Privacy-preserving Policies Reconciliation in Social Networks
Current Social Networks enable users to customize their privacy settings according to selections predeﬁned by the service provider. As a consequence the conﬁgurability of privacy settings is typically quite inﬂexible. In addition, this setup is quite unbalanced as it provides the service provider with a lot more power than the user as it is the service provider that sets the initial choices while the user can only select from these.
A more desirable setup therefore would allow users to specify their privacy requirements as policy rules and providers to specify their privacy enforcement capabilities as policy rules independently using a common policy language. A reconciliation protocol between the two then determines a common set of privacy settings that simultaneously meets the user’s requirements and the providers enforcement capabilities.
Today’s policy reconciliation protocols typically require one party to reveal its complete set of policy rules to the other party (or a trusted third party) which then determines (if possible) a conﬂict-free common set of policy rules. However, this setup already reveals potentially private information to the service provider. To prevent this kind of leakage, the reconciliation process itself can be protected with the help of privacy-preserving techniques such as privacy-preserving set intersection protocols.
Proceeding one step further, users and service providers may be willing to accept several diﬀerent combinations of privacy settings but may like these settings diﬀerently well. E.g. a user may be willing to make his birthday public if this is required to participate in the social network in the ﬁrst place, but may prefer not make it public if this is a possible choice. In a situation where both parties have preferences with respect to their acceptable settings, providing this information to the other party will typically lead to an unfair selection as the party that can make the choice will select the settings that maximize their own preferences rather than taking the preferences of the other party into account. In addition the settings as well as the preferences reveals unnecessary information about each party. In this context we developed reconciliation protocols that allow two parties to determine a common set of privacy settings that maximizes both parties preferences and at the same time does not reveal any information about the other party’s input or preferences.
Graduand: David Ferrest
Supervisor: Georg Neugebauer