Upload
vini-balot
View
223
Download
0
Embed Size (px)
Citation preview
8/2/2019 vini p3
1/24
Copyright 2001-2004 Norman Sadeh
Semantic Web Technologies to
Reconcile Privacy and Context
Awareness
Norman M. SadehISRI- School of Computer Science
Carnegie Mellon University
Pittsburgh, PA - USA
8/2/2019 vini p3
2/24
Copyright 2001-2004 Norman Sadeh
Mobility Challenge
Can no longer assume the users undivided
attention
Time critical nature of many tasks
Limited input/output functionality
8/2/2019 vini p3
3/24
Copyright 2001-2004 Norman Sadeh
Context Awareness
All this argues for:
Higher levels of automation
Context awareness
True also in fixed Internet scenarios
8/2/2019 vini p3
4/24
Copyright 2001-2004 Norman Sadeh
Sources of Contextual Information A users context information is distributed across
a number of disparate resources
Calendar
Location tracking Address book
Buddy lists
Weather
Available resources vary from one user to another
and over time
e.g. roaming across different networks
8/2/2019 vini p3
5/24
Copyright 2001-2004 Norman Sadeh
Vision A growing collection of context-aware agents that
users can buy or subscribe to
Personal resources modeled as Semantic Web
services
Service profile
Each user has a Semantic eWallet Automated identification and access of a users
personal resources subject to privacy preferences
8/2/2019 vini p3
6/24
Copyright 2001-2004 Norman Sadeh
Semantic Web Approach
Ontologies to explicitly represent and reason about: Personal/Contextual Resources
Location tracking, calendar, organizationalresources, messaging resources, preferences, etc.
Contextual attributes
e.g. location, calendar activities, social ororganizational context, etc.
Preferences, incl. privacy preferences:
Access control preferences
Obfuscation rules
Web services
Automated service identification and access
8/2/2019 vini p3
7/24Copyright 2001-2004 Norman Sadeh
Personal Resource Ontology:
An ExamplePersonal
Resource
ActivityInformation
Resource
LocationInformation
ResourceList of Friends
Sprint PCS
Location Tracking
CMU LocationTracking
Microsoft OutlookCalendar
IS-A
INSTANCE
8/2/2019 vini p3
8/24Copyright 2001-2004 Norman Sadeh
MyCampusProject
Motivation:
Campus as everyday life microcosm
Objective:
Enhance campus life through context-awareservices accessible over the WLAN
Methodology:
Involve stakeholders in the design Students and other members of the community
Evaluate and extrapolate to other environments
Mobile Commerce, Mobile Enterprise, etc.
8/2/2019 vini p3
9/24Copyright 2001-2004 Norman Sadeh
Overall Architecture
Wireless
LAN
Calendar
LocationTracking
Internet and
Intranet Semantic
Web-enabled
Services
Task-Specific
Agents
e-Wallet
Users Personal
Environment
Social Context
Preferences
SemanticWeb-enabled
Context Resources
Personal ResourceDirectory
(incl. Privacy Pref.)
PersonalResource
Ontologies
Contextual
Ontologies
PersonalPreferenceOntologies
Service
Ontologies
Semantic Web
Service Directory
8/2/2019 vini p3
10/24Copyright 2001-2004 Norman Sadeh
Semantic eWallet
Context-independent knowledge Name, email address, context-independent preferences
Context-dependent knowledge
When driving, I dont want to receive instant messages
Service invocation rules
Automated service identification and access
Map contextual attributes onto different resources (personaland public)
Privacy rules
Access control rules Only my classmates can see my location
Obfuscation rules
My classmates can only see the building I am in butnot the actual room
8/2/2019 vini p3
11/24Copyright 2001-2004 Norman Sadeh
Location Tracking as Web Service
Location Tracking
as a Web Service
8/2/2019 vini p3
12/24Copyright 2001-2004 Norman Sadeh
e-
Asserting elementary needs forauthorized information
Pre-checkaccess rights
Post-checkaccess rights
Fetch usefulstatic knowledge
Application ofobfuscation rules
Query contextassertionQuery
Assertion ofauthorized knowledge
Result
Call relevantexternal services
Example : Query from John inquiring about Marys location
the sender of the query is John
Johns query requires accessing Marys location
1.Is John allowed to see Marys location given what we knowabout the context of the query?
2.Mary said she only allows colleagues to see her location when
she is on campus3.John is a colleague of Mary
Access location tracking functionality or Marys calendar
Is Mary on campus?
