Change search
ReferencesLink to record
Permanent link

Direct link
Privacy Policies for Location-Aware Social Network Services
Norwegian University of Science and Technology, Faculty of Information Technology, Mathematics and Electrical Engineering, Department of Telematics.
2011 (English)MasteroppgaveStudent thesis
Abstract [en]

The combination of location-awareness and social networks has introduced systems containing an increased amount of protection-worthy personal information, creating the need for improved privacy control from a user point of view. End-user privacy requirements were derived from identified end-user privacy preferences. These requirements were used to evaluate current Location-Aware Social Network Services' (LASNSs') end-user privacy control as well as help develop relevant enhancements. These requirements allows users to be able to control (if they wish) which of the objects related to them are accessed by whom, in what way and under which conditions. Two enhancement ideas which together helps fulfill this requirement have been presented. The few LASNSs offering the user access control rule specification only provides a small list of pre-defined subjects (e.g. "Friends", "Everyone"). This list is too limited for specification of many fine-grained privacy preferences. With a more extensive implementation of Role Based Access Control (RBAC) in LASNSs, with the user as the system administrator of roles, users will be able to create roles (e.g "colleague", "close friend", "family"), assign them to their connections, and specify these roles as subjects in access control rules. The user will also be allowed to specify conditions, under which subject(s)/role(s) can access an object. These conditions can be based on system attributes of the object owner (e.g location), the subject requesting access (e.g age) or external attributes (e.g time). A suitable user-friendly access control user interface has been proposed, showing how this can be presented in an effective and understandable way to the user. A few example user privacy preferences, each one representing one of the identified end-user privacy control requirements have been translated from data sent to the system through the proposed interface, into formal languages like Datalog and XACML. Current end-user privacy control can be improved, by making more fine-grained access control rule specification possible, through the proposed enhancements, suitable both from an end-user perspective and from a developer's point of view.

Place, publisher, year, edition, pages
Institutt for telematikk , 2011. , 147 p.
Keyword [no]
ntnudaim:6112, MTKOM kommunikasjonsteknologi, Nett og tjenester
URN: urn:nbn:no:ntnu:diva-13807Local ID: ntnudaim:6112OAI: diva2:443166
Available from: 2011-09-23 Created: 2011-09-23

Open Access in DiVA

fulltext(4269 kB)683 downloads
File information
File name FULLTEXT01.pdfFile size 4269 kBChecksum SHA-512
Type fulltextMimetype application/pdf
cover(47 kB)32 downloads
File information
File name COVER01.pdfFile size 47 kBChecksum SHA-512
Type coverMimetype application/pdf

By organisation
Department of Telematics

Search outside of DiVA

GoogleGoogle Scholar
Total: 683 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 102 hits
ReferencesLink to record
Permanent link

Direct link