Privacy Policies for Location-Aware Social Network Services
The combination of location-awareness and social networks has introduced systems containing an increased amount of protection-worthy personal information, creating the need for improved privacy control from a user point of view.
End-user privacy requirements were derived from identified end-user privacy preferences. These requirements were used to evaluate current Location-Aware Social Network Services' (LASNSs') end-user privacy control as well as help develop relevant enhancements.
These requirements allows users to be able to control (if they wish) which of the objects related to them are accessed by whom, in what way and under which conditions. Two enhancement ideas which together helps fulfill this requirement have been presented. The few LASNSs offering the user access control rule specification only provides a small list of pre-defined subjects (e.g. "Friends", "Everyone"). This list is too limited for specification of many fine-grained privacy preferences. With a more extensive implementation of Role Based Access Control (RBAC) in LASNSs, with the user as the system administrator of roles, users will be able to create roles (e.g "colleague", "close friend", "family"), assign them to their connections, and specify these roles as subjects in access control rules. The user will also be allowed to specify conditions, under which subject(s)/role(s) can access an object. These conditions can be based on system attributes of the object owner (e.g location), the subject requesting access (e.g age) or external attributes (e.g time). A suitable user-friendly access control user interface has been proposed, showing how this can be presented in an effective and understandable way to the user. A few example user privacy preferences, each one representing one of the identified end-user privacy control requirements have been translated from data sent to the system through the proposed interface, into formal languages like Datalog and XACML.
Current end-user privacy control can be improved, by making more fine-grained access control rule specification possible, through the proposed enhancements, suitable both from an end-user perspective and from a developer's point of view.
Place, publisher, year, edition, pages
Institutt for telematikk , 2011. , 147 p.
ntnudaim:6112, MTKOM kommunikasjonsteknologi, Nett og tjenester
IdentifiersURN: urn:nbn:no:ntnu:diva-13807Local ID: ntnudaim:6112OAI: oai:DiVA.org:ntnu-13807DiVA: diva2:443166
Knapskog, Svein Johan, ProfessorGladysh, Serge