2017
Colombo, Pietro; Ferrari, Elena
Towards a Unifying Attribute Based Access Control Approach for NoSQL Datastores Proceedings Article
In: 33rd IEEE International Conference on Data Engineering, ICDE 2017, San Diego, CA, USA, April 19-22, 2017, pp. 709–720, IEEE Computer Society, 2017.
@inproceedings{DBLP:conf/icde/ColomboF17,
title = {Towards a Unifying Attribute Based Access Control Approach for NoSQL
Datastores},
author = {Pietro Colombo and Elena Ferrari},
url = {https://doi.org/10.1109/ICDE.2017.123},
doi = {10.1109/ICDE.2017.123},
year = {2017},
date = {2017-01-01},
booktitle = {33rd IEEE International Conference on Data Engineering, ICDE 2017,
San Diego, CA, USA, April 19-22, 2017},
pages = {709--720},
publisher = {IEEE Computer Society},
abstract = {NoSQL datastores allow the efficient management of high volumes of heterogeneous and unstructured data, meeting the requirements of a variety of today ICT applications. However, most of these systems poorly support data security, and recent surveys show that their simplistic support for data protection is considered as a reason not to use them.1 In recent years, Attribute Based Access Control (ABAC) is getting more and more popularity, for its ability to provide highly flexible and customized forms of data protection at different granularity levels. In the current work, with the aim to raise users' confidence in the protection of data managed by NoSQL systems, we define a general approach to enforce ABAC within NoSQL systems. Our approach relies on SQL++[20], a unifying query language for NoSQL platforms. In particular, we develop a novel SQL++ query rewriting mechanism able to enforce heterogeneous types of ABAC policies specified up to cell level. Experimental results show an overhead which is not negligible for policies covering high percentage of the fields characterizing the protected documents, but which is far more contained when field level policies are more sparsely specified.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
NoSQL datastores allow the efficient management of high volumes of heterogeneous and unstructured data, meeting the requirements of a variety of today ICT applications. However, most of these systems poorly support data security, and recent surveys show that their simplistic support for data protection is considered as a reason not to use them.1 In recent years, Attribute Based Access Control (ABAC) is getting more and more popularity, for its ability to provide highly flexible and customized forms of data protection at different granularity levels. In the current work, with the aim to raise users' confidence in the protection of data managed by NoSQL systems, we define a general approach to enforce ABAC within NoSQL systems. Our approach relies on SQL++[20], a unifying query language for NoSQL platforms. In particular, we develop a novel SQL++ query rewriting mechanism able to enforce heterogeneous types of ABAC policies specified up to cell level. Experimental results show an overhead which is not negligible for policies covering high percentage of the fields characterizing the protected documents, but which is far more contained when field level policies are more sparsely specified.
Ferrari, Elena
Identification Services for Online Social Networks (OSNs) Extended Abstract Proceedings Article
In: Hansen, Marit; Kosta, Eleni; Fovino, Igor Nai; ü, Simone Fischer-H (Ed.): Privacy and Identity Management. The Smart Revolution - 12th IFIP WG 9.2, 9.5, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Ispra, Italy, September 4-8, 2017, Revised Selected Papers, pp. 240–242, Springer, 2017.
@inproceedings{DBLP:conf/primelife/Ferrari17,
title = {Identification Services for Online Social Networks (OSNs) Extended
Abstract},
author = {Elena Ferrari},
editor = {Marit Hansen and Eleni Kosta and Igor Nai Fovino and Simone Fischer-H \"{u}},
url = {https://doi.org/10.1007/978-3-319-92925-5_16},
doi = {10.1007/978-3-319-92925-5_16},
year = {2017},
date = {2017-01-01},
booktitle = {Privacy and Identity Management. The Smart Revolution - 12th IFIP
WG 9.2, 9.5, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School,
Ispra, Italy, September 4-8, 2017, Revised Selected Papers},
volume = {526},
pages = {240--242},
publisher = {Springer},
series = {IFIP Advances in Information and Communication Technology},
abstract = {On-line Social Networks (OSNs) have dramatically changed how users connect, communicate, share content, and exchange goods and services. However, despite all the benefits and the flexibility that OSNs provide, their users become more reliant on online identities with often no means to know who really is behind an online profile. Indeed, to facilitate their adoption and encourage people to join, identities in OSNs are very loose, in that not much more than an email address is required to create an account and related profile. Therefore, the problem of fake accounts and identity related attacks in OSNs has attracted considerable interest from the research community, and resulted in several proposals that mainly aim at detecting malicious nodes that follow identified and formalized attack trends. Without denying the importance of formalizing Sybil attacks and suggesting solutions for their detection, in this extended abstract we also consider the issue of identity validation from a user perspective, by briefly discussing the research proposals aiming at empowering users with tools helping them to identify the validity of the online accounts they interact with.On-line Social Networks (OSNs) have dramatically changed how users connect, communicate, share content, and exchange goods and services. However, despite all the benefits and the flexibility that OSNs provide, their users become more reliant on online identities with often no means to know who really is behind an online profile. Indeed, to facilitate their adoption and encourage people to join, identities in OSNs are very loose, in that not much more than an email address is required to create an account and related profile. Therefore, the problem of fake accounts and identity related attacks in OSNs has attracted considerable interest from the research community, and resulted in several proposals that mainly aim at detecting malicious nodes that follow identified and formalized attack trends. Without denying the importance of formalizing Sybil attacks and suggesting solutions for their detection, in this extended abstract we also consider the issue of identity validation from a user perspective, by briefly discussing the research proposals aiming at empowering users with tools helping them to identify the validity of the online accounts they interact with.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
On-line Social Networks (OSNs) have dramatically changed how users connect, communicate, share content, and exchange goods and services. However, despite all the benefits and the flexibility that OSNs provide, their users become more reliant on online identities with often no means to know who really is behind an online profile. Indeed, to facilitate their adoption and encourage people to join, identities in OSNs are very loose, in that not much more than an email address is required to create an account and related profile. Therefore, the problem of fake accounts and identity related attacks in OSNs has attracted considerable interest from the research community, and resulted in several proposals that mainly aim at detecting malicious nodes that follow identified and formalized attack trends. Without denying the importance of formalizing Sybil attacks and suggesting solutions for their detection, in this extended abstract we also consider the issue of identity validation from a user perspective, by briefly discussing the research proposals aiming at empowering users with tools helping them to identify the validity of the online accounts they interact with.On-line Social Networks (OSNs) have dramatically changed how users connect, communicate, share content, and exchange goods and services. However, despite all the benefits and the flexibility that OSNs provide, their users become more reliant on online identities with often no means to know who really is behind an online profile. Indeed, to facilitate their adoption and encourage people to join, identities in OSNs are very loose, in that not much more than an email address is required to create an account and related profile. Therefore, the problem of fake accounts and identity related attacks in OSNs has attracted considerable interest from the research community, and resulted in several proposals that mainly aim at detecting malicious nodes that follow identified and formalized attack trends. Without denying the importance of formalizing Sybil attacks and suggesting solutions for their detection, in this extended abstract we also consider the issue of identity validation from a user perspective, by briefly discussing the research proposals aiming at empowering users with tools helping them to identify the validity of the online accounts they interact with.
Diesner, Jana; Ferrari, Elena; Xu, Guandong (Ed.)
ACM, 2017, ISBN: 978-1-4503-4993-2.
@proceedings{DBLP:conf/asunam/2017,
title = {Proceedings of the 2017 IEEE/ACM International Conference on Advances
in Social Networks Analysis and Mining 2017, Sydney, Australia, July
31 - August 03, 2017},
editor = {Jana Diesner and Elena Ferrari and Guandong Xu},
url = {https://doi.org/10.1145/3110025},
doi = {10.1145/3110025},
isbn = {978-1-4503-4993-2},
year = {2017},
date = {2017-01-01},
publisher = {ACM},
abstract = {No abstract available.},
keywords = {},
pubstate = {published},
tppubtype = {proceedings}
}
No abstract available.
2016
Colombo, Pietro; Ferrari, Elena
Fine-Grained Access Control Within NoSQL Document-Oriented Datastores Journal Article
In: Data Sci. Eng., vol. 1, no. 3, pp. 127–138, 2016.
@article{DBLP:journals/dase/ColomboF16,
title = {Fine-Grained Access Control Within NoSQL Document-Oriented Datastores},
author = {Pietro Colombo and Elena Ferrari},
url = {https://doi.org/10.1007/s41019-016-0015-z},
doi = {10.1007/s41019-016-0015-z},
year = {2016},
date = {2016-01-01},
journal = {Data Sci. Eng.},
volume = {1},
number = {3},
pages = {127--138},
abstract = {The recent years have seen the birth of several NoSQL datastores, which are getting more and more popularity for their ability to handle high volumes of heterogeneous and unstructured data in a very efficient way. In several cases, NoSQL databases proved to outclass in terms of performance, scalability, and ease of use relational database management systems, meeting the requirements of a variety of today ICT applications. However, recent surveys reveal that, despite their undoubted popularity, NoSQL datastores suffer from some weaknesses, among which the lack of effective support for data protection appears among the most serious ones. Proper data protection mechanisms are therefore required to fill this void. In this work, we start to address this issue by focusing on access control and discussing the definition of a fine-grained access control framework for document-oriented NoSQL datastores. More precisely, we first focus on issues and challenges related to the definition of such a framework, considering theoretical, implementation, and integration aspects. Then, we discuss the reasons for which state-of-the-art fine-grained access control solutions proposed for relational database management systems cannot be used within the NoSQL scenario. We then introduce possible strategies to address the identified issues, which are at the basis of the framework development. Finally, we shortly report the outcome of an experience where the proposed framework has been used to enhance the data protection features of a popular NoSQL database.The recent years have seen the birth of several NoSQL datastores, which are getting more and more popularity for their ability to handle high volumes of heterogeneous and unstructured data in a very efficient way. In several cases, NoSQL databases proved to outclass in terms of performance, scalability, and ease of use relational database management systems, meeting the requirements of a variety of today ICT applications. However, recent surveys reveal that, despite their undoubted popularity, NoSQL datastores suffer from some weaknesses, among which the lack of effective support for data protection appears among the most serious ones. Proper data protection mechanisms are therefore required to fill this void. In this work, we start to address this issue by focusing on access control and discussing the definition of a fine-grained access control framework for document-oriented NoSQL datastores. More precisely, we first focus on issues and challenges related to the definition of such a framework, considering theoretical, implementation, and integration aspects. Then, we discuss the reasons for which state-of-the-art fine-grained access control solutions proposed for relational database management systems cannot be used within the NoSQL scenario. We then introduce possible strategies to address the identified issues, which are at the basis of the framework development. Finally, we shortly report the outcome of an experience where the proposed framework has been used to enhance the data protection features of a popular NoSQL database.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The recent years have seen the birth of several NoSQL datastores, which are getting more and more popularity for their ability to handle high volumes of heterogeneous and unstructured data in a very efficient way. In several cases, NoSQL databases proved to outclass in terms of performance, scalability, and ease of use relational database management systems, meeting the requirements of a variety of today ICT applications. However, recent surveys reveal that, despite their undoubted popularity, NoSQL datastores suffer from some weaknesses, among which the lack of effective support for data protection appears among the most serious ones. Proper data protection mechanisms are therefore required to fill this void. In this work, we start to address this issue by focusing on access control and discussing the definition of a fine-grained access control framework for document-oriented NoSQL datastores. More precisely, we first focus on issues and challenges related to the definition of such a framework, considering theoretical, implementation, and integration aspects. Then, we discuss the reasons for which state-of-the-art fine-grained access control solutions proposed for relational database management systems cannot be used within the NoSQL scenario. We then introduce possible strategies to address the identified issues, which are at the basis of the framework development. Finally, we shortly report the outcome of an experience where the proposed framework has been used to enhance the data protection features of a popular NoSQL database.The recent years have seen the birth of several NoSQL datastores, which are getting more and more popularity for their ability to handle high volumes of heterogeneous and unstructured data in a very efficient way. In several cases, NoSQL databases proved to outclass in terms of performance, scalability, and ease of use relational database management systems, meeting the requirements of a variety of today ICT applications. However, recent surveys reveal that, despite their undoubted popularity, NoSQL datastores suffer from some weaknesses, among which the lack of effective support for data protection appears among the most serious ones. Proper data protection mechanisms are therefore required to fill this void. In this work, we start to address this issue by focusing on access control and discussing the definition of a fine-grained access control framework for document-oriented NoSQL datastores. More precisely, we first focus on issues and challenges related to the definition of such a framework, considering theoretical, implementation, and integration aspects. Then, we discuss the reasons for which state-of-the-art fine-grained access control solutions proposed for relational database management systems cannot be used within the NoSQL scenario. We then introduce possible strategies to address the identified issues, which are at the basis of the framework development. Finally, we shortly report the outcome of an experience where the proposed framework has been used to enhance the data protection features of a popular NoSQL database.
Carminati, Barbara; Ferrari, Elena; Tran, Ngoc Hong
Trustworthy and effective person-to-person payments over multi-hop MANETs Journal Article
In: J. Netw. Comput. Appl., vol. 60, pp. 1–18, 2016.
@article{DBLP:journals/jnca/CarminatiFT16,
title = {Trustworthy and effective person-to-person payments over multi-hop
MANETs},
author = {Barbara Carminati and Elena Ferrari and Ngoc Hong Tran},
url = {https://doi.org/10.1016/j.jnca.2015.11.011},
doi = {10.1016/j.jnca.2015.11.011},
year = {2016},
date = {2016-01-01},
journal = {J. Netw. Comput. Appl.},
volume = {60},
pages = {1--18},
abstract = {Due to the rapid development of mobile technologies, nowadays mobile devices are not expensive and almost every person can easily possess a mobile device. This fact boosts investments in mobile applications, among which are the person-to-person mobile payment applications. These applications are pretty sensitive in that they are related to monetary transactions, thus involving strict security and privacy requirements. To this purpose, we propose a secure protocol leveraging online social network connections to help users enforce their trust preferences locally to make a money transfer. The protocol exploits mobile ad-hoc network as a communication means. To improve the network performance by still preserving data security and user privacy, we also propose some optimization strategies to decrease the number of tokensets sent over mobile ad-hoc network. The experimental results demonstrate the effectiveness of our proposal.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Due to the rapid development of mobile technologies, nowadays mobile devices are not expensive and almost every person can easily possess a mobile device. This fact boosts investments in mobile applications, among which are the person-to-person mobile payment applications. These applications are pretty sensitive in that they are related to monetary transactions, thus involving strict security and privacy requirements. To this purpose, we propose a secure protocol leveraging online social network connections to help users enforce their trust preferences locally to make a money transfer. The protocol exploits mobile ad-hoc network as a communication means. To improve the network performance by still preserving data security and user privacy, we also propose some optimization strategies to decrease the number of tokensets sent over mobile ad-hoc network. The experimental results demonstrate the effectiveness of our proposal.
Soliman, Amira; Bahri, Leila; Girdzijauskas, Sarunas; Carminati, Barbara; Ferrari, Elena
CADIVa: cooperative and adaptive decentralized identity validation model for social networks Journal Article
In: Soc. Netw. Anal. Min., vol. 6, no. 1, pp. 36:1–36:22, 2016.
