Policy-by-Example for Online Social Networks

Abstract:

We introduce two approaches for improving privacy policy management in online

social networks. First, we introduce a mechanism using proven clustering
techniques that assists users in grouping their friends for group based policy
management approaches. Second, we introduce a policy management approach
that leverages a user's memory and opinion of their friends to set policies for other
similar friends. W refer to this new approach as Same-As Policy Management.To
demonstrate the effectiveness of our policy management improvements, we
implemented a prototype Facebook application and conducted an extensive user
study. Leveraging proven clustering techniques, we demonstrated a 23% reduction
in friend grouping time. In addition, we demonstrated considerable reductions in
policy authoring time using Same- As Policy Management over traditional group
based policy management approaches. Finally, we presented user perceptions of
both improvements, which are very encouraging.

Algorithm Used:

Clasuet Newman Moore (CNM) network clustering algorithm:

This clustering algorithm analyzes and detects community structure in networks by

optimizing their modularity. Our prototype clusters the user's social network graph
creating CNM clusters (or groups) of friends. During friend grouping, we present the
friends to the user in CNM group order as recommendations. For example, Bob has
50 friends and clustering his social network graph using CNM produces five clusters.
We present to Bob, as recommendations for grouping, all the friends of one CNM
group before presenting the friends of each subsequent CNM group. The premise is
that CNM groups roughly align with user defined friend populated relationship
groups.

System Architecture:
Existing System:

The existing work could model and analyze access control requirements with
respect to collaborative authorization management of shared data in OSNs. The
need of joint management for data sharing, especially photo sharing, in OSNs has
been recognized by the recent work provided a solution for collective privacy
management in OSNs. Their work considered access control policies of a content
that is co-owned by multiple users in an OSN, such that each co-owner may
separately specify her/his own privacy preference for the shared content.

Disadvantages:

1. New content is being added every day; an average Facebook user generates
over 90 pieces of content each month. This large amount of content coupled
with the significant number of users online makes maintaining appropriate
levels of privacy very challenging.

Proposed System:
We introduce a user assisted friend grouping mechanism that enhances traditional
group based policy management approaches. Assisted Friend Grouping leverages
proven clustering techniques to aid users in grouping their friends more efficiently.
Our approach has demonstrated promising results in assisting users in efficiently
grouping and setting expressive policies for their friends. In addition, user
perceptions are encouraging.

Advantages:
1. We introduce a policy management approach for online social networks that
leverages a user's memory and opinion of their friends to set policies for
other similar friends, which we refer to as Same-As Policy Management.
Using a visual policy editor that takes advantage of friend recognition and
minimal task interruptions, Same-As Policy Management demonstrated
improved performance and user perceptions over traditional group based
policy management approaches

2. We implemented a prototype Facebook application and conducted an

extensive user study evaluating our improvements to privacy policy
management in online social networks.

Module Description:
1. Assisted Friend Grouping
2. Same-As Policy Management
3. Not Assisted Friend Grouping
4. Friend Grouping

Assisted Friend Grouping:

Group based policy management allows users to populate groups based on

relationship and assign object permissions to the groups. For the purposes of our
prototype Facebook application, we predefined 10 relationship groups: Family,
Close Friends, Graduate School, Under Graduate School, High School,Work, I do not
know, Friends of Friend, Community and Other. These groups where carefully
selected, in part, from the work of Jones et al.. They postulate that users group
their friends, for controlling privacy, based on six criteria: Social Circles, Tie
Strength, Temporal Episodes, Geographical Locations, Functional Roles and
Organizational Boundaries. Our friend relationship groups were selected to reect
these criteria.

Same-As Policy Management:

In group based policy management, the user must first group their friends. After
which, they must select group permissions (setting the group policy). Finally,
friend-level exceptions to the group policy are set. A user's attention (mental
model) is focused in multiple areas. Whereas, in Same-As Policy Management, the
user's attention is focused on a specific friend. The user leverages their memory
and opinion of a friend to set policies for other like friends. In essence, we use a
friend recognition approach, with minimal task interruptions, to aid the user in
setting policies. A representative friend is selected (Same-As Example Friend),
profile object permissions are assigned to this example friend and other similar
friends (Same-As Friends) are associated with the same set of object permissions.
Figure 4 illustrates our model; the Same-As Example Friend is depicted in front of
the user's other similar friends who have been assigned the same set of object
permissions.
Not Assisted Friend Grouping:

By presenting friends in the order they potentially will be grouped, the friend
grouping time can be vastly reduced. The user's mental model is focused on
roughly one relationship at a time, e.g., work colleagues. The user can quickly
ascertain that the stream of friends being presented are all work colleagues and can
be placed in the Work group. This approach reduces the number of mental task
switches" the user must perform between multiple relationship groups. After all the
friends are grouped, the user sets the group policy by setting permissions that
allow or deny access to the user's profile objects, e.g., email address, photos, etc.
Finally, we provide the user the ability to set friend-level exceptions for each group
policy. For example, a group policy may deny access to the user's email address
except for group member Alice. Most social networking platforms also provide a
policy exception setting capability

Friend Grouping:

Using our visual policy editor, the user assigns the appropriate object level
permissions for each object within their profile to this Same-As Example Friend. For
the purposes of our prototype Facebook application, we presented three profile
object categories: Albums, About Me and Education and Work. Within each profile
object category, objects of the same family are presented. For example, About Me
includes Birthday, Status, Current City, email, etc., as indicated in Figure 5. The
user can allow or deny access to any object or object category by simply clicking on
the object or object category. For example, if the user doesn't want the Same-As
Example Friend to have access to a specific photo album, they merely click on that
album and the object permission is set to deny. The selected photo album will be
grayed out. Or, for example, if the user doesn't want to allow access to any of their
education and work information, they click on the object category Education and
Work and the entire object category will be grayed out, thus effectively setting the
permissions to deny for each profile object within that category. Any permutation of
permissions is allowed.

System Configuration:-

H/W System Configuration:-

Processor - Pentium –III

Speed - 1.1 Ghz

RAM - 256 MB(min)

Hard Disk - 20 GB

Floppy Drive - 1.44 MB

Key Board - Standard Windows Keyboard

Mouse - Two or Three Button Mouse

Monitor - SVGA

S/W System Configuration:-

 Operating System :Windows95/98/2000/XP

 Application Server : Tomcat5.0/6.X

 Front End : HTML, Java, JSP,AJAX

 Scripts : JavaScript.

 Server side Script : Java Server Pages.

 Database Connectivity : Mysql.