vini p3

Embed Size (px)

Citation preview

  • 8/2/2019 vini p3

    1/24

    Copyright 2001-2004 Norman Sadeh

    Semantic Web Technologies to

    Reconcile Privacy and Context

    Awareness

    Norman M. SadehISRI- School of Computer Science

    Carnegie Mellon University

    Pittsburgh, PA - USA

  • 8/2/2019 vini p3

    2/24

    Copyright 2001-2004 Norman Sadeh

    Mobility Challenge

    Can no longer assume the users undivided

    attention

    Time critical nature of many tasks

    Limited input/output functionality

  • 8/2/2019 vini p3

    3/24

    Copyright 2001-2004 Norman Sadeh

    Context Awareness

    All this argues for:

    Higher levels of automation

    Context awareness

    True also in fixed Internet scenarios

  • 8/2/2019 vini p3

    4/24

    Copyright 2001-2004 Norman Sadeh

    Sources of Contextual Information A users context information is distributed across

    a number of disparate resources

    Calendar

    Location tracking Address book

    Buddy lists

    Weather

    Available resources vary from one user to another

    and over time

    e.g. roaming across different networks

  • 8/2/2019 vini p3

    5/24

    Copyright 2001-2004 Norman Sadeh

    Vision A growing collection of context-aware agents that

    users can buy or subscribe to

    Personal resources modeled as Semantic Web

    services

    Service profile

    Each user has a Semantic eWallet Automated identification and access of a users

    personal resources subject to privacy preferences

  • 8/2/2019 vini p3

    6/24

    Copyright 2001-2004 Norman Sadeh

    Semantic Web Approach

    Ontologies to explicitly represent and reason about: Personal/Contextual Resources

    Location tracking, calendar, organizationalresources, messaging resources, preferences, etc.

    Contextual attributes

    e.g. location, calendar activities, social ororganizational context, etc.

    Preferences, incl. privacy preferences:

    Access control preferences

    Obfuscation rules

    Web services

    Automated service identification and access

  • 8/2/2019 vini p3

    7/24Copyright 2001-2004 Norman Sadeh

    Personal Resource Ontology:

    An ExamplePersonal

    Resource

    ActivityInformation

    Resource

    LocationInformation

    ResourceList of Friends

    Sprint PCS

    Location Tracking

    CMU LocationTracking

    Microsoft OutlookCalendar

    IS-A

    INSTANCE

  • 8/2/2019 vini p3

    8/24Copyright 2001-2004 Norman Sadeh

    MyCampusProject

    Motivation:

    Campus as everyday life microcosm

    Objective:

    Enhance campus life through context-awareservices accessible over the WLAN

    Methodology:

    Involve stakeholders in the design Students and other members of the community

    Evaluate and extrapolate to other environments

    Mobile Commerce, Mobile Enterprise, etc.

  • 8/2/2019 vini p3

    9/24Copyright 2001-2004 Norman Sadeh

    Overall Architecture

    Wireless

    LAN

    Calendar

    LocationTracking

    Internet and

    Intranet Semantic

    Web-enabled

    Services

    Task-Specific

    Agents

    e-Wallet

    Users Personal

    Environment

    Social Context

    Preferences

    SemanticWeb-enabled

    Context Resources

    Personal ResourceDirectory

    (incl. Privacy Pref.)

    PersonalResource

    Ontologies

    Contextual

    Ontologies

    PersonalPreferenceOntologies

    Service

    Ontologies

    Semantic Web

    Service Directory

  • 8/2/2019 vini p3

    10/24Copyright 2001-2004 Norman Sadeh

    Semantic eWallet

    Context-independent knowledge Name, email address, context-independent preferences

    Context-dependent knowledge

    When driving, I dont want to receive instant messages

    Service invocation rules

    Automated service identification and access

    Map contextual attributes onto different resources (personaland public)

    Privacy rules

    Access control rules Only my classmates can see my location

    Obfuscation rules

    My classmates can only see the building I am in butnot the actual room

  • 8/2/2019 vini p3

    11/24Copyright 2001-2004 Norman Sadeh

    Location Tracking as Web Service

    Location Tracking

    as a Web Service

  • 8/2/2019 vini p3

    12/24Copyright 2001-2004 Norman Sadeh

    e-

    Asserting elementary needs forauthorized information

    Pre-checkaccess rights

    Post-checkaccess rights

    Fetch usefulstatic knowledge

    Application ofobfuscation rules

    Query contextassertionQuery

    Assertion ofauthorized knowledge

    Result

    Call relevantexternal services

    Example : Query from John inquiring about Marys location

    the sender of the query is John

    Johns query requires accessing Marys location

    1.Is John allowed to see Marys location given what we knowabout the context of the query?

    2.Mary said she only allows colleagues to see her location when

    she is on campus3.John is a colleague of Mary

    Access location tracking functionality or Marys calendar

    Is Mary on campus?