@article{DBLP:journals/snam/SolimanBGCF16,
title = {CADIVa: cooperative and adaptive decentralized identity validation
model for social networks},
author = {Amira Soliman and Leila Bahri and Sarunas Girdzijauskas and Barbara Carminati and Elena Ferrari},
url = {https://doi.org/10.1007/s13278-016-0343-z},
doi = {10.1007/s13278-016-0343-z},
year = {2016},
date = {2016-01-01},
journal = {Soc. Netw. Anal. Min.},
volume = {6},
number = {1},
pages = {36:1--36:22},
abstract = {Online social networks (OSNs) have successfully changed the way people interact. Online interactions among people span geographical boundaries and interweave with different human life activities. However, current OSNs identification schemes lack guarantees on quantifying the trustworthiness of online identities of users joining them. Therefore, driven from the need to empower users with an identity validation scheme, we introduce a novel model, cooperative and adaptive decentralized identity validation CADIVa, that allows OSN users to assign trust levels to whomever they interact with. CADIVa exploits association rule mining approach to extract the identity correlations among profile attributes in every individual community in a social network. CADIVa is a fully decentralized and adaptive model that exploits fully decentralized learning and cooperative approaches not only to preserve users privacy, but also to increase the system reliability and to make it resilient to mono-failure. CADIVa follows the ensemble learning paradigm to preserve users privacy and employs gossip protocols to achieve efficient and low-overhead communication. We provide two different implementation scenarios of CADIVa. Results confirm CADIVa’s ability to provide fine-grained community-aware identity validation with average improvement up to 36 and 50 % compared to the semi-centralized or global approaches, respectively.Online social networks (OSNs) have successfully changed the way people interact. Online interactions among people span geographical boundaries and interweave with different human life activities. However, current OSNs identification schemes lack guarantees on quantifying the trustworthiness of online identities of users joining them. Therefore, driven from the need to empower users with an identity validation scheme, we introduce a novel model, cooperative and adaptive decentralized identity validation CADIVa, that allows OSN users to assign trust levels to whomever they interact with. CADIVa exploits association rule mining approach to extract the identity correlations among profile attributes in every individual community in a social network. CADIVa is a fully decentralized and adaptive model that exploits fully decentralized learning and cooperative approaches not only to preserve users privacy, but also to increase the system reliability and to make it resilient to mono-failure. CADIVa follows the ensemble learning paradigm to preserve users privacy and employs gossip protocols to achieve efficient and low-overhead communication. We provide two different implementation scenarios of CADIVa. Results confirm CADIVa’s ability to provide fine-grained community-aware identity validation with average improvement up to 36 and 50 % compared to the semi-centralized or global approaches, respectively.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Online social networks (OSNs) have successfully changed the way people interact. Online interactions among people span geographical boundaries and interweave with different human life activities. However, current OSNs identification schemes lack guarantees on quantifying the trustworthiness of online identities of users joining them. Therefore, driven from the need to empower users with an identity validation scheme, we introduce a novel model, cooperative and adaptive decentralized identity validation CADIVa, that allows OSN users to assign trust levels to whomever they interact with. CADIVa exploits association rule mining approach to extract the identity correlations among profile attributes in every individual community in a social network. CADIVa is a fully decentralized and adaptive model that exploits fully decentralized learning and cooperative approaches not only to preserve users privacy, but also to increase the system reliability and to make it resilient to mono-failure. CADIVa follows the ensemble learning paradigm to preserve users privacy and employs gossip protocols to achieve efficient and low-overhead communication. We provide two different implementation scenarios of CADIVa. Results confirm CADIVa’s ability to provide fine-grained community-aware identity validation with average improvement up to 36 and 50 % compared to the semi-centralized or global approaches, respectively.Online social networks (OSNs) have successfully changed the way people interact. Online interactions among people span geographical boundaries and interweave with different human life activities. However, current OSNs identification schemes lack guarantees on quantifying the trustworthiness of online identities of users joining them. Therefore, driven from the need to empower users with an identity validation scheme, we introduce a novel model, cooperative and adaptive decentralized identity validation CADIVa, that allows OSN users to assign trust levels to whomever they interact with. CADIVa exploits association rule mining approach to extract the identity correlations among profile attributes in every individual community in a social network. CADIVa is a fully decentralized and adaptive model that exploits fully decentralized learning and cooperative approaches not only to preserve users privacy, but also to increase the system reliability and to make it resilient to mono-failure. CADIVa follows the ensemble learning paradigm to preserve users privacy and employs gossip protocols to achieve efficient and low-overhead communication. We provide two different implementation scenarios of CADIVa. Results confirm CADIVa’s ability to provide fine-grained community-aware identity validation with average improvement up to 36 and 50 % compared to the semi-centralized or global approaches, respectively.
Carminati, Barbara; Ferrari, Elena; Guglielmi, Michele
Detection of Unspecified Emergencies for Controlled Information Sharing Journal Article
In: IEEE Trans. Dependable Secur. Comput., vol. 13, no. 6, pp. 630–643, 2016.
@article{DBLP:journals/tdsc/CarminatiFG16,
title = {Detection of Unspecified Emergencies for Controlled Information Sharing},
author = {Barbara Carminati and Elena Ferrari and Michele Guglielmi},
url = {https://doi.org/10.1109/TDSC.2015.2427846},
doi = {10.1109/TDSC.2015.2427846},
year = {2016},
date = {2016-01-01},
journal = {IEEE Trans. Dependable Secur. Comput.},
volume = {13},
number = {6},
pages = {630--643},
abstract = {During emergency situations one of the key requirements to handle the crisis is information sharing among organizations involved in the emergency management. When emergency situations are well known, it is possible to specify a priori these situations and to plan the information sharing needs in advance. However, there are many situations where it is not possible to describe these emergencies and their information sharing requirements beforehand. Therefore, in this paper, we present a framework able to deal with both specified and unspecified emergencies. The idea is to detect unspecified emergencies and related information sharing needs through denied access request analysis, anomaly detection techniques, and analysis of the history of permitted access requests. Besides presenting the techniques, the paper also presents experiments to verify their effectiveness.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
During emergency situations one of the key requirements to handle the crisis is information sharing among organizations involved in the emergency management. When emergency situations are well known, it is possible to specify a priori these situations and to plan the information sharing needs in advance. However, there are many situations where it is not possible to describe these emergencies and their information sharing requirements beforehand. Therefore, in this paper, we present a framework able to deal with both specified and unspecified emergencies. The idea is to detect unspecified emergencies and related information sharing needs through denied access request analysis, anomaly detection techniques, and analysis of the history of permitted access requests. Besides presenting the techniques, the paper also presents experiments to verify their effectiveness.
Cruz, Isabel F; Ferrari, Elena; Tao, Yufei
Guest Editorial: Special Section on the International Conference on Data Engineering Journal Article
In: IEEE Trans. Knowl. Data Eng., vol. 28, no. 2, pp. 295–296, 2016.
@article{DBLP:journals/tkde/CruzFT16,
title = {Guest Editorial: Special Section on the International Conference on
Data Engineering},
author = {Isabel F Cruz and Elena Ferrari and Yufei Tao},
url = {https://doi.org/10.1109/TKDE.2015.2495958},
doi = {10.1109/TKDE.2015.2495958},
year = {2016},
date = {2016-01-01},
journal = {IEEE Trans. Knowl. Data Eng.},
volume = {28},
number = {2},
pages = {295--296},
abstract = {The ten papers included in this special section were presented at the 28th International Conference on Data Engineering was held in Washington, DC, on April 1-5, 2012. All papers were revised and substantially extended, over their conference versions and went through a rigorous review process to ensure the high quality standards of the IEEE Transactions on Knowledge and Data Engineering. They cover a broad range of topics highlighting the liveliness of the data engineering field.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The ten papers included in this special section were presented at the 28th International Conference on Data Engineering was held in Washington, DC, on April 1-5, 2012. All papers were revised and substantially extended, over their conference versions and went through a rigorous review process to ensure the high quality standards of the IEEE Transactions on Knowledge and Data Engineering. They cover a broad range of topics highlighting the liveliness of the data engineering field.
Bahri, Leila; Carminati, Barbara; Ferrari, Elena
COIP - Continuous, Operable, Impartial, and Privacy-Aware Identity Validity Estimation for OSN Profiles Journal Article
In: ACM Trans. Web, vol. 10, no. 4, pp. 23:1–23:41, 2016.
@article{DBLP:journals/tweb/BahriCF16,
title = {COIP - Continuous, Operable, Impartial, and Privacy-Aware Identity
Validity Estimation for OSN Profiles},
author = {Leila Bahri and Barbara Carminati and Elena Ferrari},
url = {https://doi.org/10.1145/3014338},
doi = {10.1145/3014338},
year = {2016},
date = {2016-01-01},
journal = {ACM Trans. Web},
volume = {10},
number = {4},
pages = {23:1--23:41},
abstract = {Identity validation of Online Social Networks’ (OSNs’) peers is a critical concern to the insurance of safe and secure online socializing environments. Starting from the vision of empowering users to determine the validity of OSN identities, we suggest a framework to estimate the trustworthiness of online social profiles based only on the information they contain. Our framework is based on learning identity correlations between profile attributes in an OSN community and on collecting ratings from OSN community members to evaluate the trustworthiness of target profiles. Our system guarantees utility, user anonymity, impartiality in rating, and operability within the dynamics and continuous evolution of OSNs. In this article, we detail the system design, and we prove its correctness against these claimed quality properties. Moreover, we test its effectiveness, feasibility, and efficiency through experimentation on real-world datasets from Facebook and Google+, in addition to using the Adults UCI dataset.Identity validation of Online Social Networks’ (OSNs’) peers is a critical concern to the insurance of safe and secure online socializing environments. Starting from the vision of empowering users to determine the validity of OSN identities, we suggest a framework to estimate the trustworthiness of online social profiles based only on the information they contain. Our framework is based on learning identity correlations between profile attributes in an OSN community and on collecting ratings from OSN community members to evaluate the trustworthiness of target profiles. Our system guarantees utility, user anonymity, impartiality in rating, and operability within the dynamics and continuous evolution of OSNs. In this article, we detail the system design, and we prove its correctness against these claimed quality properties. Moreover, we test its effectiveness, feasibility, and efficiency through experimentation on real-world datasets from Facebook and Google+, in addition to using the Adults UCI dataset.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Identity validation of Online Social Networks’ (OSNs’) peers is a critical concern to the insurance of safe and secure online socializing environments. Starting from the vision of empowering users to determine the validity of OSN identities, we suggest a framework to estimate the trustworthiness of online social profiles based only on the information they contain. Our framework is based on learning identity correlations between profile attributes in an OSN community and on collecting ratings from OSN community members to evaluate the trustworthiness of target profiles. Our system guarantees utility, user anonymity, impartiality in rating, and operability within the dynamics and continuous evolution of OSNs. In this article, we detail the system design, and we prove its correctness against these claimed quality properties. Moreover, we test its effectiveness, feasibility, and efficiency through experimentation on real-world datasets from Facebook and Google+, in addition to using the Adults UCI dataset.Identity validation of Online Social Networks’ (OSNs’) peers is a critical concern to the insurance of safe and secure online socializing environments. Starting from the vision of empowering users to determine the validity of OSN identities, we suggest a framework to estimate the trustworthiness of online social profiles based only on the information they contain. Our framework is based on learning identity correlations between profile attributes in an OSN community and on collecting ratings from OSN community members to evaluate the trustworthiness of target profiles. Our system guarantees utility, user anonymity, impartiality in rating, and operability within the dynamics and continuous evolution of OSNs. In this article, we detail the system design, and we prove its correctness against these claimed quality properties. Moreover, we test its effectiveness, feasibility, and efficiency through experimentation on real-world datasets from Facebook and Google+, in addition to using the Adults UCI dataset.
Carminati, Barbara; Colombo, Pietro; Ferrari, Elena; Sagirlar, Gokhan
Enhancing User Control on Personal Data Usage in Internet of Things Ecosystems Proceedings Article
In: Zhang, Jia; Miller, John A; Xu, Xiaofei (Ed.): IEEE International Conference on Services Computing, SCC 2016, San Francisco, CA, USA, June 27 - July 2, 2016, pp. 291–298, IEEE Computer Society, 2016.
@inproceedings{DBLP:conf/IEEEscc/CarminatiCFS16,
title = {Enhancing User Control on Personal Data Usage in Internet of Things
Ecosystems},
author = {Barbara Carminati and Pietro Colombo and Elena Ferrari and Gokhan Sagirlar},
editor = {Jia Zhang and John A Miller and Xiaofei Xu},
url = {https://doi.org/10.1109/SCC.2016.45},
doi = {10.1109/SCC.2016.45},
year = {2016},
date = {2016-01-01},
booktitle = {IEEE International Conference on Services Computing, SCC 2016,
San Francisco, CA, USA, June 27 - July 2, 2016},
pages = {291--298},
publisher = {IEEE Computer Society},
abstract = {Internet of Things (IoT) services are improving our life, supporting people in a variety of situations. However, due to the high volume of managed personal data, they can be a serious threat for individuals privacy. Users data are commonly gathered by devices scattered in the IoT, each of which sees a portion of them. The combination of different data may lead to infer users sensitive information. The distributed nature and the complexity of the IoT scenario cause users to lose the control on how their data are handled. In this paper, we start addressing this issue with a framework that empowers users to better control data management within IoT ecosystems. A novel privacy reference model allows users to state how their data can be processed and what cannot be inferred from them, and a dedicated mechanism allows enforcing the stated references. Experimental results show the efficiency of the enforcement.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Internet of Things (IoT) services are improving our life, supporting people in a variety of situations. However, due to the high volume of managed personal data, they can be a serious threat for individuals privacy. Users data are commonly gathered by devices scattered in the IoT, each of which sees a portion of them. The combination of different data may lead to infer users sensitive information. The distributed nature and the complexity of the IoT scenario cause users to lose the control on how their data are handled. In this paper, we start addressing this issue with a framework that empowers users to better control data management within IoT ecosystems. A novel privacy reference model allows users to state how their data can be processed and what cannot be inferred from them, and a dedicated mechanism allows enforcing the stated references. Experimental results show the efficiency of the enforcement.
Jaradat, Shatha; Dokoohaki, Nima; Matskin, Mihhail; Ferrari, Elena
Trust and privacy correlations in social networks: A deep learning framework Proceedings Article
In: Kumar, Ravi; Caverlee, James; Tong, Hanghang (Ed.): 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2016, San Francisco, CA, USA, August 18-21, 2016, pp. 203–206, IEEE Computer Society, 2016.
@inproceedings{DBLP:conf/asunam/JaradatDMF16,
title = {Trust and privacy correlations in social networks: A deep learning
framework},
author = {Shatha Jaradat and Nima Dokoohaki and Mihhail Matskin and Elena Ferrari},
editor = {Ravi Kumar and James Caverlee and Hanghang Tong},
url = {https://doi.org/10.1109/ASONAM.2016.7752236},
doi = {10.1109/ASONAM.2016.7752236},
year = {2016},
date = {2016-01-01},
booktitle = {2016 IEEE/ACM International Conference on Advances in Social Networks
Analysis and Mining, ASONAM 2016, San Francisco, CA, USA, August
18-21, 2016},
pages = {203--206},
publisher = {IEEE Computer Society},
abstract = {Online Social Networks (OSNs) remain the focal point of Internet usage. Since the beginning, networking sites tried best to have right privacy mechanisms in place for users, enabling them to share the right content with the right audience. With all these efforts, privacy customizations remain hard for users across the sites. Existing research that address this problem mainly focus on semi-supervised strategies that introduce extra complexity by requiring the user to manually specify initial privacy preferences for their friends. In this work, we suggest an adaptive solution that can dynamically generate privacy labels for users in OSNs. To this end, we introduce a deep reinforcement learning framework that targets two key problems in OSNs like Facebook: the exposure of users' interactions through the network to less trusted direct friends, and the possibility of propagating user updates through direct friends' interactions to indirect friends. By implementing this framework, we aim at understanding how social trust and privacy could be correlated, specifically in a dynamic fashion. We report the ranked dependence between the generated privacy labels and the estimated user trust values, which indicate the ability of the framework to identify the highly trusted users and share with them higher percentages of data.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Online Social Networks (OSNs) remain the focal point of Internet usage. Since the beginning, networking sites tried best to have right privacy mechanisms in place for users, enabling them to share the right content with the right audience. With all these efforts, privacy customizations remain hard for users across the sites. Existing research that address this problem mainly focus on semi-supervised strategies that introduce extra complexity by requiring the user to manually specify initial privacy preferences for their friends. In this work, we suggest an adaptive solution that can dynamically generate privacy labels for users in OSNs. To this end, we introduce a deep reinforcement learning framework that targets two key problems in OSNs like Facebook: the exposure of users' interactions through the network to less trusted direct friends, and the possibility of propagating user updates through direct friends' interactions to indirect friends. By implementing this framework, we aim at understanding how social trust and privacy could be correlated, specifically in a dynamic fashion. We report the ranked dependence between the generated privacy labels and the estimated user trust values, which indicate the ability of the framework to identify the highly trusted users and share with them higher percentages of data.
Albertini, Davide Alberto; Carminati, Barbara; Ferrari, Elena
Privacy Settings Recommender for Online Social Network Proceedings Article
In: 2nd IEEE International Conference on Collaboration and Internet Computing, CIC 2016, Pittsburgh, PA, USA, November 1-3, 2016, pp. 514–521, IEEE Computer Society, 2016.
@inproceedings{DBLP:conf/coinco/AlbertiniCF16,
title = {Privacy Settings Recommender for Online Social Network},
author = {Davide Alberto Albertini and Barbara Carminati and Elena Ferrari},
url = {https://doi.org/10.1109/CIC.2016.079},
doi = {10.1109/CIC.2016.079},
year = {2016},
date = {2016-01-01},
booktitle = {2nd IEEE International Conference on Collaboration and Internet
Computing, CIC 2016, Pittsburgh, PA, USA, November 1-3, 2016},
pages = {514--521},
publisher = {IEEE Computer Society},
abstract = {In recent years Relationship Based Access Control (ReBAC) has become the reference paradigm for controlled information sharing in Online Social Network (OSN) scenarios. Nevertheless, many of the most popular OSN providers do not implement in their platforms an access control model fully compliant with ReBAC. This fact, thus, limits the capability of OSN users to define customized and fine-grained access control policies. Moreover, average users might have difficulties in properly setting, potentially, complex access control policies. As results, many users give up in defining proper privacy setting, simply accepting the default setting proposed by OSN provider. To cope with this problem, we see the need of tools in support of policy specification. At this aim, in this paper we presenta recommendation system that, exploiting an association rules mining process, learns OSN users' habits in releasing resources in online social networks, and exploit them to suggest customized access control policies. We also prove the feasibility of the presented techniques by illustrating an experiment which has been conducted on 30 human users by building customized access control policies from the data learnt from each of them.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In recent years Relationship Based Access Control (ReBAC) has become the reference paradigm for controlled information sharing in Online Social Network (OSN) scenarios. Nevertheless, many of the most popular OSN providers do not implement in their platforms an access control model fully compliant with ReBAC. This fact, thus, limits the capability of OSN users to define customized and fine-grained access control policies. Moreover, average users might have difficulties in properly setting, potentially, complex access control policies. As results, many users give up in defining proper privacy setting, simply accepting the default setting proposed by OSN provider. To cope with this problem, we see the need of tools in support of policy specification. At this aim, in this paper we presenta recommendation system that, exploiting an association rules mining process, learns OSN users' habits in releasing resources in online social networks, and exploit them to suggest customized access control policies. We also prove the feasibility of the presented techniques by illustrating an experiment which has been conducted on 30 human users by building customized access control policies from the data learnt from each of them.
