دانلود رایگان مقاله کنترل دسترسی - حفظ حریم خصوصی در شبکه اجتماعی با حاشیه نویسی معنایی اتوماتیک

Abstract

In online social networks (OSN), users quite usually disclose sensitive information about themselves by publishing messages. At the same time, they are (in many cases) unable to properly manage the access to this sensitive information due to the following issues: (i) the rigidness of the access control mechanism implemented by the OSN, and (ii) many users lack of technical knowledge about data privacy and access control. To tackle these limitations, in this paper, we propose a dynamic, transparent and privacy-driven access control mechanism for textual messages published in OSNs. The notion of privacy-driven is achieved by analyzing the semantics of the messages to be published and, according to that, assessing the degree of sensitiveness of their contents. For this purpose, the proposed system relies on an automatic semantic annotation mechanism that, by using knowledge bases and linguistic tools, is able to associate a meaning to the information to be published. By means of this annotation, our mechanism automatically detects the information that is sensitive according to the privacy requirements of the publisher of data, with regard to the type of reader that may access such data. Finally, our access control mechanism automatically creates sanitized versions of the users’ publications according to the type of reader that accesses them. As a result, our proposal, which can be integrated in already existing social networks, provides an automatic, seamless and content-driven protection of user publications, which are coherent with her privacy requirements and the type of readers that access them. Complementary to the system design, we also discuss the feasibility of the system by illustrating it through a real example and evaluate its accuracy and effectiveness over standard approaches.

6. Conclusions and future work

In this paper, we proposed a privacy-preserving content-driven access control mechanism for textual publications in social networks. Contrary to related works [10,11,12], the proposal is content driven in the sense that the semantics of the messages are automatically assessed in order to detect the sensitive information they contain according to the privacy requirements of the publishers. These requirements are defined in general (i.e., an allowed level of disclosure is defined for the different contact types defined in the social network), and the publications whose contents are related to these requirements are automatically protected. To do so, the sensitive information is sanitized and different versions of the publication are generated according to the access level of the readers. Thus, the privacy enforcement is transparent both to the publishers and readers, thus requiring no administrative efforts at the publication time, contrary to most related works [11,12]. In addition, the proposed mechanism is flexible enough to be incorporated in any social network that publishes messages and classifies contacts into categories. As future work, we plan to develop a functional implementation in a real OSN in order to conduct a survey of the usability and utility of the proposed system among social network users. For this purpose, we will engineer the privacy requirements to be considered within the scope of the network. Furthermore, in order to alleviate users from completely specifying their privacy requirements, we will also consider the automatic inference of access control rules according to the social relationships implemented in the social network (e.g., the privacy rules for friends could be same for the friends of friend). At this respect, a machine learning approach [35] can also be considered to semi-automatize the configuration of privacy rules. Finally, as it has been highlighted in the evaluation section, the user’s privacy can also be compromised by the (co-)occurrence of information that is correlated to the sensitive topic to be protected. We are currently working on automatic solutions to address this issue that, in a nutshell, would assess the disclosure that potentially correlated terms may produce for a sensitive one according to their mutual information, which is computed from the information distribution of data in large corpora [33,34]. We plan to incorporate them to the developed system in the near future in order to improve the assessment of privacy risks by detecting correlated terms or term aggregations that may disclose more information about a sensitive topic than the one specified in the privacy rules.