Your SlideShare is downloading. ×
  • Like
×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Towards the use of Social Machines to Enhance Personal Privacy on the Internet - A draft presentation

  • 355 views
Published

The internet became a part of many people’s daily life, with people online every day and publishing a lot of personal information. In this scenario, privacy guarantees are becoming a concern, and most …

The internet became a part of many people’s daily life, with people online every day and publishing a lot of personal information. In this scenario, privacy guarantees are becoming a concern, and most ways to compromise user privacy, such as Government surveillance recently reported by world’s press, are consequence of system’s architecture. This paper revisits the concept of Social Machines and presents a proposal to build web systems using the model of People as Entity Social Machines, as a way to enhance personal privacy on the internet. In addition, several security, privacy and system’s architecture issues are discussed, scenarios in which the model could be applied are presented.

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
355
On SlideShare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. 11 Towards the use of SocialTowards the use of Social Machines to EnhanceMachines to Enhance Personal Privacy on thePersonal Privacy on the InternetInternet (a draft)(a draft) www.assertlab.com Universidade Federal de Pernambuco Universidade Federal Rural de Pernambuco Centro de Estudos e Sistemas Avançados do Recife Kellyton Brito ksb@cin.ufpe.br Advisor: Silvio Meira silvio@meira.com Co-Advisor: Vinicius Garcia vcg@cin.ufpe.br
  • 2. 22 IntroductionIntroduction • Everyone on the internet: – More than 2.4 billion people (2011)1 – Daily access: more than 600 million (2011) 1 – More than 1 billion facebook users (2012) 2 – Millenials (aged 18-30): 6h online every day (2013) 3 • People create and upload a lot of information!
  • 3. 33 http://blog.qmee.com/qmee-online-in-60-seconds/
  • 4. 44 The ProblemThe Problem • People fear misuse of their data – 83% fear that social applications collect, maintain, analize and commercialize their data 4 – 68% think about give up from these applications fearing misuse or commercialization of their personal data 4 • And they are right!
  • 5. 55 The ProblemThe Problem • Security and Privacy problems 4-7 – Accidental data release to unintended recipients – The use of private data by the service provider for marketing or other purposes – The user of private data by plug-in applications using social site API’s – … • Among others
  • 6. 66
  • 7. 77 Possible Solutions (among others)Possible Solutions (among others) • The legislative approach – Government regulation and Contracts – The problem: • Governments and companies are able to break rules – “NSA approach”, intentional data leakage – Nobody knows what is happening “behind scenes” • It is difficult to avoid, find and track infringements • Code is the Law approach8 – Code and Other Laws of Cyberspace – What can and cannot be done is defined by computing capabilities
  • 8. 88 Current ScenarioCurrent Scenario • Systems architecture as Data Connected Silos – Google, Facebook, Apple, Microsoft and Yahoo! holds almost all data from almost everyone – Few security failure points – In addition, they clearly state in their terms that they can use, share, sell (and much more) people’s data9-11
  • 9. 99 Possible SolutionPossible Solution To empower users with complete ownership over their data, including full sharing and access control and the control of the physical location of where the data is stored.
  • 10. 1010 Possible solutionPossible solution • From user data spreaded (and repeated) among applications databases • To user data owned by the user and shared with applications (as services)
  • 11. 1111 THE PROPOSALTHE PROPOSAL
  • 12. 1212 The ProposalThe Proposal • Meira & Buregio12-14 and others15-17 has been working in the concept of Social Machines • Meira & Buregio Vision: – A paradigm resulting from the convergence of three different visions: i) Social Software; ii) People as Computational Units and iii) Software as Sociable Entities.
  • 13. 1313 Social MachinesSocial Machines Social Machines Research Group 1 Social Machine is a web unit defined by the tuple: SM = <Rel, WI, Req, Resp, S, Const, I, P, O> A Social Machine (SM) receives requests (Req) from other SM’s and returns responses (Resp). The requests are converted to inputs (I) for a processing unit (P), which has states (S) and produces outputs (O). In addition, there are rules that define relationships (R) with other SMs, under a specific set of constraints (Const). E Processing UnitRequest Response Input Output Relationships States Constraints Wrapper Interface
  • 14. 1414 The QuestionThe Question Is it possible to enhance privacy and security of modern software systems by the development of web systems based on the concept of People as Social Machines, by the guarantee to the users real ownership of their data?
