A Policy Based Infrastructure for Social Data Access with Privacy Guarantees

Author/Creator ORCID





Citation of Original Publication

Palanivel Andiappan Kodeswaran and Evelyne Viegas, A Policy Based Infrastructure for Social Data Access with Privacy Guarantees, Proceedings of the IEEE International Symposium on Policies for Distributed Systems and Networks, 2010, DOI: 10.1109/POLICY.2010.25


This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
© 2010 IEEE


In this paper, we present a policy based infrastructure for social data access with the goal of enabling scientific research, while preservingprivacy. We describe motivating application scenarios that could be enabled with the growing number of user datasets such as social networks, medical datasets etc. These datasets contain sensitive user information and sufficient caution must be exercised while sharing them with third parties to prevent privacy leaks. One of the goals of our framework is to allow users to control how their data is used, while at the same time enable researchers to use the aggregate data for scientific research. We extend existing access control languages to explicitly model user intent in data sharing as well as supporting additional access modes viz. Complete Access, Abstract Access and Statistical Access that go beyond the traditional allow/deny binary semantics of access control. We then describe our policy infrastructure and show how it can be used to enable the above scenarios while still guaranteeing individual privacy. We then present our initial implementation of the framework extending the SecPAL authorization language to account for new roles and operations.