thanks to these two proposals, what are pros and cons of introducing semantics in social networks access control. Finally, we report on the other existing approaches coupling semantics and access control in the context of social networks

Distributed Semantic Social Networks: Architecture, Protocols and Applications

Online social networking has become one of the most popular services on the Web. Especially Facebook with its 845Mio+ monthly active users and 100Mrd+ friendship relations creates a Web inside the Web. Drawing on the metaphor of islands, Facebook is becoming more like a continent. However, users are locked up on this continent with hardly any opportunity to communicate easily with users on other islands and continents or even to relocate trans-continentally. In addition to that, privacy, data ownership and freedom of communication issues are problematically in centralized environments. The idea of distributed social networking enables users to overcome the drawbacks of centralized social networks. The goal of this thesis is to provide an architecture for distributed social networking based on semantic technologies. This architecture consists of semantic artifacts, protocols and services which enable social network applications to work in a distributed environment and with semantic interoperability. Furthermore, this thesis presents applications for distributed semantic social networking and discusses user interfaces, architecture and communication strategies for this application category.Soziale Netzwerke gehören zu den beliebtesten Online Diensten im World Wide Web. Insbesondere Facebook mit seinen mehr als 845 Mio. aktiven Nutzern im Monat und mehr als 100 Mrd. Nutzer- Beziehungen erzeugt ein eigenständiges Web im Web. Den Nutzern dieser Sozialen Netzwerke ist es jedoch schwer möglich mit Nutzern in anderen Sozialen Netzwerken zu kommunizieren oder aber mit ihren Daten in ein anderes Netzwerk zu ziehen. Zusätzlich dazu werden u.a. Privatsphäre, Eigentumsrechte an den eigenen Daten und uneingeschränkte Freiheit in der Kommunikation als problematisch empfunden. Die Idee verteilter Soziale Netzwerke ermöglicht es, diese Probleme zentralisierter Sozialer Netzwerke zu überwinden. Das Ziel dieser Arbeit ist die Darstellung einer Architektur verteilter Soziale Netzwerke welche auf semantischen Technologien basiert. Diese Architektur besteht aus semantischen Artefakten, Protokollen und Diensten und ermöglicht die Kommunikation von Sozialen Anwendungen in einer verteilten Infrastruktur. Darüber hinaus präsentiert diese Arbeit mehrere Applikationen für verteilte semantische Soziale Netzwerke und diskutiert deren Nutzer-Schnittstellen, Architektur und Kommunikationsstrategien. 

Personalised privacy in pervasive and ubiquitous systems

Our world is edging closer to the realisation of pervasive systems and their integration in our everyday life. While pervasive systems are capable of offering many benefits for everyone, the amount and quality of personal information that becomes available raise concerns about maintaining user privacy and create a real need to reform existing privacy practices and provide appropriate safeguards for the user of pervasive environments. This thesis presents the PERSOnalised Negotiation, Identity Selection and Management (PersoNISM) system; a comprehensive approach to privacy protection in pervasive environments using context aware dynamic personalisation and behaviour learning. The aim of the PersoNISM system is twofold: to provide the user with a comprehensive set of privacy protecting tools and to help them make the best use of these tools according to their privacy needs. The PersoNISM system allows users to: a) configure the terms and conditions of data disclosure through the process of privacy policy negotiation, which addresses the current “take it or leave it” approach; b) use multiple identities to interact with pervasive services to avoid the accumulation of vast amounts of personal information in a single user profile; and c) selectively disclose information based on the type of information, who requests it, under what context, for what purpose and how the information will be treated. The PersoNISM system learns user privacy preferences by monitoring the behaviour of the user and uses them to personalise and/or automate the decision making processes in order to unburden the user from manually controlling these complex mechanisms. The PersoNISM system has been designed, implemented, demonstrated and evaluated during three EU funded projects

