USER CENTRIC POLICY MANAGEMENT

Internet use, in general, and online social networking sites, in particular, are ex- periencing tremendous growth with hundreds of millions of active users. As a result, there is a tremendous amount of privacy information and content online. Protect- ing this information is a challenge. Access control policy composition is complex, laborious and tedious for the average user. Usable access control frameworks have lagged. Acceptance / use of available frameworks is low. As a result, policies are only partially configured and maintained. Or, they may be all together ignored. This leads to privacy information and content not being properly protected and potentially unknowingly made available to unintended recipients. We overcome these limitations by introducing User Centric Policy Management – a new paradigm of semi-automated tools that aid users in building, recommending and maintaining their online access control policies. We introduce six user centric policy management assistance tools: Policy Manager is a supervised learning based mech- anism that leverages user provided example policy settings to build classifiers that are the basis for auto-generated policies. Assisted Friend Grouping leverages proven clustering techniques to assist users in grouping their friends for policy management purposes. Same-As Subject Management leverages a user’s memory and opinion of their friends to set policies for other similar friends. Example Friend Selection pro- vides different techniques for aiding users in selecting friends used in the development of access control policies. Same-As Object Management leverages a user’s memory and perception of their objects for setting policies for other similar objects. iLayer is a least privilege based access control model for web and social networking sites that builds, recommends and enforces access control policies for third party developed applications. To demonstrate the effectiveness of these policy management assistance tools, we implemented a suite of prototype applications, conducted numerous experiments and completed a number of extensive user studies. The results show that User Centric Pol- icy Management is a more usable access control framework that is effective, efficient and satisfying to the user, which ultimately improves online security and privacy

Towards a user-centric social approach to web services composition, execution, and monitoring

This paper discusses the intertwine of social networks of users and social networks of Web services to compose, execute, and monitor Web services. Each network provides details that permit achieving this intertwine and thus, completing the three operations. A user social-network is used to advise users on the next Web services to select based on their peers’ experiences, whereas a Web service social network is used to advise users on the substitutes to select in case a Web service fails, for example. To make the intertwine of these social networks happen, three components are developed: composer, executor, and monitor. The social composer develops composite Web services considering relations between users and the ones between Web services. The social executor assesses the impact of these relations on these compositeWeb services execution progress. Finally, the social monitor replaces failing Web services to guarantee the execution continuity of these composite Web services. A running example and a prototype illustrate and demonstrate the intertwine of these social networks, respectively.Zakaria Maamar, Noura Faci, Quan Z. Sheng and Lina Ya

Implicit Social Networking: Discovery of Hidden Relationships, Roles and Communities among Consumers

AbstractThis paper proposes the implicit social networking as an innovative methodology for approaching consumers who possess information-rich user profiles based on aplethora of online services they use. An implicit social network is not explicitly built by consumers themselves, but implicitly calculated by third parties based on a level of a common interest between consumers (i.e., profile matchmaking). The analysis of aconsumer social network created in such a manner enables discovery of hidden roles, relationships and communities among consumers and represents a basis for provisioning of innovative services (e.g., personalized and/or context-aware services such as recommender systems). The implicit social networking methodology is evaluated through two pilot cases: (i) implicit social networking based on the SmartSocial platform; and (ii) implicit social networking of IPTV users. The generalizability of the implicit social networking is demonstrated through additional example aimed not at external company stakeholders (e.g., company consumers), but at internal stakeholders (i.e., company employees) through the implicit corporate social networking pilot case

Social Login Acceptance: A DIF Study of Differential Factors

Social login has become an increasingly popular alternative for traditional user registration. Although a single sign-on protocol is commonly considered to have the advantage of removing barriers at the registration stage, mismanagement of these technological features may lead to user turnover or abandonment. Thus, a better understanding of who may better accept social login for which type of service is essential for a business that decides to adopt social login protocols. This research in progress tested various user characteristics using a differential item functioning approach that aims to explore systematic differences from user groups (rather than individual differences from latent traits) for social login acceptance