Mary is willing to disclose the building but not the room she is in
Mary is in Smith Hall
8/2/2019 vini p3
13/24Copyright 2001-2004 Norman Sadeh
FI
PAACLmessagesandOWLC
ontent
JADE platform
User InteractionAgent
Directory FacilitatorAgent (FIPA)
Agent ManagementAgent (FIPA)
e-Wallet ManagerAgent
OntologistAgent
Task-SpecificAgents
8/2/2019 vini p3
14/24Copyright 2001-2004 Norman Sadeh
Directory FacilitatorAgent (FIPA)
Agent ManagementAgent (FIPA)
FI
PAACLmessagesandOWLC
ontent
User InteractionAgent
HTTP Request
e-Wallet ManagerAgent
OntologistAgent
Task-SpecificAgents JADE platform
8/2/2019 vini p3
15/24Copyright 2001-2004 Norman Sadeh
privacyquery
answer
Design of an e-Wallet Three-layer architecture: security through
typing Core knowledge: User static & context-
sensitive knowledge
Service Layer: Automatic identification
and invocation of external sourcesof knowledge (e.g. public web services
and and personal resources)
Privacy layer: Enforces privacy rules
access control & obfuscation All facts represented in OWL
Backward chaining migration rules: privacyrules, service rules, static migration rules
serviceCore
Know-ledge
8/2/2019 vini p3
16/24Copyright 2001-2004 Norman Sadeh
privacyquery
answer
e-
Design of an e-Wallet Three-layer architecture: security through
typing Core knowledge: user static & context-
sensitive knowledge
Service Layer: automatic identification
and invocation of personal and publicsemantic web services
Privacy layer: enforces privacy rules
access control obfuscation rules
Asserting elementary needs forauthorized information
Pre-checkaccess rights
Post-checkaccess rights
Fetch usefulstatic knowledge
Application ofobfuscation rules
Query contextassertionQuery
Assertion ofauthorized knowledge
Result
Call relevantexternal services
serviceCore
Know-
ledge
8/2/2019 vini p3
17/24Copyright 2001-2004 Norman Sadeh
Implementation DetailsOWL
Meta-model
in CLIPSOntologyin OWL
Annotationin OWL
Rulein (R)OWL
Servicesin (W)OWL
Privacyin (S)OWL
Queryin (Q)OWL
Ontologystylesheet&Annotationstylesheet&
Rulestylesheet&
Servicestylesheet&
Privacystylesheet&
Querystylesheet&
Ontologyin CLIPS
Annotationin CLIPS
Rulein CLIPS
Service rulein CLIPS
Privacy rulein CLIPS
Query rulesin CLIPS
XSLT Engine
Resultin OWL
JESS
8/2/2019 vini p3
18/24Copyright 2001-2004 Norman Sadeh
Visualizing & Editing Preferences
Visualizing & editing a privacy rule
8/2/2019 vini p3
19/24Copyright 2001-2004 Norman Sadeh
Editing Based on Existing Ontologies
8/2/2019 vini p3
20/24Copyright 2001-2004 Norman Sadeh
Obfuscation Example
User location finder
City block levelCity level level
8/2/2019 vini p3
21/24Copyright 2001-2004 Norman Sadeh
Slide Projector Agent
8/2/2019 vini p3
22/24
Copyright 2001-2004 Norman Sadeh
Empirical Evaluation
Initial prototype working on Carnegie Mellons campus
Restaurant concierge agent, message filtering agent,etc.
Integration with calendar, location tracking, userprofile, etc.
Evaluation
Context awareness adds value
Requires access to a broad range of resources/attributes
Privacy concerns have to be addressed Additional validation on context-aware enterprise and DoD
applications
8/2/2019 vini p3
23/24
Copyright 2001-2004 Norman Sadeh
Concluding Remarks Context awareness helps overcome the limitations of
mobile devices and the time criticality of mobile
scenarios Context awareness makes privacy even more critical
Our experiments indicate that user preferences areoften complex
Incl. context-sensitive preferences Capturing these preferences is far from trivial
Default profiles, learning, dialogs,
How far can we go?
Semantic Web approach Allows for policies that refer to concepts
introduced in any number of domain-specificontologies
Opportunities for reconciliation with P3P/APPEL
8/2/2019 vini p3
24/24
C i h 2001 2004 S d h
Q&A
Source:http://www.firstmonday.org/issues/issue
4_9/odlyzko/index.html