Aligning principal and agent’s incentives: A principal–agent perspective of social networking sites

The viability of networked communities depends on the creation and disclosure of user-generated content and the frequency of user visitation (Facebook 10-K Annual Report, 2012). However, little is known about how to align the interests of user and social networking sites. In this study, we draw upon the principal-agent perspective to extend Pavlou et al.’s uncertainty mitigation model of online exchange relationships (2007) and propose an empirically tested model for aligning the incentives of the principal (user) and the agent (service provider). As suggested by Pavlou et al., we incorporated a multi-dimensional measure of trust: trust of provider and trust of members. The proposed model is empirically tested with survey data from 305 adults aged 20-55. The results support our model, delineating how real individuals with bounded rationality actually make decision about information disclosure under uncertainty in the social networking site context. There is show little to no relationship between online privacy concerns and information disclosure on online social network sites. Perceived benefits provide the linkage between the incentives of principal (user) and agent (provider) while usage intensity demonstrated the most significant impact on information disclosure. We argue that the phenomenon may be explained through Communication Privacy Management Theory. The present study enhances our understanding of agency theory and human judgment theory in the context of social media. Practical implications for understanding and facilitating online social exchange relationships are also discussed.     

Virt-RSBAC:一种防御云计算内部威胁的框架

针对来自云计算平台的内部威胁,为了保护云用户的隐私,缓减平台提供者的安全监控需求与用户隐私之间的策略冲突,本文提出一种虚拟化环境下的特权控制框架Virt-RSBAC。通过在虚拟机监视器（VMM）中添加特权控制和基于角色的资源隔离规则,实现对特权域管理权限的分离,简化对云用户的管理,借助于创建相互信任的安全虚拟机（SVM）为云平台提供者和云用户提供安全服务。最后,在Xen上实现了该框架的原型,实验与分析表明该框架能够防止恶意管理员获取用户隐私并提供检测功能,对原有系统的性能损耗在可接受范围内。     

基于SEAndroid的隐私保护机制研究

随着移动应用的迅猛发展,安卓手机用户群体日益庞大,而随之不断增加的用户数据也使安卓系统成为恶意攻击者的主要目标。通过对安卓4.4系统中加入的SELinux机制进行分析研究,指出了其中对root权限进行细化限制的可能性,并基于此机制提出了一种增强隐私安全的设计,使得用户的隐私数据即使存在于已获得root权限的手机中,也可以得到有效的保护。     

Analyzing settings for social identity management on Social Networking Sites: Classification,current state,and proposed developments

The rising prevalence of Social Networking Sites (SNS) and their usage in multiple contexts poses new privacy challenges and increasingly prompts users to manage their online identity. To address privacy threats stemming from interacting with other users on SNS, effective Social Identity Management (SIdM) is a key requirement. It refers to the deliberate and targeted disclosure of personal attribute values to a subset of one's contacts or other users on the SNS. Protection against other entities such as the site operator itself or advertisers and application programmers is not covered by SIdM, but could be incorporated in further refinement steps. Features and settings to perform SIdM have been proposed and subsequently implemented partly by some SNS. Yet, these are often isolated solutions that lack integration into a reference framework that states the requirements for successfully managing one's identity. In this article, such a reference framework of existing and desired SIdM settings is derived from identity theory, literature analysis, and existing SNS. Based thereupon, we examine the SIdM capabilities of prevalent SNS and highlight possible improvements. Lastly, we reason about developing a metric to objectively compare the capability of SNS in regards to their support for SIdM.     

Private personalized social recommendations in an IPTV system

In our connected world, recommender systems have become widely known for their ability to provide expert and personalize referrals to end-users in different domains. The rapid growth of social networks and new kinds of systems so called “social recommender systems” are rising, where recommender systems can be utilized to find a suitable content according to end-users' personal preferences. However, preserving end-users' privacy in social recommender systems is a very challenging problem that might prevent end-users from releasing their own data, which detains the accuracy of extracted referrals. In order to gain accurate referrals, social recommender systems should have the ability to preserve the privacy of end-users registered in this system. In this paper, we present a middleware that runs on end-users' Set-top boxes to conceal their profile data when released for generating referrals, such that computation of recommendation proceeds over the concealed data. The proposed middleware is equipped with two concealment protocols to give users a complete control on the privacy level of their profiles. We present an IPTV network scenario and perform a number of different experiments to test the efficiency and accuracy of our protocols. As supported by the experiments, our protocols maintain the recommendations accuracy with acceptable privacy level.     

Privacy leakage on the Web: Diffusion and countermeasures

Protecting privacy on the Web is becoming increasingly complicated because of the considerable amount of personal and sensitive information left by users in many locations during their Web browsing and the silent actions of third party sites that collect data, aggregate information and build personal profiles of Internet users in order to provide free and personalized services. On the other hand, most of people are unaware that their information may be collected online, and that, after their aggregation from multiple sources, could be used for secondary purposes, such as linked to allow identification, without user’s notice.     

信息时代下的隐私如何保护

随着电子商务技术的发展,网络交易安全成为了电子商务发展的核心和关键问题,对网络隐私数据(网络隐私权)安全的有效保护,成为电子商务顺利发展的重要市场环境条件。网络信息安全技术、信息安全协议、P2P技术成为网络隐私安全保护的有效手段。     

A privacy preserving technique for distance-based classification with worst case privacy guarantees

There has been relatively little work on privacy preserving techniques for distance based mining. The most widely used ones are additive perturbation methods and orthogonal transform based methods. These methods concentrate on privacy protection in the average case and provide no worst case privacy guarantee. However, the lack of privacy guarantee makes it difficult to use these techniques in practice, and causes possible privacy breach under certain attacking methods. This paper proposes a novel privacy protection method for distance based mining algorithms that gives worst case privacy guarantees and protects the data against correlation-based and transform-based attacks. This method has the following three novel aspects. First, this method uses a framework to provide theoretical bound of privacy breach in the worst case. This framework provides easy to check conditions that one can determine whether a method provides worst case guarantee. A quick examination shows that special types of noise such as Laplace noise provide worst case guarantee, while most existing methods such as adding normal or uniform noise, as well as random projection method do not provide worst case guarantee. Second, the proposed method combines the favorable features of additive perturbation and orthogonal transform methods. It uses principal component analysis to decorrelate the data and thus guards against attacks based on data correlations. It then adds Laplace noise to guard against attacks that can recover the PCA transform. Third, the proposed method improves accuracy of one of the popular distance-based classification algorithms: K-nearest neighbor classification, by taking into account the degree of distance distortion introduced by sanitization. Extensive experiments demonstrate the effectiveness of the proposed method.     

A survey of RFID privacy approaches

A bewildering number of proposals have offered solutions to the privacy problems inherent in RFID communication. This article tries to give an overview of the currently discussed approaches and their attributes.

无线传感器网络中的隐私保护研究

随着无线传感器网络的广泛应用,安全问题发生变化,通信安全成为重要的一部分,隐私保护日渐重要。首先分析了无线传感器网络的通信安全特点、通信安全的需求、面临的保密性威胁及攻击模型。最后,基于对无线传感器网络隐私保护问题的分析和评述,指出了今后该领域的研究方向。