Colombo, Pietro; Ferrari, Elena
Towards Virtual Private NoSQL datastores Proceedings Article
In: 32nd IEEE International Conference on Data Engineering, ICDE 2016, Helsinki, Finland, May 16-20, 2016, pp. 193–204, IEEE Computer Society, 2016.
@inproceedings{DBLP:conf/icde/ColomboF16,
title = {Towards Virtual Private NoSQL datastores},
author = {Pietro Colombo and Elena Ferrari},
url = {https://doi.org/10.1109/ICDE.2016.7498240},
doi = {10.1109/ICDE.2016.7498240},
year = {2016},
date = {2016-01-01},
booktitle = {32nd IEEE International Conference on Data Engineering, ICDE 2016,
Helsinki, Finland, May 16-20, 2016},
pages = {193--204},
publisher = {IEEE Computer Society},
abstract = {Many modern applications use context related information to provide highly personalized services, and use NoSQL databases for data management, as these systems show outstanding performance and support high volumes of data. However, NoSQL databases integrate poor data protection features with basic coarse grained access control and no support for context aware policies. Therefore, we believe that a general approach is required to enhance NoSQL datastores with fine grained context aware access control. In this paper, we start to fill this void by targeting MongoDB, a very popular datastore. The contribution is twofold. We enhance MongoDB's access control model with advanced features and we define an enforcement monitor for the proposed enhanced model, which can be straightforwardly used in any MongoDB deployment. Technological limitations of MongoDB do not allow implementing the same efficient enforcement mechanism for all query types. As a consequence, experimental results show an enforcement overhead that is significant for aggregate queries, which contrasts with a low overhead measured for find and map-reduce queries.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Many modern applications use context related information to provide highly personalized services, and use NoSQL databases for data management, as these systems show outstanding performance and support high volumes of data. However, NoSQL databases integrate poor data protection features with basic coarse grained access control and no support for context aware policies. Therefore, we believe that a general approach is required to enhance NoSQL datastores with fine grained context aware access control. In this paper, we start to fill this void by targeting MongoDB, a very popular datastore. The contribution is twofold. We enhance MongoDB's access control model with advanced features and we define an enforcement monitor for the proposed enhanced model, which can be straightforwardly used in any MongoDB deployment. Technological limitations of MongoDB do not allow implementing the same efficient enforcement mechanism for all query types. As a consequence, experimental results show an enforcement overhead that is significant for aggregate queries, which contrasts with a low overhead measured for find and map-reduce queries.
Bahri, Leila; Soliman, Amira; Squillaci, Jacopo; Carminati, Barbara; Ferrari, Elena; Girdzijauskas, Sarunas
Beat the DIVa - decentralized identity validation for online social networks Proceedings Article
In: 32nd IEEE International Conference on Data Engineering, ICDE 2016, Helsinki, Finland, May 16-20, 2016, pp. 1330–1333, IEEE Computer Society, 2016.
@inproceedings{DBLP:conf/icde/BahriSSCFG16,
title = {Beat the DIVa - decentralized identity validation for online social
networks},
author = {Leila Bahri and Amira Soliman and Jacopo Squillaci and Barbara Carminati and Elena Ferrari and Sarunas Girdzijauskas},
url = {https://doi.org/10.1109/ICDE.2016.7498337},
doi = {10.1109/ICDE.2016.7498337},
year = {2016},
date = {2016-01-01},
booktitle = {32nd IEEE International Conference on Data Engineering, ICDE 2016,
Helsinki, Finland, May 16-20, 2016},
pages = {1330--1333},
publisher = {IEEE Computer Society},
abstract = {Fake accounts in online social networks (OSNs) have known considerable sophistication and are now attempting to gain network trust by infiltrating within honest communities. Honest users have limited perspective on the truthfulness of new online identities requesting their friendship. This facilitates the task of fake accounts in deceiving honest users to befriend them. To address this, we have proposed a model that learns hidden correlations between profile attributes within OSN communities, and exploits them to assist users in estimating the trustworthiness of new profiles. To demonstrate our method, we suggest, in this demo, a game application through which players try to cheat the system and convince nodes in a simulated OSN to befriend them. The game deploys different strategies to challenge the players and to reach the objectives of the demo. These objectives are to make participants aware of how fake accounts can infiltrate within their OSN communities, to demonstrate how our suggested method could aid in mitigating this threat, and to eventually strengthen our model based on the data collected from the moves of the players.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Fake accounts in online social networks (OSNs) have known considerable sophistication and are now attempting to gain network trust by infiltrating within honest communities. Honest users have limited perspective on the truthfulness of new online identities requesting their friendship. This facilitates the task of fake accounts in deceiving honest users to befriend them. To address this, we have proposed a model that learns hidden correlations between profile attributes within OSN communities, and exploits them to assist users in estimating the trustworthiness of new profiles. To demonstrate our method, we suggest, in this demo, a game application through which players try to cheat the system and convince nodes in a simulated OSN to befriend them. The game deploys different strategies to challenge the players and to reach the objectives of the demo. These objectives are to make participants aware of how fake accounts can infiltrate within their OSN communities, to demonstrate how our suggested method could aid in mitigating this threat, and to eventually strengthen our model based on the data collected from the moves of the players.
Colombo, Pietro; Ferrari, Elena
Efficient enforcement of action-aware purpose-based access control within relational database management systems Proceedings Article
In: 32nd IEEE International Conference on Data Engineering, ICDE 2016, Helsinki, Finland, May 16-20, 2016, pp. 1516–1517, IEEE Computer Society, 2016.
@inproceedings{DBLP:conf/icde/ColomboF16a,
title = {Efficient enforcement of action-aware purpose-based access control
within relational database management systems},
author = {Pietro Colombo and Elena Ferrari},
url = {https://doi.org/10.1109/ICDE.2016.7498402},
doi = {10.1109/ICDE.2016.7498402},
year = {2016},
date = {2016-01-01},
booktitle = {32nd IEEE International Conference on Data Engineering, ICDE 2016,
Helsinki, Finland, May 16-20, 2016},
pages = {1516--1517},
publisher = {IEEE Computer Society},
abstract = {Among the variety of access control models proposed for database management systems (DBMSs) a key role is covered by the purpose-based access control model, which, while enforcing access control, also achieves basic privacy preservation. We believe that DBMSs could greatly take benefit from the integration of an enhanced purpose based model supporting highly customized and efficient access control. Therefore, in this paper, we propose a purpose-based model that supports action-aware policy specification and a related efficient enforcement framework to be integrated into relational DBMSs. The experimental evaluation we have performed shows the feasibility and efficiency of the proposed framework.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Among the variety of access control models proposed for database management systems (DBMSs) a key role is covered by the purpose-based access control model, which, while enforcing access control, also achieves basic privacy preservation. We believe that DBMSs could greatly take benefit from the integration of an enhanced purpose based model supporting highly customized and efficient access control. Therefore, in this paper, we propose a purpose-based model that supports action-aware policy specification and a related efficient enforcement framework to be integrated into relational DBMSs. The experimental evaluation we have performed shows the feasibility and efficiency of the proposed framework.
Thuraisingham, Bhavani M; Kantarcioglu, Murat; Khan, Latifur; Carminati, Barbara; Ferrari, Elena; Bahri, Leila
Emergency-Driven Assured Information Sharing in Secure Online Social Networks: A Position Paper Proceedings Article
In: 2016 IEEE International Parallel and Distributed Processing Symposium Workshops, IPDPS Workshops 2016, Chicago, IL, USA, May 23-27, 2016, pp. 1813–1820, IEEE Computer Society, 2016.
@inproceedings{DBLP:conf/ipps/ThuraisinghamKK16,
title = {Emergency-Driven Assured Information Sharing in Secure Online Social
Networks: A Position Paper},
author = {Bhavani M Thuraisingham and Murat Kantarcioglu and Latifur Khan and Barbara Carminati and Elena Ferrari and Leila Bahri},
url = {https://doi.org/10.1109/IPDPSW.2016.201},
doi = {10.1109/IPDPSW.2016.201},
year = {2016},
date = {2016-01-01},
booktitle = {2016 IEEE International Parallel and Distributed Processing Symposium
Workshops, IPDPS Workshops 2016, Chicago, IL, USA, May 23-27, 2016},
pages = {1813--1820},
publisher = {IEEE Computer Society},
abstract = {The United States and its Allied Forces have had tremendous success in combat operations. This includes combat in Germany, Japan and more recently in Iraq and Afghanistan. However not all of our stabilization and reconstruction operations (SARO) have been as successful. Several studies have been carried out on SARO by organizations such as the National Defense University and the Naval Post Graduate School. These studies have shown that security as well as power and jobs are key ingredients for success during SARO. One of the major conclusions is that we need to plan for SARO while we are planning for combat. These studies have also analyzed the various technologies that are needed for successfully carrying out SARO which include sensors, robotics and information management. As stated in the work by the Naval Postgraduate School, we need to determine the social, political and economic relationships between the local communities as well as determine who the important people are. One particular task during SARO is managing emergencies and crisis situations as well as carrying out humanitarian operations. In such situations, it is critical that the information between various individuals as well as agencies be shared. Furthermore, social relationships between the different parties need to be analyzed. To address the key technical challenges for emergency management and crisis response during SARO and related humanitarian efforts we are exploring assured information sharing and secure social networking to develop novel technologies to support emergency management and crisis response.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The United States and its Allied Forces have had tremendous success in combat operations. This includes combat in Germany, Japan and more recently in Iraq and Afghanistan. However not all of our stabilization and reconstruction operations (SARO) have been as successful. Several studies have been carried out on SARO by organizations such as the National Defense University and the Naval Post Graduate School. These studies have shown that security as well as power and jobs are key ingredients for success during SARO. One of the major conclusions is that we need to plan for SARO while we are planning for combat. These studies have also analyzed the various technologies that are needed for successfully carrying out SARO which include sensors, robotics and information management. As stated in the work by the Naval Postgraduate School, we need to determine the social, political and economic relationships between the local communities as well as determine who the important people are. One particular task during SARO is managing emergencies and crisis situations as well as carrying out humanitarian operations. In such situations, it is critical that the information between various individuals as well as agencies be shared. Furthermore, social relationships between the different parties need to be analyzed. To address the key technical challenges for emergency management and crisis response during SARO and related humanitarian efforts we are exploring assured information sharing and secure social networking to develop novel technologies to support emergency management and crisis response.
Singh, Bikash Chandra; Carminati, Barbara; Ferrari, Elena
A Risk-Benefit Driven Architecture for Personal Data Release (Invited Paper) Proceedings Article
In: 17th IEEE International Conference on Information Reuse and Integration, IRI 2016, Pittsburgh, PA, USA, July 28-30, 2016, pp. 40–49, IEEE Computer Society, 2016.
@inproceedings{DBLP:conf/iri/SinghCF16,
title = {A Risk-Benefit Driven Architecture for Personal Data Release (Invited
Paper)},
author = {Bikash Chandra Singh and Barbara Carminati and Elena Ferrari},
url = {https://doi.org/10.1109/IRI.2016.14},
doi = {10.1109/IRI.2016.14},
year = {2016},
date = {2016-01-01},
booktitle = {17th IEEE International Conference on Information Reuse and Integration,
IRI 2016, Pittsburgh, PA, USA, July 28-30, 2016},
pages = {40--49},
publisher = {IEEE Computer Society},
abstract = {Personal data storages (PDSs) give individuals the ability to store their personal data in a data unified repository and control release of their data to data consumers. Being able to gather personal data from different data sources (e.g., banks, hospitals), PDSs will play strategic role in individual privacy management. As such, PDS demands for new privacy models for protecting personal data. In this paper, we propose a new technical approach that empowers individuals to better control data in PDS. Particularly, we present a privacy-aware PDS architecture by focusing on two logical data zones based on the categories of personal data. Moreover, we propose a strategy for regulating personal data release that takes in consideration both user preferences and possible risks and benefits of the data release.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Personal data storages (PDSs) give individuals the ability to store their personal data in a data unified repository and control release of their data to data consumers. Being able to gather personal data from different data sources (e.g., banks, hospitals), PDSs will play strategic role in individual privacy management. As such, PDS demands for new privacy models for protecting personal data. In this paper, we propose a new technical approach that empowers individuals to better control data in PDS. Particularly, we present a privacy-aware PDS architecture by focusing on two logical data zones based on the categories of personal data. Moreover, we propose a strategy for regulating personal data release that takes in consideration both user preferences and possible risks and benefits of the data release.
Laleh, Naeimeh; Carminati, Barbara; Ferrari, Elena
Anomalous change detection in time-evolving OSNs Proceedings Article
In: 2016 Mediterranean Ad Hoc Networking Workshop, Med-Hoc-Net 2016, Vilanova i la Geltru, Spain, June 20-22, 2016, pp. 1–8, IEEE, 2016.
@inproceedings{DBLP:conf/medhocnet/LalehCF16,
title = {Anomalous change detection in time-evolving OSNs},
author = {Naeimeh Laleh and Barbara Carminati and Elena Ferrari},
url = {https://doi.org/10.1109/MedHocNet.2016.7528431},
doi = {10.1109/MedHocNet.2016.7528431},
year = {2016},
date = {2016-01-01},
booktitle = {2016 Mediterranean Ad Hoc Networking Workshop, Med-Hoc-Net 2016, Vilanova
i la Geltru, Spain, June 20-22, 2016},
pages = {1--8},
publisher = {IEEE},
abstract = {Recently, the automatic highlighting of anomalous changes in a sequence of social graph snapshots is receiving growing interest due to its numerous applications. For instance, it may be helpful for the identification of attackers or risky users in Online Social Networks (OSNs). Indeed, dynamically monitoring and learning the friendship patterns of users in a large social graph over time for any anomalous change often reflects and predicts significant events or attacker's behaviors. In this paper, we focus on anomalous changes that happen in the neighborhood of OSN users. Our main goal is to detect those users whose changes in the structure of their subgraph deviate from their own previous change patterns and from those of other nearest users in the graph. Our approach returns a list of these users by ranking them based on the value of their change deviation. We analyze the performance of our approach on a real Google+ dataset.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Recently, the automatic highlighting of anomalous changes in a sequence of social graph snapshots is receiving growing interest due to its numerous applications. For instance, it may be helpful for the identification of attackers or risky users in Online Social Networks (OSNs). Indeed, dynamically monitoring and learning the friendship patterns of users in a large social graph over time for any anomalous change often reflects and predicts significant events or attacker's behaviors. In this paper, we focus on anomalous changes that happen in the neighborhood of OSN users. Our main goal is to detect those users whose changes in the structure of their subgraph deviate from their own previous change patterns and from those of other nearest users in the graph. Our approach returns a list of these users by ranking them based on the value of their change deviation. We analyze the performance of our approach on a real Google+ dataset.
Laleh, Naeimeh; Carminati, Barbara; Ferrari, Elena; Girdzijauskas, Sarunas
Gossip-Based Behavioral Group Identification in Decentralized OSNs Proceedings Article
In: Perner, Petra (Ed.): Machine Learning and Data Mining in Pattern Recognition - 12th International Conference, MLDM 2016, New York, NY, USA, July 16-21, 2016, Proceedings, pp. 676–691, Springer, 2016.
@inproceedings{DBLP:conf/mldm/LalehCFG16,
title = {Gossip-Based Behavioral Group Identification in Decentralized OSNs},
author = {Naeimeh Laleh and Barbara Carminati and Elena Ferrari and Sarunas Girdzijauskas},
editor = {Petra Perner},
url = {https://doi.org/10.1007/978-3-319-41920-6_52},
doi = {10.1007/978-3-319-41920-6_52},
year = {2016},
date = {2016-01-01},
booktitle = {Machine Learning and Data Mining in Pattern Recognition - 12th International
Conference, MLDM 2016, New York, NY, USA, July 16-21, 2016, Proceedings},
volume = {9729},
pages = {676--691},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
abstract = {DOSNs are distributed systems providing social networking services that become extremely popular in recent years. In DOSNs, the aim is to give the users control over their data and keeping data locally to enhance privacy. Therefore, identifying behavioral groups of users that share the same behavioral patterns in decentralized OSNs is challenging. In the fully distributed social graph, each user has only one feature vector and these vectors can not move to any central storage or other users in a raw form duo to privacy issues. We use a gossip learning approach where all users are involved with their local estimation of the clustering model and improve their estimations and finally converge to a final clustering model available for all users. In order to evaluate our approach, we implement our algorithm and test it in a real Facebook graph.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
DOSNs are distributed systems providing social networking services that become extremely popular in recent years. In DOSNs, the aim is to give the users control over their data and keeping data locally to enhance privacy. Therefore, identifying behavioral groups of users that share the same behavioral patterns in decentralized OSNs is challenging. In the fully distributed social graph, each user has only one feature vector and these vectors can not move to any central storage or other users in a raw form duo to privacy issues. We use a gossip learning approach where all users are involved with their local estimation of the clustering model and improve their estimations and finally converge to a final clustering model available for all users. In order to evaluate our approach, we implement our algorithm and test it in a real Facebook graph.
