Controlling Disclosure in App Ecosystems
pdf
ABSTRACT
The modern computing landscape contains an increasing number of app ecosystems, where users store personal data on platforms such as Facebook or on smartphones, and APIs enable third- party apps (applications) to utilize that data and perhaps redistribute it further. A key concern associated with app ecosystems is the privacy of user data. We argue that in an app ecosystem, any notion of disclosure must be data-derived, i.e. strongly tied to the information content of the user data, fine-grained and hierarchical to allow the formulation of precise privacy policies, and semantically meaningful.
We present a solution based on a lattice of security views: users define access policies by permitting or restricting access to these views. Each incoming query is labeled with the precise set of security views that is needed to answer it. If the label for the query is lower than a value specified in the policy, the query is allowed. We explain how our framework can be used in practice and provide algorithms for labeling conjunctive queries under both set and bag semantics for the case of single-atom security views. We show that our approach is useful by demonstrating the scalability of our algorithms and by applying it to the real-world disclosure control system used by Facebook, where we identify several inconsistencies.
Award ID: 1012593
Submitted by Katie Dey
on
ABSTRACT
The modern computing landscape contains an increasing number of app ecosystems, where users store personal data on platforms such as Facebook or on smartphones, and APIs enable third- party apps (applications) to utilize that data and perhaps redistribute it further. A key concern associated with app ecosystems is the privacy of user data. We argue that in an app ecosystem, any notion of disclosure must be data-derived, i.e. strongly tied to the information content of the user data, fine-grained and hierarchical to allow the formulation of precise privacy policies, and semantically meaningful.
We present a solution based on a lattice of security views: users define access policies by permitting or restricting access to these views. Each incoming query is labeled with the precise set of security views that is needed to answer it. If the label for the query is lower than a value specified in the policy, the query is allowed. We explain how our framework can be used in practice and provide algorithms for labeling conjunctive queries under both set and bag semantics for the case of single-atom security views. We show that our approach is useful by demonstrating the scalability of our algorithms and by applying it to the real-world disclosure control system used by Facebook, where we identify several inconsistencies.
Award ID: 1012593