Trust-aware privacy preferences for information sharing on the web of data

Sacco, Owen
The Web has significantly simplified the creation and sharing of information. However, this evolution has brought about many challenges especially with regards to user privacy when sharing sensitive information on the Web. Once a user's information is published, the user cannot control how their data can be accessed apart from applying generic preferences (such as "friends" or "family" in Social Web applications) since most Web applications' privacy settings are weak by design. These generic preferences cannot be exported and reused in other Web applications, and require the user to set up each preference in every Web application, even for the same information. Moreover, most Web applications assume that whoever is accessing the shared information is a trustworthy party and assume that all users share the same level of trust. However, users require more fine-grained preferences that enable users to control who can access their information whilst taking trust measures into consideration to indicate whether who is consuming the information is trustworthy or not. These preferences must be represented and structured in a standardised manner that could be utilised by any Web application. Most Web applications make use of structured data and tools exist to extract information into standardised structured formats using common vocabularies. However, privacy and trust preferences are still isolated, and can neither be extracted nor represented. In this research, we describe how our contributions enable finer-grained privacy preferences by presenting our Privacy Preference Ontology (PPO); a light-weight vocabulary for defining privacy settings on the Web of Data. We describe the formal model of the Privacy Preference Ontology (PPO) and also present the Privacy Preference Manager (PPM), a manager that allows users to (1) create privacy preferences using the aforementioned ontology and (2) controls access to their data to third-parties based on profile features such as interests, relationships and other common attributes. We also present our Semantic Authorisation (SemAuth) Framework, which builds upon the Privacy Preference Ontology (PPO) and the Privacy Preference Manager (PPM), that provides users with fine-grained authorisation measures for sharing information with third party applications. Furthermore, we also describe our trust model that asserts trust values from social information and indicates whether a third party accessing data is trustworthy. We also present our Trust Manager (TM) that implements our trust model to assert trust values from the extracted social information from Social Web applications. The Trust Manager (TM) is then integrated within the Privacy Preference Manager (PPM) to assert trust values of third parties on which privacy preferences could be enforced. In summary, our research on trust combined together with our research on privacy will create a safer Web of Data for users to share their information.
Publisher DOI
Attribution-NonCommercial-NoDerivs 3.0 Ireland