Bartoli, Alberto; Carminati, Barbara; Ferrari, Elena; Medvet, Eric
A Language and an Inference Engine for Twitter Filtering Rules Proceedings Article
In: 2016 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2016, Omaha, NE, USA, October 13-16, 2016, pp. 614–617, IEEE Computer Society, 2016.
@inproceedings{DBLP:conf/webi/BartoliCFM16,
title = {A Language and an Inference Engine for Twitter Filtering Rules},
author = {Alberto Bartoli and Barbara Carminati and Elena Ferrari and Eric Medvet},
url = {https://doi.org/10.1109/WI.2016.0107},
doi = {10.1109/WI.2016.0107},
year = {2016},
date = {2016-01-01},
booktitle = {2016 IEEE/WIC/ACM International Conference on Web Intelligence,
WI 2016, Omaha, NE, USA, October 13-16, 2016},
pages = {614--617},
publisher = {IEEE Computer Society},
abstract = {We consider the problem of the filtering of Twitter posts, that is, the hiding of those posts which the user prefers not to visualize on his/her timeline. We define a language for specifying filtering policies suitable for Twitter posts. The language allows each user to decide which posts to filter out based on his/her sensibility and preferences. Since average users may not have the skills necessary to translate their filtering needs into a set of rules, we also propose a method for inferring a policy automatically, based solely on examples of the desired filtering behavior. The method is based on an evolutionary approach driven by a multi-objective optimization scheme. We assess our proposal experimentally on a real Twitter dataset and the results are highly promising.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
We consider the problem of the filtering of Twitter posts, that is, the hiding of those posts which the user prefers not to visualize on his/her timeline. We define a language for specifying filtering policies suitable for Twitter posts. The language allows each user to decide which posts to filter out based on his/her sensibility and preferences. Since average users may not have the skills necessary to translate their filtering needs into a set of rules, we also propose a method for inferring a policy automatically, based solely on examples of the desired filtering behavior. The method is based on an evolutionary approach driven by a multi-objective optimization scheme. We assess our proposal experimentally on a real Twitter dataset and the results are highly promising.
Bahri, Leila; Carminati, Barbara; Ferrari, Elena; Lucia, William
LAMP - Label-Based Access-Control for More Privacy in Online Social Networks Proceedings Article
In: Foresti, Sara; ó, Javier L (Ed.): Information Security Theory and Practice - 10th IFIP WG 11.2 International Conference, WISTP 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings, pp. 171–186, Springer, 2016.
@inproceedings{DBLP:conf/wistp/BahriCFL16,
title = {LAMP - Label-Based Access-Control for More Privacy in Online Social
Networks},
author = {Leila Bahri and Barbara Carminati and Elena Ferrari and William Lucia},
editor = {Sara Foresti and Javier L \'{o}},
url = {https://doi.org/10.1007/978-3-319-45931-8_11},
doi = {10.1007/978-3-319-45931-8_11},
year = {2016},
date = {2016-01-01},
booktitle = {Information Security Theory and Practice - 10th IFIP WG 11.2 International
Conference, WISTP 2016, Heraklion, Crete, Greece, September 26-27,
2016, Proceedings},
volume = {9895},
pages = {171--186},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
abstract = {Access control in Online Social Networks (OSNs) is generally approached with a relationship-based model. This limits the options in expressing privacy preferences to only the types of relationships users establish in the OSN. Moreover, current proposals do not address the privacy of dependent information types, such as comments or likes, at their atomic levels of ownership. Rather, the privacy of these data elements is holistically dependent on the aggregate object they belong to. To overcome this, we propose LAMP, a model that deploys fine grained label-based access control for information sharing in OSNs. Users in LAMP assign customized labels to their friends and to all types of their information; whereas access requests are evaluated by security properties carefully designed to establish orders between requestor’s and information’s labels. We prove the correctness of the suggested model, and we perform performance experiments based on different access scenarios simulated on a real OSN graph. We also performed a preliminary usability study that compared LAMP to Facebook privacy settings.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Access control in Online Social Networks (OSNs) is generally approached with a relationship-based model. This limits the options in expressing privacy preferences to only the types of relationships users establish in the OSN. Moreover, current proposals do not address the privacy of dependent information types, such as comments or likes, at their atomic levels of ownership. Rather, the privacy of these data elements is holistically dependent on the aggregate object they belong to. To overcome this, we propose LAMP, a model that deploys fine grained label-based access control for information sharing in OSNs. Users in LAMP assign customized labels to their friends and to all types of their information; whereas access requests are evaluated by security properties carefully designed to establish orders between requestor’s and information’s labels. We prove the correctness of the suggested model, and we perform performance experiments based on different access scenarios simulated on a real OSN graph. We also performed a preliminary usability study that compared LAMP to Facebook privacy settings.
2015
Colombo, Pietro; Ferrari, Elena
Privacy Aware Access Control for Big Data: A Research Roadmap Journal Article
In: Big Data Res., vol. 2, no. 4, pp. 145–154, 2015.
@article{DBLP:journals/bdr/ColomboF15,
title = {Privacy Aware Access Control for Big Data: A Research Roadmap},
author = {Pietro Colombo and Elena Ferrari},
url = {https://doi.org/10.1016/j.bdr.2015.08.001},
doi = {10.1016/j.bdr.2015.08.001},
year = {2015},
date = {2015-01-01},
journal = {Big Data Res.},
volume = {2},
number = {4},
pages = {145--154},
abstract = {Big Data is an emerging phenomenon that is rapidly changing business models and work styles [1]. Big Data platforms allow the storage and analysis of high volumes of data with heterogeneous format from different sources. This integrated analysis allows the derivation of properties and correlations among data that can then be used for a variety of purposes, such as making predictions that can profitably affect decision processes. As a matter of fact, nowadays Big Data analytics are generally considered an asset for making business decisions. Big Data platforms have been specifically designed to support advanced form of analytics satisfying strict performance and scalability requirements. However, no proper consideration has been devoted so far to data protection. Indeed, although the analyzed data often include personal and sensitive information, with relevant threats to privacy implied by the analysis, so far Big Data platforms integrate quite basic form of access control, and no support for privacy policies. Although the potential benefits of data analysis are manifold, the lack of proper data protection mechanisms may prevent the adoption of Big Data analytics by several companies. This motivates the fundamental need to integrate privacy and security awareness into Big Data platforms. In this paper, we do a first step to achieve this ambitious goal, discussing research issues related to the definition of a framework that supports the integration of privacy aware access control features into existing Big Data platforms.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Big Data is an emerging phenomenon that is rapidly changing business models and work styles [1]. Big Data platforms allow the storage and analysis of high volumes of data with heterogeneous format from different sources. This integrated analysis allows the derivation of properties and correlations among data that can then be used for a variety of purposes, such as making predictions that can profitably affect decision processes. As a matter of fact, nowadays Big Data analytics are generally considered an asset for making business decisions. Big Data platforms have been specifically designed to support advanced form of analytics satisfying strict performance and scalability requirements. However, no proper consideration has been devoted so far to data protection. Indeed, although the analyzed data often include personal and sensitive information, with relevant threats to privacy implied by the analysis, so far Big Data platforms integrate quite basic form of access control, and no support for privacy policies. Although the potential benefits of data analysis are manifold, the lack of proper data protection mechanisms may prevent the adoption of Big Data analytics by several companies. This motivates the fundamental need to integrate privacy and security awareness into Big Data platforms. In this paper, we do a first step to achieve this ambitious goal, discussing research issues related to the definition of a framework that supports the integration of privacy aware access control features into existing Big Data platforms.
Colombo, Pietro; Ferrari, Elena
Efficient Enforcement of Action-Aware Purpose-Based Access Control within Relational Database Management Systems Journal Article
In: IEEE Trans. Knowl. Data Eng., vol. 27, no. 8, pp. 2134–2147, 2015.
@article{DBLP:journals/tkde/ColomboF15,
title = {Efficient Enforcement of Action-Aware Purpose-Based Access Control
within Relational Database Management Systems},
author = {Pietro Colombo and Elena Ferrari},
url = {https://doi.org/10.1109/TKDE.2015.2411595},
doi = {10.1109/TKDE.2015.2411595},
year = {2015},
date = {2015-01-01},
journal = {IEEE Trans. Knowl. Data Eng.},
volume = {27},
number = {8},
pages = {2134--2147},
abstract = {Among the variety of access control models proposed for database management systems (DBMSs) a key role is covered by the purpose-based access control model, which, while enforcing access control, also achieves basic privacy preservation. We believe that DBMSs could greatly take benefit from the integration of an enhanced purpose based model supporting highly customized and efficient access control. Therefore, in this paper, we propose a purpose-based model that supports action-aware policy specification and a related efficient enforcement framework to be integrated into relational DBMSs. The experimental evaluation we have performed shows the feasibility and efficiency of the proposed framework.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Among the variety of access control models proposed for database management systems (DBMSs) a key role is covered by the purpose-based access control model, which, while enforcing access control, also achieves basic privacy preservation. We believe that DBMSs could greatly take benefit from the integration of an enhanced purpose based model supporting highly customized and efficient access control. Therefore, in this paper, we propose a purpose-based model that supports action-aware policy specification and a related efficient enforcement framework to be integrated into relational DBMSs. The experimental evaluation we have performed shows the feasibility and efficiency of the proposed framework.
Soliman, Amira; Bahri, Leila; Carminati, Barbara; Ferrari, Elena; Girdzijauskas, Sarunas
DIVa: Decentralized Identity Validation for Social Networks Proceedings Article
In: Pei, Jian; Silvestri, Fabrizio; Tang, Jie (Ed.): Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015, Paris, France, August 25 - 28, 2015, pp. 383–391, ACM, 2015.
@inproceedings{DBLP:conf/asunam/SolimanBCFG15,
title = {DIVa: Decentralized Identity Validation for Social Networks},
author = {Amira Soliman and Leila Bahri and Barbara Carminati and Elena Ferrari and Sarunas Girdzijauskas},
editor = {Jian Pei and Fabrizio Silvestri and Jie Tang},
url = {https://doi.org/10.1145/2808797.2808861},
doi = {10.1145/2808797.2808861},
year = {2015},
date = {2015-01-01},
booktitle = {Proceedings of the 2015 IEEE/ACM International Conference on Advances
in Social Networks Analysis and Mining, ASONAM 2015, Paris, France,
August 25 - 28, 2015},
pages = {383--391},
publisher = {ACM},
abstract = {Online Social Networks exploit a lightweight process to identify their users so as to facilitate their fast adoption. However, such convenience comes at the price of making legitimate users subject to different threats created by fake accounts. Therefore, there is a crucial need to empower users with tools helping them in assigning a level of trust to whomever they interact with. To cope with this issue, in this paper we introduce a novel model, DIVa, that leverages on mining techniques to find correlations among user profile attributes. These correlations are discovered not from user population as a whole, but from individual communities, where the correlations are more pronounced. DIVa exploits a decentralized learning approach and ensures privacy preservation as each node in the OSN independently processes its local data and is required to know only its direct neighbors. Extensive experiments using real-world OSN datasets show that DIVa is able to extract fine-grained community-aware correlations among profile attributes with average improvements up to 50% than the global approach.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Online Social Networks exploit a lightweight process to identify their users so as to facilitate their fast adoption. However, such convenience comes at the price of making legitimate users subject to different threats created by fake accounts. Therefore, there is a crucial need to empower users with tools helping them in assigning a level of trust to whomever they interact with. To cope with this issue, in this paper we introduce a novel model, DIVa, that leverages on mining techniques to find correlations among user profile attributes. These correlations are discovered not from user population as a whole, but from individual communities, where the correlations are more pronounced. DIVa exploits a decentralized learning approach and ensures privacy preservation as each node in the OSN independently processes its local data and is required to know only its direct neighbors. Extensive experiments using real-world OSN datasets show that DIVa is able to extract fine-grained community-aware correlations among profile attributes with average improvements up to 50% than the global approach.
Ulusoy, Huseyin; Colombo, Pietro; Ferrari, Elena; Kantarcioglu, Murat; Pattuk, Erman
GuardMR: Fine-grained Security Policy Enforcement for MapReduce Systems Proceedings Article
In: Bao, Feng; Miller, Steven; Zhou, Jianying; -, Gail (Ed.): Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS '15, Singapore, April 14-17, 2015, pp. 285–296, ACM, 2015.
@inproceedings{DBLP:conf/ccs/UlusoyCFKP15,
title = {GuardMR: Fine-grained Security Policy Enforcement for MapReduce Systems},
author = {Huseyin Ulusoy and Pietro Colombo and Elena Ferrari and Murat Kantarcioglu and Erman Pattuk},
editor = {Feng Bao and Steven Miller and Jianying Zhou and Gail -},
url = {https://doi.org/10.1145/2714576.2714624},
doi = {10.1145/2714576.2714624},
year = {2015},
date = {2015-01-01},
booktitle = {Proceedings of the 10th ACM Symposium on Information, Computer and
Communications Security, ASIA CCS '15, Singapore, April 14-17,
2015},
pages = {285--296},
publisher = {ACM},
abstract = {Executing data analytics tasks in MapReduce systems introduces new security and privacy concerns as the processed unstructured datasets may contain sensitive information (e.g., social security numbers, business sensitive information) at the level of individual records, and the existing file-level access control mechanisms provide all or nothing access to the entire dataset. To address these concerns, we propose GUARDMR which is a novel, modular framework that can enforce fine-grained security policies at the key-value level in MapReduce systems. The presented security policies can dynamically create authorized views of data resources based on the organizational roles of the MapReduce users. GUARDMR further simplifies the specification of authorized views via automatically generating the bytecode of the functions necessary for creating the views, from the high level specification language (i.e., OCL). It facilitates enforcement of a broad, flexible set of policies that can handle the complexity demanded by high volume, high variety, unstructured datasets and general MapReduce computation without any modification to the underlying MapReduce system and operating system. Our evaluation results indicate that GUARDMR provides fine-grained access control for Apache Hadoop system with easy maintainability and very low overhead.Executing data analytics tasks in MapReduce systems introduces new security and privacy concerns as the processed unstructured datasets may contain sensitive information (e.g., social security numbers, business sensitive information) at the level of individual records, and the existing file-level access control mechanisms provide all or nothing access to the entire dataset. To address these concerns, we propose GUARDMR which is a novel, modular framework that can enforce fine-grained security policies at the key-value level in MapReduce systems. The presented security policies can dynamically create authorized views of data resources based on the organizational roles of the MapReduce users. GUARDMR further simplifies the specification of authorized views via automatically generating the bytecode of the functions necessary for creating the views, from the high level specification language (i.e., OCL). It facilitates enforcement of a broad, flexible set of policies that can handle the complexity demanded by high volume, high variety, unstructured datasets and general MapReduce computation without any modification to the underlying MapReduce system and operating system. Our evaluation results indicate that GUARDMR provides fine-grained access control for Apache Hadoop system with easy maintainability and very low overhead.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Executing data analytics tasks in MapReduce systems introduces new security and privacy concerns as the processed unstructured datasets may contain sensitive information (e.g., social security numbers, business sensitive information) at the level of individual records, and the existing file-level access control mechanisms provide all or nothing access to the entire dataset. To address these concerns, we propose GUARDMR which is a novel, modular framework that can enforce fine-grained security policies at the key-value level in MapReduce systems. The presented security policies can dynamically create authorized views of data resources based on the organizational roles of the MapReduce users. GUARDMR further simplifies the specification of authorized views via automatically generating the bytecode of the functions necessary for creating the views, from the high level specification language (i.e., OCL). It facilitates enforcement of a broad, flexible set of policies that can handle the complexity demanded by high volume, high variety, unstructured datasets and general MapReduce computation without any modification to the underlying MapReduce system and operating system. Our evaluation results indicate that GUARDMR provides fine-grained access control for Apache Hadoop system with easy maintainability and very low overhead.Executing data analytics tasks in MapReduce systems introduces new security and privacy concerns as the processed unstructured datasets may contain sensitive information (e.g., social security numbers, business sensitive information) at the level of individual records, and the existing file-level access control mechanisms provide all or nothing access to the entire dataset. To address these concerns, we propose GUARDMR which is a novel, modular framework that can enforce fine-grained security policies at the key-value level in MapReduce systems. The presented security policies can dynamically create authorized views of data resources based on the organizational roles of the MapReduce users. GUARDMR further simplifies the specification of authorized views via automatically generating the bytecode of the functions necessary for creating the views, from the high level specification language (i.e., OCL). It facilitates enforcement of a broad, flexible set of policies that can handle the complexity demanded by high volume, high variety, unstructured datasets and general MapReduce computation without any modification to the underlying MapReduce system and operating system. Our evaluation results indicate that GUARDMR provides fine-grained access control for Apache Hadoop system with easy maintainability and very low overhead.
Bahri, Leila; Carminati, Barbara; Ferrari, Elena
CARDS - Collaborative Audit and Report Data Sharing for A-Posteriori Access Control in DOSNs Proceedings Article
In: IEEE Conference on Collaboration and Internet Computing, CIC 2015, Hangzhou, China, October 27-30, 2015, pp. 36–45, IEEE Computer Society, 2015.