InContexto: Multisensor Architecture to Obtain People Context from Smartphones

The way users intectact with smartphones is changing after the improvements made in their embedded sensors. Increasingly, these devices are being employed as tools to observe individuals habits. Smartphones provide a great set of embedded sensors, such as accelerometer, digital compass, gyroscope, GPS, microphone, and camera. This paper aims to describe a distributed architecture, called inContexto, to recognize user context information using mobile phones. Moreover, it aims to infer physical actions performed by users such as walking, running, and still. Sensory data is collected by HTC magic application made in Android OS, and it was tested achieving about 97% of accuracy classifying five different actions (still, walking and running).This work was supported in part by Projects CICYT TIN2011-28620-C02-01, CICYT TEC2011-28626-C02-02, CAM CONTEXTS (S2009/TIC-1485), and DPS2008-07029- C02-02.Publicad

Understanding Federation: An Analytical Framework for the Interoperability of Social Networking Sites

Although social networking has become a remarkable feature in the Web, full interoperability has not arrived. This work explores the main 5 paradigms of interoperability across social networking sites, corresponding to the layers in which we an find interoperability. Building on those, a novel analytical framework for SNS interoperability is introduced. Seven representative interoperability SNS technologies are compared using the proposed framework. The analysis exposes an overwhelming disparity and fragmentation in the solutions for tackling the same problems. Although there are a few solutions where consensus is reached and are widely adopted (e.g. in object IDs), there are multiple central issues that are still far from being widely standarized (e.g. in profile representation). In addition, several areas have been identified where there is clear room for improvement, such as privacy controls or data synchronization

On protection in federated social computing systems

Nowadays, a user may belong to multiple social computing systems (SCSs) in order to benefit from a variety of services that each SCS may provide. To facilitate the sharing of contents across the system boundary, some SCSs provide a mechanism by which a user may “connect ” his accounts on two SCSs. The effect is that contents from one SCS can now be shared to another SCS. Although such a connection feature delivers clear usability advantages for users, it also generates a host of privacy challenges. A notable challenge is that the access control policy of the SCS from which the content originates may not be honoured by the SCS to which the content migrates, because the latter fails to faithfully replicate the protection model of the former. In this paper we formulate a protection model for a fed-eration of SCSs that support content sharing via account connection. A core feature of the model is that sharable con-tents are protected by access control policies that transcend system boundary — they are enforced even after contents are migrated from one SCS to another. To ensure faith-ful interpretation of access control policies, their evaluation involves querying the protection states of various SCSs, us-ing Secure Multiparty Computation (SMC). An important contribution of this work is that we carefully formulate the conditions under which policy evaluation using SMC does not lead to the leakage of information about the protection states of the SCSs. We also study the computational prob-lem of statically checking if an access control policy can be evaluated without information leakage. Lastly, we identify useful policy idioms

e-Business challenges and directions: important themes from the first ICE-B workshop

A three-day asynchronous, interactive workshop was held at ICE-B’10 in Piraeus, Greece in July of 2010. This event captured conference themes for e-Business challenges and directions across four subject areas: a) e-Business applications and models, b) enterprise engineering, c) mobility, d) business collaboration and e-Services, and e) technology platforms. Quality Function Deployment (QFD) methods were used to gather, organize and evaluate themes and their ratings. This paper summarizes the most important themes rated by participants: a) Since technology is becoming more economic and social in nature, more agile and context-based application develop methods are needed. b) Enterprise engineering approaches are needed to support the design of systems that can evolve with changing stakeholder needs. c) The digital native groundswell requires changes to business models, operations, and systems to support Prosumers. d) Intelligence and interoperability are needed to address Prosumer activity and their highly customized product purchases. e) Technology platforms must rapidly and correctly adapt, provide widespread offerings and scale appropriately, in the context of changing situational contexts