  • 15. 1515 People as Social MachinesPeople as Social Machines • Two types of Social Machines – Entity Social Machines (ESM) • Model people – Services Social Machines (SSM) • Model applications that access people’s data
  • 16. 1616 Entity Social MachinesEntity Social Machines • Model People • People raw data – Profile data – Relationships – Published data • photos, videos, documents, text, location, etc • Has a basic administration service – To allow the user to control his SM • Publish an API to expose user data under relationships constraints
  • 17. 1717 Services Social MachinesServices Social Machines • Services and/or Applications built on Entity Social Machines • Developed by: – Direct permission and access of ESM API (profile, publishing and relationships) – By the composition of others Social Machines + service functionality (Δ)
  • 18. 1818 Services Social MachinesServices Social Machines • New application developments: • First level applications: – Search: Δ(publishing, relationship, profile) – Conversation: Δ(publishing + relationship) – Bookmarks: Δ(publishing) – Simple stream: Δ(publishing) – Maps: Δ(publishing(location)) • N-level applications: – E-mail and blogs: Δ(conversation, search, bookmark) – Advertising: Δ(profile, publishing, bookmark, search, conversation) – Analytics and trends : Δ(*) + Δ(*)(friends) – Social networks: Δ(*)
  • 19. 1919 Services Social MachinesServices Social Machines Stream SM s Conversation SM s BookMark SM s Search SM s BlogSM s EmailSM s TrendsSM s ChatSM s LocationSM s AnalyticsSM s AdsSM s FeedsSM s PERSON 1 Profile Publishing Relationships PERSON 2 Profile Publishing Relationships PERSON 3 Profile Publishing Relationships PERSON N Profile Publishing Relationships Social Network Social Machine
  • 20. 2020 PRACTICAL ISSUESPRACTICAL ISSUES Practical Issues related to the implementation of the proposal
  • 21. 2121 People as Social Machines:People as Social Machines: Practical IssuesPractical Issues • Privacy – Security Model – Authorization Model – Deployment Model • Architecture – Registry Service – Discoverability Service
  • 22. 2222 People as Social Machines:People as Social Machines: Practical IssuesPractical Issues •• PrivacyPrivacy – Security Model – Authorization Model – Deployment Model • Architecture – Registry Service – Discoverability Service
  • 23. 2323 How to deal with main concernsHow to deal with main concerns?? 44--77 I. The loss of physical control of data II. Unauthorized Access and Secondary Usage III. Data proliferation and transborder data flow IV. Control of data lifecycle (how to guarantee deletion?) V. Availability and backup VI. Accidental data release to unintended recipients; VII. The access or misuse of private data for marketing or other purposes by the social site; VIII.The access or misuse of private data by third-part applications using social site API’s, among others
  • 24. 2424 PracticalPractical IssuesIssues • Security Model: – Cryptography on transfer and storage – Data access by API requests • Authorization Model: – Registration and authorization of services • Access key matches provider, consumer and permissions (like oAuth model) – To stop to share data, it is only needed to revoke key
  • 25. 2525 Practical IssuesPractical Issues • Deployment Model – Each user is the actual owner of his Social Machine – Each user choose how and where to deploy his SM – Choice vary according to skills, budget and privacy concerns • At his/her own site/company • Use one IaaS service, like Amazon infrastructure • Use a general host service – New market possibilities • Pay for a specialized SM host service • Dedicated hardware/software? (like Raspberry Pi) • Software as local applications, deployed (installed) on general hardware (desktops, laptops, mobile phones, etc)
  • 26. 2626 Social Machine models and people privacySocial Machine models and people privacy enhancementenhancement • Security, Authorization and Deploy models deal with: • But does not cover: – (v) availability and backup – (vi) Accidental data release to unintended recipients
  • 27. 2727 People as Social Machines:People as Social Machines: Practical IssuesPractical Issues • Privacy – Security Model – Authorization Model – Deployment Model •• ArchitectureArchitecture – Registry Service – Discoverability Service
  • 28. 2828 Architectural IssuesArchitectural Issues • To support Security, Authorization and Deploy models, it should have: • Registry Service – SM’s should be able to find each other after every deployment – Social Machine Name Registry System (SM-NRS) • Like current DNS systems • When deployed, each SM register itself on SM-NRS
  • 29. 2929 Architectural IssuesArchitectural Issues • Discoverability Service – Two possible ways to discover a Social Machine: – Public Discoverability • Registry service performs only the mapping: name – location • SM’s calls other SM’s directly – Private Discoverability • At registration, SM’s sends to Registry Service a list of SM’s allowed to find it. • Limits who can try to access the SM – Increase security – Can decrease/avoid DDoS attacks – Possibility of Service Overload
  • 30. 3030 USAGE SCENARIOSUSAGE SCENARIOS Is it possible to build most common current web applications according to the concept of People as Social Machines?