@inproceedings{DBLP:conf/coinco/BahriCF15,
title = {CARDS - Collaborative Audit and Report Data Sharing for A-Posteriori
Access Control in DOSNs},
author = {Leila Bahri and Barbara Carminati and Elena Ferrari},
url = {https://doi.org/10.1109/CIC.2015.18},
doi = {10.1109/CIC.2015.18},
year = {2015},
date = {2015-01-01},
booktitle = {IEEE Conference on Collaboration and Internet Computing, CIC 2015,
Hangzhou, China, October 27-30, 2015},
pages = {36--45},
publisher = {IEEE Computer Society},
abstract = {Accountability and transparency have been commonly accepted to deter bad acts and to encourage compliance to rules. For this, auditing has been largely, and since ancient times, adopted to ensure the well running of systems and businesses within which duties are governed by set rules. Recently, an a-posteriori approach to data access control has been investigated for information systems as well across number of critical domains (e.g., Healthcare systems). Besides, privacy advocates started calling for the necessity of accountability and transparency in managing users' privacy in nowadays connected and proliferated web data. Following this line of thought, we suggest a system for collaborative a-posteriori access control to data dissemination in decentralized online social networks based on reporting and auditing. We demonstrate the usability of our suggested model using a real OSN graph.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Accountability and transparency have been commonly accepted to deter bad acts and to encourage compliance to rules. For this, auditing has been largely, and since ancient times, adopted to ensure the well running of systems and businesses within which duties are governed by set rules. Recently, an a-posteriori approach to data access control has been investigated for information systems as well across number of critical domains (e.g., Healthcare systems). Besides, privacy advocates started calling for the necessity of accountability and transparency in managing users' privacy in nowadays connected and proliferated web data. Following this line of thought, we suggest a system for collaborative a-posteriori access control to data dissemination in decentralized online social networks based on reporting and auditing. We demonstrate the usability of our suggested model using a real OSN graph.
Medvet, Eric; Bartoli, Alberto; Carminati, Barbara; Ferrari, Elena
Evolutionary Inference of Attribute-Based Access Control Policies Proceedings Article
In: -, António Gaspar; Antunes, Carlos Henggeler; Coello, Carlos Coello A (Ed.): Evolutionary Multi-Criterion Optimization - 8th International Conference, EMO 2015, Guimarães, Portugal, March 29 -April 1, 2015. Proceedings, Part I, pp. 351–365, Springer, 2015.
@inproceedings{DBLP:conf/emo/MedvetBCF15,
title = {Evolutionary Inference of Attribute-Based Access Control Policies},
author = {Eric Medvet and Alberto Bartoli and Barbara Carminati and Elena Ferrari},
editor = {Ant\'{o}nio Gaspar - and Carlos Henggeler Antunes and Carlos Coello A Coello},
url = {https://doi.org/10.1007/978-3-319-15934-8_24},
doi = {10.1007/978-3-319-15934-8_24},
year = {2015},
date = {2015-01-01},
booktitle = {Evolutionary Multi-Criterion Optimization - 8th International Conference,
EMO 2015, Guimar\~{a}es, Portugal, March 29 -April 1, 2015. Proceedings,
Part I},
volume = {9018},
pages = {351--365},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
abstract = {The interest in attribute-based access control policies is increasingly growing due to their ability to accommodate the complex security requirements of modern computer systems. With this novel paradigm, access control policies consist of attribute expressions which implicitly describe the properties of subjects and protection objects and which must be satisfied for a request to be allowed. Since specifying a policy in this framework may be very complex, approaches for policy mining, i.e., for inferring a specification automatically from examples in the form of logs of authorized and denied requests, have been recently proposed.
In this work, we propose a multi-objective evolutionary approach for solving the policy mining task. We designed and implemented a problem representation suitable for evolutionary computation, along with several search-optimizing features which have proven to be highly useful in this context: a strategy for learning a policy by learning single rules, each one focused on a subset of requests; a custom initialization of the population; a scheme for diversity promotion and for early termination. We show that our approach deals successfully with case studies of realistic complexity.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The interest in attribute-based access control policies is increasingly growing due to their ability to accommodate the complex security requirements of modern computer systems. With this novel paradigm, access control policies consist of attribute expressions which implicitly describe the properties of subjects and protection objects and which must be satisfied for a request to be allowed. Since specifying a policy in this framework may be very complex, approaches for policy mining, i.e., for inferring a specification automatically from examples in the form of logs of authorized and denied requests, have been recently proposed.
In this work, we propose a multi-objective evolutionary approach for solving the policy mining task. We designed and implemented a problem representation suitable for evolutionary computation, along with several search-optimizing features which have proven to be highly useful in this context: a strategy for learning a policy by learning single rules, each one focused on a subset of requests; a custom initialization of the population; a scheme for diversity promotion and for early termination. We show that our approach deals successfully with case studies of realistic complexity.
In this work, we propose a multi-objective evolutionary approach for solving the policy mining task. We designed and implemented a problem representation suitable for evolutionary computation, along with several search-optimizing features which have proven to be highly useful in this context: a strategy for learning a policy by learning single rules, each one focused on a subset of requests; a custom initialization of the population; a scheme for diversity promotion and for early termination. We show that our approach deals successfully with case studies of realistic complexity.
Carminati, Barbara; Ferrari, Elena; Tran, Ngoc Hong
A Privacy-Preserving Framework for Constrained Choreographed Service Composition Proceedings Article
In: Miller, John A; Zhu, Hong (Ed.): 2015 IEEE International Conference on Web Services, ICWS 2015, New York, NY, USA, June 27 - July 2, 2015, pp. 297–304, IEEE Computer Society, 2015.
@inproceedings{DBLP:conf/icws/CarminatiFT15,
title = {A Privacy-Preserving Framework for Constrained Choreographed Service
Composition},
author = {Barbara Carminati and Elena Ferrari and Ngoc Hong Tran},
editor = {John A Miller and Hong Zhu},
url = {https://doi.org/10.1109/ICWS.2015.48},
doi = {10.1109/ICWS.2015.48},
year = {2015},
date = {2015-01-01},
booktitle = {2015 IEEE International Conference on Web Services, ICWS 2015,
New York, NY, USA, June 27 - July 2, 2015},
pages = {297--304},
publisher = {IEEE Computer Society},
abstract = {One of the major goals of Web services is to make easier their composition to form more complex services, modeled as workflows. A key role in the Web services composition is the selection of a proper service for each activity in the workflow. In general, this requires the exchange of sensitive information of users, requiring the composition, as well as of involved service providers. So far this problem has been investigated in the setting of orchestrated service composition, under the assumption of the presence of a broker coordinating the composition. However, a promising alternative approach is the one of choreography, where each service involved in the service composition has to locally manage service selection and invocation. In this paper, we propose a framework to enforce user and provider requirements in the scenario of service choreography in a privacy-preserving way, that is, without the releasing of any private information of users and providers. To achieve this result we make use of different privacy-preserving protocols. As it will be shown in the paper, the proposed solution does not implies relevant overhead.One of the major goals of Web services is to make easier their composition to form more complex services, modeled as workflows. A key role in the Web services composition is the selection of a proper service for each activity in the workflow. In general, this requires the exchange of sensitive information of users, requiring the composition, as well as of involved service providers. So far this problem has been investigated in the setting of orchestrated service composition, under the assumption of the presence of a broker coordinating the composition. However, a promising alternative approach is the one of choreography, where each service involved in the service composition has to locally manage service selection and invocation. In this paper, we propose a framework to enforce user and provider requirements in the scenario of service choreography in a privacy-preserving way, that is, without the releasing of any private information of users and providers. To achieve this result we make use of different privacy-preserving protocols. As it will be shown in the paper, the proposed solution does not implies relevant overhead.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
One of the major goals of Web services is to make easier their composition to form more complex services, modeled as workflows. A key role in the Web services composition is the selection of a proper service for each activity in the workflow. In general, this requires the exchange of sensitive information of users, requiring the composition, as well as of involved service providers. So far this problem has been investigated in the setting of orchestrated service composition, under the assumption of the presence of a broker coordinating the composition. However, a promising alternative approach is the one of choreography, where each service involved in the service composition has to locally manage service selection and invocation. In this paper, we propose a framework to enforce user and provider requirements in the scenario of service choreography in a privacy-preserving way, that is, without the releasing of any private information of users and providers. To achieve this result we make use of different privacy-preserving protocols. As it will be shown in the paper, the proposed solution does not implies relevant overhead.One of the major goals of Web services is to make easier their composition to form more complex services, modeled as workflows. A key role in the Web services composition is the selection of a proper service for each activity in the workflow. In general, this requires the exchange of sensitive information of users, requiring the composition, as well as of involved service providers. So far this problem has been investigated in the setting of orchestrated service composition, under the assumption of the presence of a broker coordinating the composition. However, a promising alternative approach is the one of choreography, where each service involved in the service composition has to locally manage service selection and invocation. In this paper, we propose a framework to enforce user and provider requirements in the scenario of service choreography in a privacy-preserving way, that is, without the releasing of any private information of users and providers. To achieve this result we make use of different privacy-preserving protocols. As it will be shown in the paper, the proposed solution does not implies relevant overhead.
Bahri, Leila; Carminati, Barbara; Ferrari, Elena
What Happens to My Online Social Estate When I Am Gone? An Integrated Approach to Posthumous Online Data Management Proceedings Article
In: 2015 IEEE International Conference on Information Reuse and Integration, IRI 2015, San Francisco, CA, USA, August 13-15, 2015, pp. 31–38, IEEE Computer Society, 2015.
@inproceedings{DBLP:conf/iri/BahriCF15,
title = {What Happens to My Online Social Estate When I Am Gone? An Integrated
Approach to Posthumous Online Data Management},
author = {Leila Bahri and Barbara Carminati and Elena Ferrari},
url = {https://doi.org/10.1109/IRI.2015.16},
doi = {10.1109/IRI.2015.16},
year = {2015},
date = {2015-01-01},
booktitle = {2015 IEEE International Conference on Information Reuse and Integration,
IRI 2015, San Francisco, CA, USA, August 13-15, 2015},
pages = {31--38},
publisher = {IEEE Computer Society},
abstract = {Technology and the digital world have been making an important part of people's lives nowadays. As death is unquestionably a crucial and fundamental part of life, technology and the digital world ought to play an equally important role in end of life issues as well. For instance, the adoption of online social networks (OSNs) has been amplifying to cover large numbers of the world's population playing big roles in shaping their daily life, in documenting their life experiences, and in sharing their moments with their friends in the network. While current systems focus on the provision of usable and attractive features of their OSN services, considerations of the faith of the online accounts, identities, and data created and shared in their realms when the owner is mo more available to manage them have not been equally taken. In this paper, we raise and discuss issues related to the design and to the provision of integrated services for a posthumous data management that would respect the wills of users all while being concealed to their survivors. We survey the existing practices, we discuss their limitations, and we suggest an integrated approach to posthumous data management based on posthumous data planning assisted by data categorization and automated tools.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Technology and the digital world have been making an important part of people's lives nowadays. As death is unquestionably a crucial and fundamental part of life, technology and the digital world ought to play an equally important role in end of life issues as well. For instance, the adoption of online social networks (OSNs) has been amplifying to cover large numbers of the world's population playing big roles in shaping their daily life, in documenting their life experiences, and in sharing their moments with their friends in the network. While current systems focus on the provision of usable and attractive features of their OSN services, considerations of the faith of the online accounts, identities, and data created and shared in their realms when the owner is mo more available to manage them have not been equally taken. In this paper, we raise and discuss issues related to the design and to the provision of integrated services for a posthumous data management that would respect the wills of users all while being concealed to their survivors. We survey the existing practices, we discuss their limitations, and we suggest an integrated approach to posthumous data management based on posthumous data planning assisted by data categorization and automated tools.
Bahri, Leila; Carminati, Barbara; Ferrari, Elena; Tran, Ngoc Hong
Privacy Preserving Decentralized Identity Validation for Geo-social Networks over MANET Proceedings Article
In: Sirivianos, Michael; Hui, Pan; Sastry, Nishanth; Chen, Yang; Liu, Hongqiang Harry (Ed.): Proceedings of the 7th International Workshop on Hot Topics in Planet-scale mObile computing and online Social neTworking, HOTPOST@MobiHoc 2015, Hangzhou, China, June 22, 2015, pp. 7–12, ACM, 2015.
@inproceedings{DBLP:conf/mobihoc/BahriCFT15,
title = {Privacy Preserving Decentralized Identity Validation for Geo-social
Networks over MANET},
author = {Leila Bahri and Barbara Carminati and Elena Ferrari and Ngoc Hong Tran},
editor = {Michael Sirivianos and Pan Hui and Nishanth Sastry and Yang Chen and Hongqiang Harry Liu},
url = {https://doi.org/10.1145/2757513.2757520},
doi = {10.1145/2757513.2757520},
year = {2015},
date = {2015-01-01},
booktitle = {Proceedings of the 7th International Workshop on Hot Topics in Planet-scale mObile computing and online Social neTworking, HOTPOST@MobiHoc 2015,
Hangzhou, China, June 22, 2015},
pages = {7--12},
publisher = {ACM},
abstract = {Mobile phones, and more specifically smart gadgets, have known a rapid proliferation over the past years in terms of their adoption and usage. Their prices have also known noticeable declines making the ownership of a smart-phone at the ability of all pocket sizes. This has created tremendous potential for the design and creation of services that users can consume through their smart-phones and that would improve their daily lives tasks. In this work, we focus on the potential of using smart-phones in geographically bounded areas, such as shopping malls, museums, conference venues, etc, to establish collaborative ad-hoc networks over MANET. These networks are meant to allow for the provision of P2P exchange of information and help between visitors of such places to improve their visiting experience. We discuss how such a network could be designed and we focus on two main challenges: 1. identity validation over the network to ensure the worthiness of provided information, and 2. privacy preservation both against personal information inference from provided information and over the p2p overlay.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Mobile phones, and more specifically smart gadgets, have known a rapid proliferation over the past years in terms of their adoption and usage. Their prices have also known noticeable declines making the ownership of a smart-phone at the ability of all pocket sizes. This has created tremendous potential for the design and creation of services that users can consume through their smart-phones and that would improve their daily lives tasks. In this work, we focus on the potential of using smart-phones in geographically bounded areas, such as shopping malls, museums, conference venues, etc, to establish collaborative ad-hoc networks over MANET. These networks are meant to allow for the provision of P2P exchange of information and help between visitors of such places to improve their visiting experience. We discuss how such a network could be designed and we focus on two main challenges: 1. identity validation over the network to ensure the worthiness of provided information, and 2. privacy preservation both against personal information inference from provided information and over the p2p overlay.
Colombo, Pietro; Ferrari, Elena
Complementing MongoDB with Advanced Access Control Features: Concepts and Research Challenges Proceedings Article
In: Lembo, Domenico; Torlone, Riccardo; Marrella, Andrea (Ed.): 23rd Italian Symposium on Advanced Database Systems, SEBD 2015, Gaeta, Italy, June 14-17, 2015, pp. 343–350, Curran Associates, Inc., 2015.
@inproceedings{DBLP:conf/sebd/ColomboF15,
title = {Complementing MongoDB with Advanced Access Control Features: Concepts
and Research Challenges},
author = {Pietro Colombo and Elena Ferrari},
editor = {Domenico Lembo and Riccardo Torlone and Andrea Marrella},
year = {2015},
date = {2015-01-01},
booktitle = {23rd Italian Symposium on Advanced Database Systems, SEBD 2015,
Gaeta, Italy, June 14-17, 2015},
pages = {343--350},
publisher = {Curran Associates, Inc.},
abstract = {Based on recent surveys the interest for NoSQL datastores is continuously growing. This trend is an expected consequence of key features of these systems, such as their ability to efficiently handle high data volumes, and to easily scale. Indeed, NoSQL datastores outclass
traditional relational database management systems (RDBMs) wrt performance and scalability. In addition, with innovative computational paradigms, such as MapReduce and the aggregation pipeline, NoSQL datastores also overcome RDBMSs in terms of achievable forms of data analysis. At the same time, they provide only poor support for data protection, which is typically limited to a very basic form of access control.
This aspect is seen by several managers as the top obstacle to the use of datastores in industry [14]. We believe that this issue can be addressed by integrating proper data
protection mechanisms into NoSQL datastores. However, due to the variety of existing NoSQL datastores, each characterized by a given data model and query language, this appears as a very ambitious task. In order to do a first step towards the achievement of this goal, in this position paper we start focusing on MongoDB (http://www.mongodb.org), the most popular NoSQL datastore (see http://db-engines.com/en/ranking).
More precisely, we present a research roadmap related to the enhancement of MongoDB with fine grained context-aware access control.Based on recent surveys the interest for NoSQL datastores is continuously growing. This trend is an expected consequence of key features of these systems, such as their ability to efficiently handle high data volumes, and to easily scale. Indeed, NoSQL datastores outclass
traditional relational database management systems (RDBMs) wrt performance and scalability. In addition, with innovative computational paradigms, such as MapReduce and the aggregation pipeline, NoSQL datastores also overcome RDBMSs in terms of achievable forms of data analysis. At the same time, they provide only poor support for data protection, which is typically limited to a very basic form of access control.