Privacidade em comunicações de dados para ambientes contextualizados

Doutoramento em InformáticaInternet users consume online targeted advertising based on information collected about them and voluntarily share personal information in social networks. Sensor information and data from smart-phones is collected and used by applications, sometimes in unclear ways. As it happens today with smartphones, in the near future sensors will be shipped in all types of connected devices, enabling ubiquitous information gathering from the physical environment, enabling the vision of Ambient Intelligence. The value of gathered data, if not obvious, can be harnessed through data mining techniques and put to use by enabling personalized and tailored services as well as business intelligence practices, fueling the digital economy. However, the ever-expanding information gathering and use undermines the privacy conceptions of the past. Natural social practices of managing privacy in daily relations are overridden by socially-awkward communication tools, service providers struggle with security issues resulting in harmful data leaks, governments use mass surveillance techniques, the incentives of the digital economy threaten consumer privacy, and the advancement of consumergrade data-gathering technology enables new inter-personal abuses. A wide range of fields attempts to address technology-related privacy problems, however they vary immensely in terms of assumptions, scope and approach. Privacy of future use cases is typically handled vertically, instead of building upon previous work that can be re-contextualized, while current privacy problems are typically addressed per type in a more focused way. Because significant effort was required to make sense of the relations and structure of privacy-related work, this thesis attempts to transmit a structured view of it. It is multi-disciplinary - from cryptography to economics, including distributed systems and information theory - and addresses privacy issues of different natures. As existing work is framed and discussed, the contributions to the state-of-theart done in the scope of this thesis are presented. The contributions add to five distinct areas: 1) identity in distributed systems; 2) future context-aware services; 3) event-based context management; 4) low-latency information flow control; 5) high-dimensional dataset anonymity. Finally, having laid out such landscape of the privacy-preserving work, the current and future privacy challenges are discussed, considering not only technical but also socio-economic perspectives.Quem usa a Internet vê publicidade direccionada com base nos seus hábitos de navegação, e provavelmente partilha voluntariamente informação pessoal em redes sociais. A informação disponível nos novos telemóveis é amplamente acedida e utilizada por aplicações móveis, por vezes sem razões claras para isso. Tal como acontece hoje com os telemóveis, no futuro muitos tipos de dispositivos elecónicos incluirão sensores que permitirão captar dados do ambiente, possibilitando o surgimento de ambientes inteligentes. O valor dos dados captados, se não for óbvio, pode ser derivado através de técnicas de análise de dados e usado para fornecer serviços personalizados e definir estratégias de negócio, fomentando a economia digital. No entanto estas práticas de recolha de informação criam novas questões de privacidade. As práticas naturais de relações inter-pessoais são dificultadas por novos meios de comunicação que não as contemplam, os problemas de segurança de informação sucedem-se, os estados vigiam os seus cidadãos, a economia digital leva á monitorização dos consumidores, e as capacidades de captação e gravação dos novos dispositivos eletrónicos podem ser usadas abusivamente pelos próprios utilizadores contra outras pessoas. Um grande número de áreas científicas focam problemas de privacidade relacionados com tecnologia, no entanto fazem-no de maneiras diferentes e assumindo pontos de partida distintos. A privacidade de novos cenários é tipicamente tratada verticalmente, em vez de re-contextualizar trabalho existente, enquanto os problemas actuais são tratados de uma forma mais focada. Devido a este fraccionamento no trabalho existente, um exercício muito relevante foi a sua estruturação no âmbito desta tese. O trabalho identificado é multi-disciplinar - da criptografia à economia, incluindo sistemas distribuídos e teoria da informação - e trata de problemas de privacidade de naturezas diferentes. À medida que o trabalho existente é apresentado, as contribuições feitas por esta tese são discutidas. Estas enquadram-se em cinco áreas distintas: 1) identidade em sistemas distribuídos; 2) serviços contextualizados; 3) gestão orientada a eventos de informação de contexto; 4) controlo de fluxo de informação com latência baixa; 5) bases de dados de recomendação anónimas. Tendo descrito o trabalho existente em privacidade, os desafios actuais e futuros da privacidade são discutidos considerando também perspectivas socio-económicas

Replication and availability in decentralised online social networks

A thesis submitted to the University of Bedfordshire in partial fulfilment of the requirements for the degree of Master of PhilosophyDuring the last few years’ online social networks (OSNs) have become increasingly popular among all age groups and professions but this has raised a number of issues around users’ privacy and security. To address these issues a number of attempts have been made in the literature to create the next generation of OSNs built on decentralised architectures. Maintaining high data availability in decentralised OSNs is a challenging task as users themselves are responsible for keeping their profiles available either by staying online for longer periods of time or by choosing trusted peers that can keep their data available on their behalf. The major findings of this research include algorithmically determining the users’ availability and the minimum number of replicas required to achieve the same availability as all mirror nodes combined. The thesis also investigates how the users’ availability, replication degree and the update propagation delay changes as we alter the number of mirror nodes their online patterns, number of sessions and session duration. We found as we increase the number of mirror nodes the availability increases and becomes stable after a certain point which may vary from node to node as it directly depends on the node’s number of mirror nodes and their online patterns. Moreover, we also found the minimum number of replicas required to achieve the same availability as all mirror nodes combined and update propagation delay directly depends on mirror nodes’ number of sessions and session duration. Furthermore, we also found as we increase the number of sessions with reduced session lengths the update propagation delay between the mirror nodes starts to decrease. Thus resulting in spreading the updates faster as compared to mirror nodes with fewer sessions but of longer durations