    Mary is willing to disclose the building but not the room she is in

    Mary is in Smith Hall

  • 8/2/2019 vini p3

    13/24Copyright 2001-2004 Norman Sadeh

    FI

    PAACLmessagesandOWLC

    ontent

    JADE platform

    User InteractionAgent

    Directory FacilitatorAgent (FIPA)

    Agent ManagementAgent (FIPA)

    e-Wallet ManagerAgent

    OntologistAgent

    Task-SpecificAgents

  • 8/2/2019 vini p3

    14/24Copyright 2001-2004 Norman Sadeh

    Directory FacilitatorAgent (FIPA)

    Agent ManagementAgent (FIPA)

    FI

    PAACLmessagesandOWLC

    ontent

    User InteractionAgent

    HTTP Request

    e-Wallet ManagerAgent

    OntologistAgent

    Task-SpecificAgents JADE platform

  • 8/2/2019 vini p3

    15/24Copyright 2001-2004 Norman Sadeh

    privacyquery

    answer

    Design of an e-Wallet Three-layer architecture: security through

    typing Core knowledge: User static & context-

    sensitive knowledge

    Service Layer: Automatic identification

    and invocation of external sourcesof knowledge (e.g. public web services

    and and personal resources)

    Privacy layer: Enforces privacy rules

    access control & obfuscation All facts represented in OWL

    Backward chaining migration rules: privacyrules, service rules, static migration rules

    serviceCore

    Know-ledge

  • 8/2/2019 vini p3

    16/24Copyright 2001-2004 Norman Sadeh

    privacyquery

    answer

    e-

    Design of an e-Wallet Three-layer architecture: security through

    typing Core knowledge: user static & context-

    sensitive knowledge

    Service Layer: automatic identification

    and invocation of personal and publicsemantic web services

    Privacy layer: enforces privacy rules

    access control obfuscation rules

    Asserting elementary needs forauthorized information

    Pre-checkaccess rights

    Post-checkaccess rights

    Fetch usefulstatic knowledge

    Application ofobfuscation rules

    Query contextassertionQuery

    Assertion ofauthorized knowledge

    Result

    Call relevantexternal services

    serviceCore

    Know-

    ledge

  • 8/2/2019 vini p3

    17/24Copyright 2001-2004 Norman Sadeh

    Implementation DetailsOWL

    Meta-model

    in CLIPSOntologyin OWL

    Annotationin OWL

    Rulein (R)OWL

    Servicesin (W)OWL

    Privacyin (S)OWL

    Queryin (Q)OWL

    Ontologystylesheet&Annotationstylesheet&

    Rulestylesheet&

    Servicestylesheet&

    Privacystylesheet&

    Querystylesheet&

    Ontologyin CLIPS

    Annotationin CLIPS

    Rulein CLIPS

    Service rulein CLIPS

    Privacy rulein CLIPS

    Query rulesin CLIPS

    XSLT Engine

    Resultin OWL

    JESS

  • 8/2/2019 vini p3

    18/24Copyright 2001-2004 Norman Sadeh

    Visualizing & Editing Preferences

    Visualizing & editing a privacy rule

  • 8/2/2019 vini p3

    19/24Copyright 2001-2004 Norman Sadeh

    Editing Based on Existing Ontologies

  • 8/2/2019 vini p3

    20/24Copyright 2001-2004 Norman Sadeh

    Obfuscation Example

    User location finder

    City block levelCity level level

  • 8/2/2019 vini p3

    21/24Copyright 2001-2004 Norman Sadeh

    Slide Projector Agent

  • 8/2/2019 vini p3

    22/24

    Copyright 2001-2004 Norman Sadeh

    Empirical Evaluation

    Initial prototype working on Carnegie Mellons campus

    Restaurant concierge agent, message filtering agent,etc.

    Integration with calendar, location tracking, userprofile, etc.

    Evaluation

    Context awareness adds value

    Requires access to a broad range of resources/attributes

    Privacy concerns have to be addressed Additional validation on context-aware enterprise and DoD

    applications

  • 8/2/2019 vini p3

    23/24

    Copyright 2001-2004 Norman Sadeh

    Concluding Remarks Context awareness helps overcome the limitations of

    mobile devices and the time criticality of mobile

    scenarios Context awareness makes privacy even more critical

    Our experiments indicate that user preferences areoften complex

    Incl. context-sensitive preferences Capturing these preferences is far from trivial

    Default profiles, learning, dialogs,

    How far can we go?

    Semantic Web approach Allows for policies that refer to concepts

    introduced in any number of domain-specificontologies

    Opportunities for reconciliation with P3P/APPEL

  • 8/2/2019 vini p3

    24/24

    C i h 2001 2004 S d h

    Q&A

    Source:http://www.firstmonday.org/issues/issue

    4_9/odlyzko/index.html