This aspect is seen by several managers as the top obstacle to the use of datastores in industry [14]. We believe that this issue can be addressed by integrating proper data
protection mechanisms into NoSQL datastores. However, due to the variety of existing NoSQL datastores, each characterized by a given data model and query language, this appears as a very ambitious task. In order to do a first step towards the achievement of this goal, in this position paper we start focusing on MongoDB (http://www.mongodb.org), the most popular NoSQL datastore (see http://db-engines.com/en/ranking).
More precisely, we present a research roadmap related to the enhancement of MongoDB with fine grained context-aware access control.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Based on recent surveys the interest for NoSQL datastores is continuously growing. This trend is an expected consequence of key features of these systems, such as their ability to efficiently handle high data volumes, and to easily scale. Indeed, NoSQL datastores outclass
traditional relational database management systems (RDBMs) wrt performance and scalability. In addition, with innovative computational paradigms, such as MapReduce and the aggregation pipeline, NoSQL datastores also overcome RDBMSs in terms of achievable forms of data analysis. At the same time, they provide only poor support for data protection, which is typically limited to a very basic form of access control.
This aspect is seen by several managers as the top obstacle to the use of datastores in industry [14]. We believe that this issue can be addressed by integrating proper data
protection mechanisms into NoSQL datastores. However, due to the variety of existing NoSQL datastores, each characterized by a given data model and query language, this appears as a very ambitious task. In order to do a first step towards the achievement of this goal, in this position paper we start focusing on MongoDB (http://www.mongodb.org), the most popular NoSQL datastore (see http://db-engines.com/en/ranking).
More precisely, we present a research roadmap related to the enhancement of MongoDB with fine grained context-aware access control.Based on recent surveys the interest for NoSQL datastores is continuously growing. This trend is an expected consequence of key features of these systems, such as their ability to efficiently handle high data volumes, and to easily scale. Indeed, NoSQL datastores outclass
traditional relational database management systems (RDBMs) wrt performance and scalability. In addition, with innovative computational paradigms, such as MapReduce and the aggregation pipeline, NoSQL datastores also overcome RDBMSs in terms of achievable forms of data analysis. At the same time, they provide only poor support for data protection, which is typically limited to a very basic form of access control.
This aspect is seen by several managers as the top obstacle to the use of datastores in industry [14]. We believe that this issue can be addressed by integrating proper data
protection mechanisms into NoSQL datastores. However, due to the variety of existing NoSQL datastores, each characterized by a given data model and query language, this appears as a very ambitious task. In order to do a first step towards the achievement of this goal, in this position paper we start focusing on MongoDB (http://www.mongodb.org), the most popular NoSQL datastore (see http://db-engines.com/en/ranking).
More precisely, we present a research roadmap related to the enhancement of MongoDB with fine grained context-aware access control.
traditional relational database management systems (RDBMs) wrt performance and scalability. In addition, with innovative computational paradigms, such as MapReduce and the aggregation pipeline, NoSQL datastores also overcome RDBMSs in terms of achievable forms of data analysis. At the same time, they provide only poor support for data protection, which is typically limited to a very basic form of access control.
This aspect is seen by several managers as the top obstacle to the use of datastores in industry [14]. We believe that this issue can be addressed by integrating proper data
protection mechanisms into NoSQL datastores. However, due to the variety of existing NoSQL datastores, each characterized by a given data model and query language, this appears as a very ambitious task. In order to do a first step towards the achievement of this goal, in this position paper we start focusing on MongoDB (http://www.mongodb.org), the most popular NoSQL datastore (see http://db-engines.com/en/ranking).
More precisely, we present a research roadmap related to the enhancement of MongoDB with fine grained context-aware access control.Based on recent surveys the interest for NoSQL datastores is continuously growing. This trend is an expected consequence of key features of these systems, such as their ability to efficiently handle high data volumes, and to easily scale. Indeed, NoSQL datastores outclass
traditional relational database management systems (RDBMs) wrt performance and scalability. In addition, with innovative computational paradigms, such as MapReduce and the aggregation pipeline, NoSQL datastores also overcome RDBMSs in terms of achievable forms of data analysis. At the same time, they provide only poor support for data protection, which is typically limited to a very basic form of access control.
This aspect is seen by several managers as the top obstacle to the use of datastores in industry [14]. We believe that this issue can be addressed by integrating proper data
protection mechanisms into NoSQL datastores. However, due to the variety of existing NoSQL datastores, each characterized by a given data model and query language, this appears as a very ambitious task. In order to do a first step towards the achievement of this goal, in this position paper we start focusing on MongoDB (http://www.mongodb.org), the most popular NoSQL datastore (see http://db-engines.com/en/ranking).
More precisely, we present a research roadmap related to the enhancement of MongoDB with fine grained context-aware access control.
Laleh, Naeimeh; Carminati, Barbara; Ferrari, Elena
Graph Based Local Risk Estimation in Large Scale Online Social Networks Proceedings Article
In: 2015 IEEE International Conference on Smart City/SocialCom/SustainCom 2015, Chengdu, China, December 19-21, 2015, pp. 528–535, IEEE Computer Society, 2015.
@inproceedings{DBLP:conf/smartcity/LalehCF15,
title = {Graph Based Local Risk Estimation in Large Scale Online Social Networks},
author = {Naeimeh Laleh and Barbara Carminati and Elena Ferrari},
url = {https://doi.org/10.1109/SmartCity.2015.124},
doi = {10.1109/SmartCity.2015.124},
year = {2015},
date = {2015-01-01},
booktitle = {2015 IEEE International Conference on Smart City/SocialCom/SustainCom
2015, Chengdu, China, December 19-21, 2015},
pages = {528--535},
publisher = {IEEE Computer Society},
abstract = {Online Social Networks (OSNs) have become extremely popular in recent years, leading to the presence of huge volumes of users' personal information on the Internet. This increases the need for efficient and effective measures helping users to judge their direct contacts so as to avoid friendship with malicious users that could misuse their personal information. At this purpose, in this paper we propose a risk measure, called local risk factor, having as a key idea the fact the malicious users in OSNs (aka attackers) show some common features on the topology of their social graphs, which is different from those of legitimate users. This consideration brought us to design a set of features defined based on attacker activity patterns. To prove the effectiveness of the proposed risk measure, we run several experiments on a real OSN dataset (i.e., Orkut social network) with more than 3 million vertices and 117 million edges, by injecting synthetic fake users according to different settings and showing how the proposed measures can indeed help in their detection.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Online Social Networks (OSNs) have become extremely popular in recent years, leading to the presence of huge volumes of users' personal information on the Internet. This increases the need for efficient and effective measures helping users to judge their direct contacts so as to avoid friendship with malicious users that could misuse their personal information. At this purpose, in this paper we propose a risk measure, called local risk factor, having as a key idea the fact the malicious users in OSNs (aka attackers) show some common features on the topology of their social graphs, which is different from those of legitimate users. This consideration brought us to design a set of features defined based on attacker activity patterns. To prove the effectiveness of the proposed risk measure, we run several experiments on a real OSN dataset (i.e., Orkut social network) with more than 3 million vertices and 117 million edges, by injecting synthetic fake users according to different settings and showing how the proposed measures can indeed help in their detection.
2014
Akcora, Cuneyt Gurcan; Ferrari, Elena
Similarity Metrics on Social Networks Book Section
In: Encyclopedia of Social Network Analysis and Mining, pp. 1734–1743, 2014.
@incollection{DBLP:reference/snam/AkcoraF14,
title = {Similarity Metrics on Social Networks},
author = {Cuneyt Gurcan Akcora and Elena Ferrari},
url = {https://doi.org/10.1007/978-1-4614-6170-8_252},
doi = {10.1007/978-1-4614-6170-8_252},
year = {2014},
date = {2014-01-01},
booktitle = {Encyclopedia of Social Network Analysis and Mining},
pages = {1734--1743},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Ferrari, Elena; Kantarcioglu, Murat
Special issue on secure and privacy-aware data management Journal Article
In: Distributed Parallel Databases, vol. 32, no. 1, pp. 1–3, 2014.
@article{DBLP:journals/dpd/FerrariK14,
title = {Special issue on secure and privacy-aware data management},
author = {Elena Ferrari and Murat Kantarcioglu},
url = {https://doi.org/10.1007/s10619-014-7144-z},
doi = {10.1007/s10619-014-7144-z},
year = {2014},
date = {2014-01-01},
journal = {Distributed Parallel Databases},
volume = {32},
number = {1},
pages = {1--3},
abstract = {It is often necessary for organizations to perform data mining tasks collaboratively without giving up their own data. This necessity has led to the development of privacy preserving distributed data mining. Several protocols exist which deal with data ...It is often necessary for organizations to perform data mining tasks collaboratively without giving up their own data. This necessity has led to the development of privacy preserving distributed data mining. Several protocols exist which deal with data ...},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
It is often necessary for organizations to perform data mining tasks collaboratively without giving up their own data. This necessity has led to the development of privacy preserving distributed data mining. Several protocols exist which deal with data ...It is often necessary for organizations to perform data mining tasks collaboratively without giving up their own data. This necessity has led to the development of privacy preserving distributed data mining. Several protocols exist which deal with data ...
Albertini, Davide Alberto; Carminati, Barbara; Ferrari, Elena
SocialCloudShare: a Facebook Application for a Relationship-based Information Sharing in the Cloud Journal Article
In: EAI Endorsed Trans. Collab. Comput., vol. 1, no. 2, pp. e6, 2014.
@article{DBLP:journals/eetcc/AlbertiniCF14,
title = {SocialCloudShare: a Facebook Application for a Relationship-based
Information Sharing in the Cloud},
author = {Davide Alberto Albertini and Barbara Carminati and Elena Ferrari},
url = {https://doi.org/10.4108/cc.1.2.e6},
doi = {10.4108/cc.1.2.e6},
year = {2014},
date = {2014-01-01},
journal = {EAI Endorsed Trans. Collab. Comput.},
volume = {1},
number = {2},
pages = {e6},
abstract = {In last few years, Online Social Networks (OSNs) have become one of the most used platforms for sharing data (e.g., pictures, short texts) on the Internet. Nowadays Facebook and Twitter are the most popular OSN providers, though they implement different social models. However, independently from the social model they implement, OSN platforms have become a widespread repository of personal information. All these data (e.g., profile information, shared elements, users’ likes) are stored in a centralized repository that can be exploited for data mining and marketing analysis. With this data collection process, lots of sensitive information are gathered by OSN providers that, in time, have become more and more targeted by malicious attackers. To overcome this problem, in this paper we present an architectural framework that, by means of a Social Application registered in Facebook, allows users to move their data (e.g., relationships, resources) outside the OSN realm and to store them in the public Cloud. Given that the public Cloud is not a secure and private environment, our proposal provides users security and privacy guarantees over their data by encrypting the resources and by anonymizing their social graphs. The presented framework enforces Relationship-Based Access Control (ReBAC) rules over the anonymized social graph, providing OSN users the possibility to selectively share information and resources as they are used to do in Facebook.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In last few years, Online Social Networks (OSNs) have become one of the most used platforms for sharing data (e.g., pictures, short texts) on the Internet. Nowadays Facebook and Twitter are the most popular OSN providers, though they implement different social models. However, independently from the social model they implement, OSN platforms have become a widespread repository of personal information. All these data (e.g., profile information, shared elements, users’ likes) are stored in a centralized repository that can be exploited for data mining and marketing analysis. With this data collection process, lots of sensitive information are gathered by OSN providers that, in time, have become more and more targeted by malicious attackers. To overcome this problem, in this paper we present an architectural framework that, by means of a Social Application registered in Facebook, allows users to move their data (e.g., relationships, resources) outside the OSN realm and to store them in the public Cloud. Given that the public Cloud is not a secure and private environment, our proposal provides users security and privacy guarantees over their data by encrypting the resources and by anonymizing their social graphs. The presented framework enforces Relationship-Based Access Control (ReBAC) rules over the anonymized social graph, providing OSN users the possibility to selectively share information and resources as they are used to do in Facebook.
Colombo, Pietro; Ferrari, Elena
A framework for privacy aware data management in relational databases Journal Article
In: Int. J. Inf. Priv. Secur. Integr., vol. 2, no. 1, pp. 56–78, 2014.
@article{DBLP:journals/ijipsi/ColomboF14,
title = {A framework for privacy aware data management in relational databases},
author = {Pietro Colombo and Elena Ferrari},
url = {https://doi.org/10.1504/IJIPSI.2014.062886},
doi = {10.1504/IJIPSI.2014.062886},
year = {2014},
date = {2014-01-01},
journal = {Int. J. Inf. Priv. Secur. Integr.},
volume = {2},
number = {1},
pages = {56--78},
abstract = {This paper is about MAPaS - modelling and analysis of privacy-aware systems - framework, which targets the development of privacy aware SQL queries operating on a given database. MAPaS supports the specification of purpose and role-based access control policies that regulate the access to data based on purpose compliance, role and purpose-based authorisations. The current version of MAPaS allows the definition of the scheme of the database whose data must be protected and the SQL queries that should be executed on such a database. A rich analysis toolkit allows user to assess the compliance of these queries with the specified privacy policies. The analysis can be done even before the database is populated. The use of MAPaS bring users to define SQL queries which are privacy aware by design.This paper is about MAPaS - modelling and analysis of privacy-aware systems - framework, which targets the development of privacy aware SQL queries operating on a given database. MAPaS supports the specification of purpose and role-based access control policies that regulate the access to data based on purpose compliance, role and purpose-based authorisations. The current version of MAPaS allows the definition of the scheme of the database whose data must be protected and the SQL queries that should be executed on such a database. A rich analysis toolkit allows user to assess the compliance of these queries with the specified privacy policies. The analysis can be done even before the database is populated. The use of MAPaS bring users to define SQL queries which are privacy aware by design.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper is about MAPaS - modelling and analysis of privacy-aware systems - framework, which targets the development of privacy aware SQL queries operating on a given database. MAPaS supports the specification of purpose and role-based access control policies that regulate the access to data based on purpose compliance, role and purpose-based authorisations. The current version of MAPaS allows the definition of the scheme of the database whose data must be protected and the SQL queries that should be executed on such a database. A rich analysis toolkit allows user to assess the compliance of these queries with the specified privacy policies. The analysis can be done even before the database is populated. The use of MAPaS bring users to define SQL queries which are privacy aware by design.This paper is about MAPaS - modelling and analysis of privacy-aware systems - framework, which targets the development of privacy aware SQL queries operating on a given database. MAPaS supports the specification of purpose and role-based access control policies that regulate the access to data based on purpose compliance, role and purpose-based authorisations. The current version of MAPaS allows the definition of the scheme of the database whose data must be protected and the SQL queries that should be executed on such a database. A rich analysis toolkit allows user to assess the compliance of these queries with the specified privacy policies. The analysis can be done even before the database is populated. The use of MAPaS bring users to define SQL queries which are privacy aware by design.
Akcora, Cuneyt Gurcan; Carminati, Barbara; Ferrari, Elena; Kantarcioglu, Murat
Detecting anomalies in social network data consumption Journal Article
In: Soc. Netw. Anal. Min., vol. 4, no. 1, pp. 231, 2014.
@article{DBLP:journals/snam/AkcoraCFK14,
title = {Detecting anomalies in social network data consumption},
author = {Cuneyt Gurcan Akcora and Barbara Carminati and Elena Ferrari and Murat Kantarcioglu},
url = {https://doi.org/10.1007/s13278-014-0231-3},
doi = {10.1007/s13278-014-0231-3},
year = {2014},
date = {2014-01-01},
journal = {Soc. Netw. Anal. Min.},
volume = {4},
number = {1},
pages = {231},
abstract = {As the popularity and usage of social media exploded over the years, understanding how social network users’ interests evolve gained importance in diverse fields, ranging from sociological studies to marketing. In this paper, we use two snapshots from the Twitter network and analyze data interest patterns of users in time to understand individual and collective user behavior on social networks. Building topical profiles of users, we propose novel metrics to identify anomalous friendships, and validate our results with Amazon Mechanical Turk experiments. We show that although more than 80 % of all friendships on Twitter are created due to data interests, 83 % of all users have at least one friendship that can be explained neither by users’ past interest nor collective behavior of other similar users.As the popularity and usage of social media exploded over the years, understanding how social network users’ interests evolve gained importance in diverse fields, ranging from sociological studies to marketing. In this paper, we use two snapshots from the Twitter network and analyze data interest patterns of users in time to understand individual and collective user behavior on social networks. Building topical profiles of users, we propose novel metrics to identify anomalous friendships, and validate our results with Amazon Mechanical Turk experiments. We show that although more than 80 % of all friendships on Twitter are created due to data interests, 83 % of all users have at least one friendship that can be explained neither by users’ past interest nor collective behavior of other similar users.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
As the popularity and usage of social media exploded over the years, understanding how social network users’ interests evolve gained importance in diverse fields, ranging from sociological studies to marketing. In this paper, we use two snapshots from the Twitter network and analyze data interest patterns of users in time to understand individual and collective user behavior on social networks. Building topical profiles of users, we propose novel metrics to identify anomalous friendships, and validate our results with Amazon Mechanical Turk experiments. We show that although more than 80 % of all friendships on Twitter are created due to data interests, 83 % of all users have at least one friendship that can be explained neither by users’ past interest nor collective behavior of other similar users.As the popularity and usage of social media exploded over the years, understanding how social network users’ interests evolve gained importance in diverse fields, ranging from sociological studies to marketing. In this paper, we use two snapshots from the Twitter network and analyze data interest patterns of users in time to understand individual and collective user behavior on social networks. Building topical profiles of users, we propose novel metrics to identify anomalous friendships, and validate our results with Amazon Mechanical Turk experiments. We show that although more than 80 % of all friendships on Twitter are created due to data interests, 83 % of all users have at least one friendship that can be explained neither by users’ past interest nor collective behavior of other similar users.