PROFILING - CONCEPTS AND APPLICATIONS

Profiling is an approach to put a label or a set of labels on a subject, considering the characteristics of this subject. The New Oxford American Dictionary defines profiling as: “recording and analysis of a person’s psychological and behavioral characteristics, so as to assess or predict his/her capabilities in a certain sphere or to assist in identifying a particular subgroup of people”. This research extends this definition towards things demonstrating that many methods used for profiling of people may be applied for a different type of subjects, namely things. The goal of this research concerns proposing methods for discovery of profiles of users and things with application of Data Science methods. The profiles are utilized in vertical and 2 horizontal scenarios and concern such domains as smart grid and telecommunication (vertical scenarios), and support provided both for the needs of authorization and personalization (horizontal usage).:The thesis consists of eight chapters including an introduction and a summary. First chapter describes motivation for work that was carried out for the last 8 years together with discussion on its importance both for research and business practice. The motivation for this work is much broader and emerges also from business importance of profiling and personalization. The introduction summarizes major research directions, provides research questions, goals and supplementary objectives addressed in the thesis. Research methodology is also described, showing impact of methodological aspects on the work undertaken. Chapter 2 provides introduction to the notion of profiling. The definition of profiling is introduced. Here, also a relation of a user profile to an identity is discussed. The papers included in this chapter show not only how broadly a profile may be understood, but also how a profile may be constructed considering different data sources. Profiling methods are introduced in Chapter 3. This chapter refers to the notion of a profile developed using the BFI-44 personality test and outcomes of a survey related to color preferences of people with a specific personality. Moreover, insights into profiling of relations between people are provided, with a focus on quality of a relation emerging from contacts between two entities. Chapters from 4 to 7 present different scenarios that benefit from application of profiling methods. Chapter 4 starts with introducing the notion of a public utility company that in the thesis is discussed using examples from smart grid and telecommunication. Then, in chapter 4 follows a description of research results regarding profiling for the smart grid, focusing on a profile of a prosumer and forecasting demand and production of the electric energy in the smart grid what can be influenced e.g. by weather or profiles of appliances. Chapter 5 presents application of profiling techniques in the field of telecommunication. Besides presenting profiling methods based on telecommunication data, in particular on Call Detail Records, also scenarios and issues related to privacy and trust are addressed. Chapter 6 and Chapter 7 target at horizontal applications of profiling that may be of benefit for multiple domains. Chapter 6 concerns profiling for authentication using un-typical data sources such as Call Detail Records or data from a mobile phone describing the user behavior. Besides proposing methods, also limitations are discussed. In addition, as a side research effect a methodology for evaluation of authentication methods is proposed. Chapter 7 concerns personalization and consists of two diverse parts. Firstly, behavioral profiles to change interface and behavior of the system are proposed and applied. The performance of solutions personalizing content either locally or on the server is studied. Then, profiles of customers of shopping centers are created based on paths identified using Call Detail Records. The analysis demonstrates that the data that is collected for one purpose, may significantly influence other business scenarios. Chapter 8 summarizes the research results achieved by the author of this document. It presents contribution over state of the art as well as some insights into the future work planned

Security, Trust and Privacy (STP) Model for Federated Identity and Access Management (FIAM) Systems

The federated identity and access management systems facilitate the home domain organization users to access multiple resources (services) in the foreign domain organization by web single sign-on facility. In federated environment the user’s authentication is performed in the beginning of an authentication session and allowed to access multiple resources (services) until the current session is active. In current federated identity and access management systems the main security concerns are: (1) In home domain organization machine platforms bidirectional integrity measurement is not exist, (2) Integrated authentication (i.e., username/password and home domain machine platforms mutual attestation) is not present and (3) The resource (service) authorization in the foreign domain organization is not via the home domain machine platforms bidirectional attestation

Presentation of self on a decentralised web

Self presentation is evolving; with digital technologies, with the Web and personal publishing, and then with mainstream adoption of online social media. Where are we going next? One possibility is towards a world where we log and own vast amounts of data about ourselves. We choose to share - or not - the data as part of our identity, and in interactions with others; it contributes to our day-to-day personhood or sense of self. I imagine a world where the individual is empowered by their digital traces (not imprisoned), but this is a complex world. This thesis examines the many factors at play when we present ourselves through Web technologies. I optimistically look to a future where control over our digital identities are not in the hands of centralised actors, but our own, and both survey and contribute to the ongoing technical work which strives to make this a reality. Decentralisation changes things in unexpected ways. In the context of the bigger picture of our online selves, building on what we already know about self-presentation from decades of Social Science research, I examine what might change as we move towards decentralisation; how people could be affected, and what the possibilities are for a positive change. Finally I explore one possible way of self-presentation on a decentralised social Web through lightweight controls which allow an audience to set their expectations in order for the subject to meet them appropriately. I seek to acknowledge the multifaceted, complicated, messy, socially-shaped nature of the self in a way that makes sense to software developers. Technology may always fall short when dealing with humanness, but the framework outlined in this thesis can provide a foundation for more easily considering all of the factors surrounding individual self-presentation in order to build future systems which empower participants