  • 31. 3131 Current apps asCurrent apps as Service Social MachinesService Social Machines • Instant Messages and Conversation Apps (Whatsapp, E-mail, etc) – Δ(publishing(text, attachments) + relationship(receiver)) • File Sharing Apps, like Dropbox – Δ(publishing(files) + relationship(receiver)) • Health Monitoring apps, like Whithings apps. – Δ(publishing(healthData) + relationship(himself, physician)) • Notes apps, like Evernote – Δ(publishing(notes) + relationship(himself, friends)) • Maps Apps, like Waze and Google Maps – Δ(publishing(location) + relationship(himself, friends))
  • 32. 3232 Services or AgentsServices or Agents • There is at least two possibilities to build the Services Social Machines • As external services – Services must ask for permission (relationship) to the Entity Social Machine, and after it starts to access their data. • As internal agents – SM owner simply install and run a software agent in his social machine, and it runs as a local application
  • 33. 3333 NEXT STEPNEXT STEP
  • 34. 3434 Current apps asCurrent apps as Service Social MachinesService Social Machines • Instant Messages and Conversation Apps (Whatsapp, E-mail, etc) • File Sharing Apps, like Dropbox • Health Monitoring apps, like Whithings apps. • Notes apps, like Evernote • Maps Apps, like Waze and Google Maps To choose one of these applications, to model it according to the concept of People as Social Machines (and refine the model), to develop, test, deploy and compare with current models.
  • 35. 3535 Towards the use of Social MachinesTowards the use of Social Machines to Enhance Personal Privacy on theto Enhance Personal Privacy on the InternetInternet (a draft)(a draft) SuggestionsSuggestions areare welcomewelcome!! www.assertlab.com Universidade Federal de Pernambuco Universidade Federal Rural de Pernambuco Centro de Estudos e Sistemas Avançados do Recife Kellyton Brito ksb@cin.ufpe.br Advisor: Silvio Meira silvio@meira.com Co-Advisor: Vinicius Garcia vcg@cin.ufpe.br
  • 36. 3636 ReferencesReferences [1] S. V. Belleghem, M. Eenhuizen, and E. Veris, "Social Media Around the World 2011," in http://www.slideshare.net/stevenvanbelleghem/social-media-around-the-world-2011, 2011. [2] M. Zuckerberg, "One Billion People on Facebook," in http://newsroom.fb.com/News/One-Billion-People- on-Facebook-1c9.aspx, 2012. [3] Telefonica, "Telefonica Global Millenial Survey: Global Results," in http://telefonica.com/millenials, 2013. [4] K. S. Brito, F. A. Durao, V. C. Garcia, and S. R. d. L. Meira, "How People Care about Their Personal Data Released on Social Media," in 11th Annual Converence on Privacy, Security and Trust, Tarragona, Spain, 2013. [5] S. Subashini and V. Kavitha, "A survey on security issues in service delivery models of cloud computing," Journal of Network and Computer Applications, vol. 34, pp. 1-11 2011. [6] D. Zissis and D. Lekkas, "Addressing cloud computing security issues," Future Generation Computer Systems, vol. 28, pp. 583-592, 2012. [7] S. Pearson and A. Benameur, "Privacy, Security and Trust Issues Arising from Cloud Computing," in IEEE Second International Conference on Cloud Computing Technology and Science, Indianapolis, USA, 2010. [8] L. Lessing, Code and other laws of Cyberspace, http://codev2.cc/ [9] "Google Terms of Service (revised on March 1, 2012)," in http://www.google.com/intl/en/policies/terms/, 2012. [10] "Facebook Terms of Service (revised on June 8, 2012.)," in https://www.facebook.com/legal/terms, 2012. [11] "Twitter Terms of Service (revised on June 25, 2012)," in https://twitter.com/tos, 2012.
  • 37. 3737 ReferencesReferences [12] S. R. L. Meira, V. A. A. Buregio, L. M. Nascimento, E. G. M. d. Figueiredo, M. Neto, B. P. Encarnação, and V. Garcia, "The emerging web of social machines," CoRR, vol. abs/1010.3045, 2010. [13] S. R. L. Meira, V. A. A. Buregio, L. M. Nascimento, E. G. M. d. Figueiredo, M. Neto, B. P. Encarnação, and V. Garcia, "The Emerging Web of Social Machines," in Computer Software and Applications Conference (COMPSAC), Munich, 2011, pp. 26-27. [14] V. Buregio, S. Meira, and N. Rosa, "Social Machines: A Unified Paradigm to Describe Social Web- Oriented Systems," in 22nd International World Wide Web Conference (WWW 2013 Companion), Rio de Janeiro, Brazil, 2013. [15] K. S. Brito, L. E. A. Otero, P. F. Muniz, L. M. Nascimento, V. A. d. A. Burégio, V. C. Garcia, and S. R. d. L. Meira, "Implementing Web Applications as Social Machines Composition: A Case Study," in 24th International Conference on Software Engineering & Knowledge Engineering (SEKE'2012), Redwood City, USA, 2012, pp. 311-314. [16] T. Berners-Lee and M. Fischetti, Weaving the Web: The Original Design and Ultimate Destiny of the World Wide Web. New York: Harper Collins, 1999. [17] N. R. Shadbolt, D. A. Smith, E. Simperl, M. V. Kleek, Y. Yang, and W. Hall, "Towards a classification framework for social machines," presented at the 22nd International World Wide Web Conference (WWW 2013 Companion), Rio de Janeiro, Brazil, 2013.