Colombo, Pietro; Ferrari, Elena
Enforcing Obligations within RelationalDatabase Management Systems Journal Article
In: IEEE Trans. Dependable Secur. Comput., vol. 11, no. 4, pp. 318–331, 2014.
@article{DBLP:journals/tdsc/ColomboF14,
title = {Enforcing Obligations within RelationalDatabase Management Systems},
author = {Pietro Colombo and Elena Ferrari},
url = {https://doi.org/10.1109/TDSC.2013.48},
doi = {10.1109/TDSC.2013.48},
year = {2014},
date = {2014-01-01},
journal = {IEEE Trans. Dependable Secur. Comput.},
volume = {11},
number = {4},
pages = {318--331},
abstract = {Within Database Management Systems (DBMS), privacy policies regulate the collection, access and disclosure of the stored personal, identifiable and sensitive data. Policies often specify obligations which represent actions that must be executed or conditions that must be satisfied before and/or after data are accessed. Although numerous policies specification languages allow the specification, no systematic support is provided to enforce obligations within relational DBMS. In this paper, we make a step to fill this void presenting an approach to the definition of an enforcement monitor which handles privacy policies that include obligations. Such a monitor is derived from the same set of policies that must be enforced, and regulates the execution of SQL code based on the satisfaction of a variety of obligation types. The proposed solution is systematic, has been automated, does not require any programming activity and can be used with most of the existing relational DBMSs.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Within Database Management Systems (DBMS), privacy policies regulate the collection, access and disclosure of the stored personal, identifiable and sensitive data. Policies often specify obligations which represent actions that must be executed or conditions that must be satisfied before and/or after data are accessed. Although numerous policies specification languages allow the specification, no systematic support is provided to enforce obligations within relational DBMS. In this paper, we make a step to fill this void presenting an approach to the definition of an enforcement monitor which handles privacy policies that include obligations. Such a monitor is derived from the same set of policies that must be enforced, and regulates the execution of SQL code based on the satisfaction of a variety of obligation types. The proposed solution is systematic, has been automated, does not require any programming activity and can be used with most of the existing relational DBMSs.
-, Javier Parra; Perego, Andrea; Ferrari, Elena; é, Jordi Forn; -, David Rebollo
Privacy-Preserving Enhanced Collaborative Tagging Journal Article
In: IEEE Trans. Knowl. Data Eng., vol. 26, no. 1, pp. 180–193, 2014.
@article{DBLP:journals/tkde/Parra-ArnauPFFR14,
title = {Privacy-Preserving Enhanced Collaborative Tagging},
author = {Javier Parra - and Andrea Perego and Elena Ferrari and Jordi Forn \'{e} and David Rebollo -},
url = {https://doi.org/10.1109/TKDE.2012.248},
doi = {10.1109/TKDE.2012.248},
year = {2014},
date = {2014-01-01},
journal = {IEEE Trans. Knowl. Data Eng.},
volume = {26},
number = {1},
pages = {180--193},
abstract = {Collaborative tagging is one of the most popular services available online, and it allows end user to loosely classify either online or offline resources based on their feedback, expressed in the form of free-text labels (i.e., tags). Although tags may not be per se sensitive information, the wide use of collaborative tagging services increases the risk of cross referencing, thereby seriously compromising user privacy. In this paper, we make a first contribution toward the development of a privacy-preserving collaborative tagging service, by showing how a specific privacy-enhancing technology, namely tag suppression, can be used to protect end-user privacy. Moreover, we analyze how our approach can affect the effectiveness of a policy-based collaborative tagging system that supports enhanced web access functionalities, like content filtering and discovery, based on preferences specified by end users.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Collaborative tagging is one of the most popular services available online, and it allows end user to loosely classify either online or offline resources based on their feedback, expressed in the form of free-text labels (i.e., tags). Although tags may not be per se sensitive information, the wide use of collaborative tagging services increases the risk of cross referencing, thereby seriously compromising user privacy. In this paper, we make a first contribution toward the development of a privacy-preserving collaborative tagging service, by showing how a specific privacy-enhancing technology, namely tag suppression, can be used to protect end-user privacy. Moreover, we analyze how our approach can affect the effectiveness of a policy-based collaborative tagging system that supports enhanced web access functionalities, like content filtering and discovery, based on preferences specified by end users.
Colombo, Pietro; Ferrari, Elena
Enforcement of Purpose Based Access Control within Relational Database Management Systems Journal Article
In: IEEE Trans. Knowl. Data Eng., vol. 26, no. 11, pp. 2703–2716, 2014.
@article{DBLP:journals/tkde/ColomboF14,
title = {Enforcement of Purpose Based Access Control within Relational Database
Management Systems},
author = {Pietro Colombo and Elena Ferrari},
url = {https://doi.org/10.1109/TKDE.2014.2312112},
doi = {10.1109/TKDE.2014.2312112},
year = {2014},
date = {2014-01-01},
journal = {IEEE Trans. Knowl. Data Eng.},
volume = {26},
number = {11},
pages = {2703--2716},
abstract = {Privacy is becoming a key requirement for ICT applications that handle personal data. However, Database Management Systems (DBMSs), which are devoted to data collection and processing by definition, still do not provide the proper support for privacy policies. Policies are enforced by ad-hoc programmed software modules that complement DBMS access control services. This practice is time consuming, error prone, and neither general nor scalable. This work does a first step to overcome these limits. We propose a systematic approach to the automatic development of a monitor that regulates the execution of SQL queries based on purpose based privacy policies. The proposed solution does not require programming, it is general, platform independent and usable with most of the existing relational DBMSs.Privacy is becoming a key requirement for ICT applications that handle personal data. However, Database Management Systems (DBMSs), which are devoted to data collection and processing by definition, still do not provide the proper support for privacy policies. Policies are enforced by ad-hoc programmed software modules that complement DBMS access control services. This practice is time consuming, error prone, and neither general nor scalable. This work does a first step to overcome these limits. We propose a systematic approach to the automatic development of a monitor that regulates the execution of SQL queries based on purpose based privacy policies. The proposed solution does not require programming, it is general, platform independent and usable with most of the existing relational DBMSs.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Privacy is becoming a key requirement for ICT applications that handle personal data. However, Database Management Systems (DBMSs), which are devoted to data collection and processing by definition, still do not provide the proper support for privacy policies. Policies are enforced by ad-hoc programmed software modules that complement DBMS access control services. This practice is time consuming, error prone, and neither general nor scalable. This work does a first step to overcome these limits. We propose a systematic approach to the automatic development of a monitor that regulates the execution of SQL queries based on purpose based privacy policies. The proposed solution does not require programming, it is general, platform independent and usable with most of the existing relational DBMSs.Privacy is becoming a key requirement for ICT applications that handle personal data. However, Database Management Systems (DBMSs), which are devoted to data collection and processing by definition, still do not provide the proper support for privacy policies. Policies are enforced by ad-hoc programmed software modules that complement DBMS access control services. This practice is time consuming, error prone, and neither general nor scalable. This work does a first step to overcome these limits. We propose a systematic approach to the automatic development of a monitor that regulates the execution of SQL queries based on purpose based privacy policies. The proposed solution does not require programming, it is general, platform independent and usable with most of the existing relational DBMSs.
Akcora, Cuneyt Gurcan; Ferrari, Elena
Discovering trust patterns in ego networks Proceedings Article
In: Wu, Xindong; Ester, Martin; Xu, Guandong (Ed.): 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2014, Beijing, China, August 17-20, 2014, pp. 224–229, IEEE Computer Society, 2014.
@inproceedings{DBLP:conf/asunam/AkcoraF14,
title = {Discovering trust patterns in ego networks},
author = {Cuneyt Gurcan Akcora and Elena Ferrari},
editor = {Xindong Wu and Martin Ester and Guandong Xu},
url = {https://doi.org/10.1109/ASONAM.2014.6921587},
doi = {10.1109/ASONAM.2014.6921587},
year = {2014},
date = {2014-01-01},
booktitle = {2014 IEEE/ACM International Conference on Advances in Social Networks
Analysis and Mining, ASONAM 2014, Beijing, China, August 17-20,
2014},
pages = {224--229},
publisher = {IEEE Computer Society},
abstract = {In the past decade, online social networks have provided invaluable data in understanding how social networks change in time while attracting new users and fostering relationships among members. The concept of social trust was developed to explain why and how much users trust each other to become friends or expose their personal data. Existing work on social trust analyze behavioral features and profile attributes to find trust between pairs of users. Although useful, these works suffer from the problem of incomplete, inaccurate and inconsistent social network data.
We approach the problem of analyzing trust from an ego network perspective. We observe new friendships, group formations and structural roles of users in ego networks to outline three trust questions. Answers to these questions provide insights into how social trust can be measured from user connections.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In the past decade, online social networks have provided invaluable data in understanding how social networks change in time while attracting new users and fostering relationships among members. The concept of social trust was developed to explain why and how much users trust each other to become friends or expose their personal data. Existing work on social trust analyze behavioral features and profile attributes to find trust between pairs of users. Although useful, these works suffer from the problem of incomplete, inaccurate and inconsistent social network data.
We approach the problem of analyzing trust from an ego network perspective. We observe new friendships, group formations and structural roles of users in ego networks to outline three trust questions. Answers to these questions provide insights into how social trust can be measured from user connections.
We approach the problem of analyzing trust from an ego network perspective. We observe new friendships, group formations and structural roles of users in ego networks to outline three trust questions. Answers to these questions provide insights into how social trust can be measured from user connections.
Lucia, William; Ferrari, Elena
EgoCentric: Ego Networks for Knowledge-based Short Text Classification Proceedings Article
In: Li, Jianzhong; Wang, Xiaoyang Sean; Garofalakis, Minos N; Soboroff, Ian; Suel, Torsten; Wang, Min (Ed.): Proceedings of the 23rd ACM International Conference on Conference on Information and Knowledge Management, CIKM 2014, Shanghai, China, November 3-7, 2014, pp. 1079–1088, ACM, 2014.
@inproceedings{DBLP:conf/cikm/LuciaF14,
title = {EgoCentric: Ego Networks for Knowledge-based Short Text Classification},
author = {William Lucia and Elena Ferrari},
editor = {Jianzhong Li and Xiaoyang Sean Wang and Minos N Garofalakis and Ian Soboroff and Torsten Suel and Min Wang},
url = {https://doi.org/10.1145/2661829.2661990},
doi = {10.1145/2661829.2661990},
year = {2014},
date = {2014-01-01},
booktitle = {Proceedings of the 23rd ACM International Conference on Conference
on Information and Knowledge Management, CIKM 2014, Shanghai, China,
November 3-7, 2014},
pages = {1079--1088},
publisher = {ACM},
abstract = {Classification of short text messages is becoming more and more relevant in these years, where billion of users use online social networks to communicate with other people. Understanding message content can have a huge impact on many data analysis processes, ranging from the study of online social behavior to targeted advertisement, to security and privacy purposes.
In this paper, we propose a new unsupervised knowledge-based classifier for short text messages, where each category is represented by an ego-network.
A short text is classified into a category depending on how far its words are from the ego of that category. We show how this technique can be used both in single label and in multi-label classification, and how it outperforms the state of the art for short text messages classification.Classification of short text messages is becoming more and more relevant in these years, where billion of users use online social networks to communicate with other people. Understanding message content can have a huge impact on many data analysis processes, ranging from the study of online social behavior to targeted advertisement, to security and privacy purposes.
In this paper, we propose a new unsupervised knowledge-based classifier for short text messages, where each category is represented by an ego-network.
A short text is classified into a category depending on how far its words are from the ego of that category. We show how this technique can be used both in single label and in multi-label classification, and how it outperforms the state of the art for short text messages classification.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Classification of short text messages is becoming more and more relevant in these years, where billion of users use online social networks to communicate with other people. Understanding message content can have a huge impact on many data analysis processes, ranging from the study of online social behavior to targeted advertisement, to security and privacy purposes.
In this paper, we propose a new unsupervised knowledge-based classifier for short text messages, where each category is represented by an ego-network.
A short text is classified into a category depending on how far its words are from the ego of that category. We show how this technique can be used both in single label and in multi-label classification, and how it outperforms the state of the art for short text messages classification.Classification of short text messages is becoming more and more relevant in these years, where billion of users use online social networks to communicate with other people. Understanding message content can have a huge impact on many data analysis processes, ranging from the study of online social behavior to targeted advertisement, to security and privacy purposes.
In this paper, we propose a new unsupervised knowledge-based classifier for short text messages, where each category is represented by an ego-network.
A short text is classified into a category depending on how far its words are from the ego of that category. We show how this technique can be used both in single label and in multi-label classification, and how it outperforms the state of the art for short text messages classification.
In this paper, we propose a new unsupervised knowledge-based classifier for short text messages, where each category is represented by an ego-network.
A short text is classified into a category depending on how far its words are from the ego of that category. We show how this technique can be used both in single label and in multi-label classification, and how it outperforms the state of the art for short text messages classification.Classification of short text messages is becoming more and more relevant in these years, where billion of users use online social networks to communicate with other people. Understanding message content can have a huge impact on many data analysis processes, ranging from the study of online social behavior to targeted advertisement, to security and privacy purposes.
In this paper, we propose a new unsupervised knowledge-based classifier for short text messages, where each category is represented by an ego-network.
A short text is classified into a category depending on how far its words are from the ego of that category. We show how this technique can be used both in single label and in multi-label classification, and how it outperforms the state of the art for short text messages classification.
Bahri, Leila; Carminati, Barbara; Ferrari, Elena
Community-Based Identity Validation on Online Social Networks Proceedings Article
In: IEEE 34th International Conference on Distributed Computing Systems, ICDCS 2014, Madrid, Spain, June 30 - July 3, 2014, pp. 21–30, IEEE Computer Society, 2014.
@inproceedings{DBLP:conf/icdcs/BahriCF14,
title = {Community-Based Identity Validation on Online Social Networks},
author = {Leila Bahri and Barbara Carminati and Elena Ferrari},
url = {https://doi.org/10.1109/ICDCS.2014.11},
doi = {10.1109/ICDCS.2014.11},
year = {2014},
date = {2014-01-01},
booktitle = {IEEE 34th International Conference on Distributed Computing Systems,
ICDCS 2014, Madrid, Spain, June 30 - July 3, 2014},
pages = {21--30},
publisher = {IEEE Computer Society},
abstract = {Identity management in online social networks (OSNs) is a challenging, yet important requirement for effective privacy protection and trust management. Literature offers several proposals addressing issues related to identity breaches and/or identity related attacks on OSNs, but only a few aim at giving means to judge users' reliability in terms of trustworthiness of their claimed identities. In this paper, we propose an identity validation process that relies on OSN community feedback to assign to OSN users identity trustworthiness levels. For this purpose, we define a community based supervised learning process to detect the set of attributes in a user profile for which it is expected to see a correlation among their values (e.g., job and salary). Once these correlated attribute sets are identified, the profile of a target user is judged by a selected group of raters to estimate her identity trustworthiness level. We demonstrate the effectiveness of our proposal through experimentation under two different scenarios and using real data. The experiments' results under the two scenarios demonstrate the effectiveness and meaningfulness of our proposal.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Identity management in online social networks (OSNs) is a challenging, yet important requirement for effective privacy protection and trust management. Literature offers several proposals addressing issues related to identity breaches and/or identity related attacks on OSNs, but only a few aim at giving means to judge users' reliability in terms of trustworthiness of their claimed identities. In this paper, we propose an identity validation process that relies on OSN community feedback to assign to OSN users identity trustworthiness levels. For this purpose, we define a community based supervised learning process to detect the set of attributes in a user profile for which it is expected to see a correlation among their values (e.g., job and salary). Once these correlated attribute sets are identified, the profile of a target user is judged by a selected group of raters to estimate her identity trustworthiness level. We demonstrate the effectiveness of our proposal through experimentation under two different scenarios and using real data. The experiments' results under the two scenarios demonstrate the effectiveness and meaningfulness of our proposal.
Carminati, Barbara; Ferrari, Elena; Tran, Ngoc Hong
Secure Web Service Composition with Untrusted Broker Proceedings Article
In: 2014 IEEE International Conference on Web Services, ICWS, 2014, Anchorage, AK, USA, June 27 - July 2, 2014, pp. 137–144, IEEE Computer Society, 2014.
