Privacy and Utility of Inference Control Mechanisms for Social Computing Applications

被引:3
作者
Ahmadinejad, Seyed Hossein [1 ]
Fong, Philip W. L. [2 ]
Safavi-Naini, Reihaneh [2 ]
机构
[1] Nulli, Calgary, AB, Canada
[2] Univ Calgary, Calgary, AB T2N 1N4, Canada
来源
ASIA CCS'16: PROCEEDINGS OF THE 11TH ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY | 2016年
关键词
Social computing; Facebook applications; inference attack; privacy; utility; view-based protection; sanitizing transformation; verification; composition;
D O I
10.1145/2897845.2897878
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Modern social computing platforms (e.g., Facebook) are extensible. Third-party developers deploy extensions (e.g., Facebook applications) that augment the functionalities of the underlying platforms. Previous work demonstrated that permission-based protection mechanisms, adopted to control access to users' personal information, fail to control inference - the inference of private information from public information. We envision an alternative protection model in which user profiles undergo sanitizing transformations before being released to third-party applications. Each transformation specifies an alternative view of the user profile. Unlike permission-based protection, this framework addresses the need for inference control. This work lays the theoretical foundation for view-based protection in three ways. First, existing work in privacy preserving data publishing focuses on structured data (e.g., tables), but user profiles are semi-structured (e.g., trees). In information-theoretic terms, we define privacy and utility goals that can be applied to semi-structured data. Our notions of privacy and utility are highly targeted, mirroring the set up of social computing platforms, in which users specify their privacy preferences and third-party applications focus their accesses on selected components of the user profile. Second, we define an algebra of trees in which sanitizing transformations previously designed for structured data (e.g., generalization, noise introduction, etc) are now formulated for semi-structured data in terms of tree operations. Third, we evaluate the usefulness of our model by illustrating how the privacy enhancement and utility preservation effects of a view (a sanitizing transformation) can be formally and quantitatively assessed in our model. To the best of our knowledge, ours is the first work to articulate precise privacy and utility goals of inference control mechanisms for third-party applications in social computing platforms.
引用
收藏
页码:829 / 840
页数:12
相关论文
共 25 条
[1]  
Aggarwal CC, 2008, ADV DATABASE SYST, V34, P1, DOI 10.1007/978-0-387-70992-5
[2]  
Ahmadinejad S. H., 2011, 2011 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops 2011). PerCom-Workshops 2011: 2011 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops 2011), P282, DOI 10.1109/PERCOMW.2011.5766884
[3]  
Ahmadinejad S H., 2013, Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, ASIACCS, P161
[4]   Unintended disclosure of information: Inference attacks by third-party extensions to Social Network Systems [J].
Ahmadinejad, Seyed Hossein ;
Fong, Philip W. L. .
COMPUTERS & SECURITY, 2014, 44 :75-91
[5]  
Ahmadinejad Seyed Hossein, 2016, THESIS
[6]  
[Anonymous], 1981, SCI PROGRAMMING, DOI DOI 10.1007/978-1-4612-5983-1
[7]  
[Anonymous], 2011, Proceedings of the 27th annual computer security applications conference
[8]  
[Anonymous], 2009, Proceedings of the 18th international conference on World wide web, DOI DOI 10.1145/1526709.1526781
[9]  
Askari M., 2012, P 2 ACM C DAT APPL S, P283, DOI DOI 10.1145/2133601.2133637
[10]  
Bilge Leyla, 2009, Proceedings of the 18th international conference on World wide web, WWW '09, P551, DOI DOI 10.1145/1526709.1526784
123