@inproceedings{DBLP:conf/icws/CarminatiFT14,
title = {Secure Web Service Composition with Untrusted Broker},
author = {Barbara Carminati and Elena Ferrari and Ngoc Hong Tran},
url = {https://doi.org/10.1109/ICWS.2014.31},
doi = {10.1109/ICWS.2014.31},
year = {2014},
date = {2014-01-01},
booktitle = {2014 IEEE International Conference on Web Services, ICWS, 2014,
Anchorage, AK, USA, June 27 - July 2, 2014},
pages = {137--144},
publisher = {IEEE Computer Society},
abstract = {Composite web services are usually coordinated according to a workflow, composed by several activities, each of which carried out by a service. A way to coordinate this cooperation is orchestration, which implies that the workflow underlying the composite web service is processed by a broker hosting a workflow engine (e.g., BPEL engine). According to the orchestration paradigm, the broker coordinates the invocation of services involved in the composition by passing the needed parameters. In general, all previous proposals for the service orchestration model consider the broker as a trusted entity. As such, they never payed attention to the fact that the broker is able to access several pieces of sensitive data. We believe there is the need to protect them against improper access and usage from partner services as well as the broker. To cope with these issues, in this paper, we propose a protocol based on a selective encryption able to ensure that both the broker and service partners can access only the information needed to fulfill their activities.Composite web services are usually coordinated according to a workflow, composed by several activities, each of which carried out by a service. A way to coordinate this cooperation is orchestration, which implies that the workflow underlying the composite web service is processed by a broker hosting a workflow engine (e.g., BPEL engine). According to the orchestration paradigm, the broker coordinates the invocation of services involved in the composition by passing the needed parameters. In general, all previous proposals for the service orchestration model consider the broker as a trusted entity. As such, they never payed attention to the fact that the broker is able to access several pieces of sensitive data. We believe there is the need to protect them against improper access and usage from partner services as well as the broker. To cope with these issues, in this paper, we propose a protocol based on a selective encryption able to ensure that both the broker and service partners can access only the information needed to fulfill their activities.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Composite web services are usually coordinated according to a workflow, composed by several activities, each of which carried out by a service. A way to coordinate this cooperation is orchestration, which implies that the workflow underlying the composite web service is processed by a broker hosting a workflow engine (e.g., BPEL engine). According to the orchestration paradigm, the broker coordinates the invocation of services involved in the composition by passing the needed parameters. In general, all previous proposals for the service orchestration model consider the broker as a trusted entity. As such, they never payed attention to the fact that the broker is able to access several pieces of sensitive data. We believe there is the need to protect them against improper access and usage from partner services as well as the broker. To cope with these issues, in this paper, we propose a protocol based on a selective encryption able to ensure that both the broker and service partners can access only the information needed to fulfill their activities.Composite web services are usually coordinated according to a workflow, composed by several activities, each of which carried out by a service. A way to coordinate this cooperation is orchestration, which implies that the workflow underlying the composite web service is processed by a broker hosting a workflow engine (e.g., BPEL engine). According to the orchestration paradigm, the broker coordinates the invocation of services involved in the composition by passing the needed parameters. In general, all previous proposals for the service orchestration model consider the broker as a trusted entity. As such, they never payed attention to the fact that the broker is able to access several pieces of sensitive data. We believe there is the need to protect them against improper access and usage from partner services as well as the broker. To cope with these issues, in this paper, we propose a protocol based on a selective encryption able to ensure that both the broker and service partners can access only the information needed to fulfill their activities.
Cruz, Isabel F; Ferrari, Elena; Tao, Yufei; Bertino, Elisa; Trajcevski, Goce (Ed.)
IEEE Computer Society, 2014, ISBN: 978-1-4799-3480-5.
@proceedings{DBLP:conf/icde/2014,
title = {IEEE 30th International Conference on Data Engineering, Chicago,
ICDE 2014, IL, USA, March 31 - April 4, 2014},
editor = {Isabel F Cruz and Elena Ferrari and Yufei Tao and Elisa Bertino and Goce Trajcevski},
url = {https://ieeexplore.ieee.org/xpl/conhome/6811095/proceeding},
isbn = {978-1-4799-3480-5},
year = {2014},
date = {2014-01-01},
publisher = {IEEE Computer Society},
keywords = {},
pubstate = {published},
tppubtype = {proceedings}
}
2013
Carminati, Barbara; Ferrari, Elena; Viviani, Marco
Security and Trust in Online Social Networks Book
Morgan & Claypool Publishers, 2013.
@book{DBLP:series/synthesis/2013Carminati,
title = {Security and Trust in Online Social Networks},
author = {Barbara Carminati and Elena Ferrari and Marco Viviani},
url = {https://doi.org/10.2200/S00549ED1V01Y201311SPT008},
doi = {10.2200/S00549ED1V01Y201311SPT008},
year = {2013},
date = {2013-01-01},
publisher = {Morgan \& Claypool Publishers},
series = {Synthesis Lectures on Information Security, Privacy, and Trust},
abstract = {The enormous success and diffusion that online social networks (OSNs) are encountering nowadays is vastly apparent. Users' social interactions now occur using online social media as communication channels; personal information and activities are easily exchanged both for recreational and business purposes in order to obtain social or economic advantages. In this scenario, OSNs are considered critical applications with respect to the security of users and their resources, for their characteristics alone: the large amount of personal information they manage, big economic upturn connected to their commercial use, strict interconnection among users and resources characterizing them, as well as user attitude to easily share private data and activities with strangers.
In this book, we discuss three main research topics connected to security in online social networks: (i) trust management, because trust can be intended as a measure of the perception of security (in terms of risks/benefits) that users in an OSN have with respect to other (unknown/little-known) parties; (ii) controlled information sharing, because in OSNs, where personal information is not only connected to user profiles, but spans across users' social activities and interactions, users must be provided with the possibility to directly control information flows; and (iii) identity management, because OSNs are subjected more and more to malicious attacks that, with respect to traditional ones, have the advantage of being more effective by leveraging the social network as a new medium for reaching victims.
For each of these research topics, in this book we provide both theoretical concepts as well as an overview of the main solutions that commercial/non-commercial actors have proposed over the years. We also discuss some of the most promising research directions in these fields.
Table of Contents: Acknowledgments / Online Social Networks and Security Issues / Trust Management in Online Social Networks / Controlled Information Sharing in Online Social Networks / Identity Management in Online Social Networks / Conclusions and Further Research Directions / Bibliography / Authors' Biography},
keywords = {},
pubstate = {published},
tppubtype = {book}
}
The enormous success and diffusion that online social networks (OSNs) are encountering nowadays is vastly apparent. Users' social interactions now occur using online social media as communication channels; personal information and activities are easily exchanged both for recreational and business purposes in order to obtain social or economic advantages. In this scenario, OSNs are considered critical applications with respect to the security of users and their resources, for their characteristics alone: the large amount of personal information they manage, big economic upturn connected to their commercial use, strict interconnection among users and resources characterizing them, as well as user attitude to easily share private data and activities with strangers.
In this book, we discuss three main research topics connected to security in online social networks: (i) trust management, because trust can be intended as a measure of the perception of security (in terms of risks/benefits) that users in an OSN have with respect to other (unknown/little-known) parties; (ii) controlled information sharing, because in OSNs, where personal information is not only connected to user profiles, but spans across users' social activities and interactions, users must be provided with the possibility to directly control information flows; and (iii) identity management, because OSNs are subjected more and more to malicious attacks that, with respect to traditional ones, have the advantage of being more effective by leveraging the social network as a new medium for reaching victims.
For each of these research topics, in this book we provide both theoretical concepts as well as an overview of the main solutions that commercial/non-commercial actors have proposed over the years. We also discuss some of the most promising research directions in these fields.
Table of Contents: Acknowledgments / Online Social Networks and Security Issues / Trust Management in Online Social Networks / Controlled Information Sharing in Online Social Networks / Identity Management in Online Social Networks / Conclusions and Further Research Directions / Bibliography / Authors' Biography
In this book, we discuss three main research topics connected to security in online social networks: (i) trust management, because trust can be intended as a measure of the perception of security (in terms of risks/benefits) that users in an OSN have with respect to other (unknown/little-known) parties; (ii) controlled information sharing, because in OSNs, where personal information is not only connected to user profiles, but spans across users' social activities and interactions, users must be provided with the possibility to directly control information flows; and (iii) identity management, because OSNs are subjected more and more to malicious attacks that, with respect to traditional ones, have the advantage of being more effective by leveraging the social network as a new medium for reaching victims.
For each of these research topics, in this book we provide both theoretical concepts as well as an overview of the main solutions that commercial/non-commercial actors have proposed over the years. We also discuss some of the most promising research directions in these fields.
Table of Contents: Acknowledgments / Online Social Networks and Security Issues / Trust Management in Online Social Networks / Controlled Information Sharing in Online Social Networks / Identity Management in Online Social Networks / Conclusions and Further Research Directions / Bibliography / Authors' Biography
Akcora, Cuneyt Gurcan; Carminati, Barbara; Ferrari, Elena
User similarities on social networks Journal Article
In: Soc. Netw. Anal. Min., vol. 3, no. 3, pp. 475–495, 2013.
@article{DBLP:journals/snam/AkcoraCF13,
title = {User similarities on social networks},
author = {Cuneyt Gurcan Akcora and Barbara Carminati and Elena Ferrari},
url = {https://doi.org/10.1007/s13278-012-0090-8},
doi = {10.1007/s13278-012-0090-8},
year = {2013},
date = {2013-01-01},
journal = {Soc. Netw. Anal. Min.},
volume = {3},
number = {3},
pages = {475--495},
abstract = {Recently, with the express growth of social network, users have joined more and more of these networks and live their life virtually. Consequently, they create a huge data on these social networks: their profile, interest, and behavior such as post, comment, like, joining groups or communities, etc. This brings some new challenges to researchers: do users having the same profile/interest show the same behavior? And vice versa, do users having the same behavior have interest in the same things? One of the basic issues in these challenges is the problem of estimating the similarity among users on these social networks based on their profile, interest, and behavior. This paper presents a model for estimating the similarity between users based on their behavior on social networks. The considered behaviors are activities including posting entries, liking these entries, commenting and liking the comment in these entries. The model is then evaluated with a dataset-collected users from Twitter. The results show that the model estimates correctly the similarity among users in the majority of the cases.Recently, with the express growth of social network, users have joined more and more of these networks and live their life virtually. Consequently, they create a huge data on these social networks: their profile, interest, and behavior such as post, comment, like, joining groups or communities, etc. This brings some new challenges to researchers: do users having the same profile/interest show the same behavior? And vice versa, do users having the same behavior have interest in the same things? One of the basic issues in these challenges is the problem of estimating the similarity among users on these social networks based on their profile, interest, and behavior. This paper presents a model for estimating the similarity between users based on their behavior on social networks. The considered behaviors are activities including posting entries, liking these entries, commenting and liking the comment in these entries. The model is then evaluated with a dataset-collected users from Twitter. The results show that the model estimates correctly the similarity among users in the majority of the cases.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Recently, with the express growth of social network, users have joined more and more of these networks and live their life virtually. Consequently, they create a huge data on these social networks: their profile, interest, and behavior such as post, comment, like, joining groups or communities, etc. This brings some new challenges to researchers: do users having the same profile/interest show the same behavior? And vice versa, do users having the same behavior have interest in the same things? One of the basic issues in these challenges is the problem of estimating the similarity among users on these social networks based on their profile, interest, and behavior. This paper presents a model for estimating the similarity between users based on their behavior on social networks. The considered behaviors are activities including posting entries, liking these entries, commenting and liking the comment in these entries. The model is then evaluated with a dataset-collected users from Twitter. The results show that the model estimates correctly the similarity among users in the majority of the cases.Recently, with the express growth of social network, users have joined more and more of these networks and live their life virtually. Consequently, they create a huge data on these social networks: their profile, interest, and behavior such as post, comment, like, joining groups or communities, etc. This brings some new challenges to researchers: do users having the same profile/interest show the same behavior? And vice versa, do users having the same behavior have interest in the same things? One of the basic issues in these challenges is the problem of estimating the similarity among users on these social networks based on their profile, interest, and behavior. This paper presents a model for estimating the similarity between users based on their behavior on social networks. The considered behaviors are activities including posting entries, liking these entries, commenting and liking the comment in these entries. The model is then evaluated with a dataset-collected users from Twitter. The results show that the model estimates correctly the similarity among users in the majority of the cases.
Carminati, Barbara; Ferrari, Elena; Guglielmi, Michele
A System for Timely and Controlled Information Sharing in Emergency Situations Journal Article
In: IEEE Trans. Dependable Secur. Comput., vol. 10, no. 3, pp. 129–142, 2013.
@article{DBLP:journals/tdsc/CarminatiFG13,
title = {A System for Timely and Controlled Information Sharing in Emergency
Situations},
author = {Barbara Carminati and Elena Ferrari and Michele Guglielmi},
url = {https://doi.org/10.1109/TDSC.2013.11},
doi = {10.1109/TDSC.2013.11},
year = {2013},
date = {2013-01-01},
journal = {IEEE Trans. Dependable Secur. Comput.},
volume = {10},
number = {3},
pages = {129--142},
abstract = {During natural disasters or emergency situations, an essential requirement for an effective emergency management is the information sharing. In this paper, we present an access control model to enforce controlled information sharing in emergency situations. An in-depth analysis of the model is discussed throughout the paper, and administration policies are introduced to enhance the model flexibility during emergencies. Moreover, a prototype implementation and experiments results are provided showing the efficiency and scalability of the system.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
During natural disasters or emergency situations, an essential requirement for an effective emergency management is the information sharing. In this paper, we present an access control model to enforce controlled information sharing in emergency situations. An in-depth analysis of the model is discussed throughout the paper, and administration policies are introduced to enhance the model flexibility during emergencies. Moreover, a prototype implementation and experiments results are provided showing the efficiency and scalability of the system.
Vanetti, Marco; Binaghi, Elisabetta; Ferrari, Elena; Carminati, Barbara; Carullo, Moreno
A System to Filter Unwanted Messages from OSN User Walls Journal Article
In: IEEE Trans. Knowl. Data Eng., vol. 25, no. 2, pp. 285–297, 2013.
@article{DBLP:journals/tkde/VanettiBFCC13,
title = {A System to Filter Unwanted Messages from OSN User Walls},
author = {Marco Vanetti and Elisabetta Binaghi and Elena Ferrari and Barbara Carminati and Moreno Carullo},
url = {https://doi.org/10.1109/TKDE.2011.230},
doi = {10.1109/TKDE.2011.230},
year = {2013},
date = {2013-01-01},
journal = {IEEE Trans. Knowl. Data Eng.},
volume = {25},
number = {2},
pages = {285--297},
abstract = {One fundamental issue in today On-line Social Networks (OSNs) is to give users the ability to control the messages posted on their own private space to avoid that unwanted content is displayed. Up to now OSNs provide little support to this requirement. To fill the gap, in this paper, we propose a system allowing OSN users to have a direct control on the messages posted on their walls. This is achieved through a flexible rule-based system, that allows users to customize the filtering criteria to be applied to their walls, and a Machine Learning based soft classifier automatically labeling messages in support of content-based filtering.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
One fundamental issue in today On-line Social Networks (OSNs) is to give users the ability to control the messages posted on their own private space to avoid that unwanted content is displayed. Up to now OSNs provide little support to this requirement. To fill the gap, in this paper, we propose a system allowing OSN users to have a direct control on the messages posted on their walls. This is achieved through a flexible rule-based system, that allows users to customize the filtering criteria to be applied to their walls, and a Machine Learning based soft classifier automatically labeling messages in support of content-based filtering.
Lucia, William; Akcora, Cuneyt Gurcan; Ferrari, Elena
Multi-Dimensional Conversation Analysis Across Online Social Networks Proceedings Article
In: 2013 International Conference on Cloud and Green Computing, Karlsruhe, Germany, September 30 - October 2, 2013, pp. 369–376, IEEE Computer Society, 2013.
@inproceedings{DBLP:conf/cgc/LuciaAF13,
title = {Multi-Dimensional Conversation Analysis Across Online Social Networks},
author = {William Lucia and Cuneyt Gurcan Akcora and Elena Ferrari},
url = {https://doi.org/10.1109/CGC.2013.65},
doi = {10.1109/CGC.2013.65},
year = {2013},
date = {2013-01-01},
booktitle = {2013 International Conference on Cloud and Green Computing, Karlsruhe,
Germany, September 30 - October 2, 2013},
pages = {369--376},
publisher = {IEEE Computer Society},
abstract = {With the advance of the Internet, ordinary users have created multiple personal accounts on online social networks, and interactions among these social network users have recently been tagged with location information. In this work, we observe user interactions across two popular online social networks, Facebook and Twitter, and analyze which factors lead to retweet/like interactions for tweets/posts. In addition to the named entities, lexical errors and expressed sentiments in these data items, we also consider the impact of shared user locations on user interactions. In particular, we show that geolocations of users can greatly affect which social network post/tweet will be liked/ retweeted. We believe that the results of our analysis can help researchers to understand which social network content will have better visibility.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
With the advance of the Internet, ordinary users have created multiple personal accounts on online social networks, and interactions among these social network users have recently been tagged with location information. In this work, we observe user interactions across two popular online social networks, Facebook and Twitter, and analyze which factors lead to retweet/like interactions for tweets/posts. In addition to the named entities, lexical errors and expressed sentiments in these data items, we also consider the impact of shared user locations on user interactions. In particular, we show that geolocations of users can greatly affect which social network post/tweet will be liked/ retweeted. We believe that the results of our analysis can help researchers to understand which social network content will have better visibility.