Pauline Anthonysamy

Social Networking Privacy: Understanding the Disconnect from Policy to Controls

A proposed method for mapping privacy policy statements to privacy controls can help providers improve data management transparency, thereby increasing user trust.

A Method for Analysing Traceability between Privacy Policies and Privacy Controls of Online Social Networks

Privacy management in online social networks OSNs is a major concern. However, the complexity of privacy policies and the plethora of privacy controls make it very difficult to assess whether the controls adequately implement the intended policies. This paper proposes a method to assess the degree of traceability between privacy policies and privacy controls in OSNs. The resulting analysis enables one to pinpoint key privacy management gaps that must be plugged. The method can be utilised by privacy watchdogs, user rights groups as well as OSNs themselves to assess the effectiveness of privacy measures.

Inferring Semantic Mapping Between Policies and Code: The Clue is in the Language

A common misstep in the development of security and privacy solutions is the failure to keep the demands resulting from high-level policies in line with the actual implementation that is supposed to operationalize those policies. This is especially problematic in the domain of social networks, where software typically predates policies and then evolves alongside its user base and any changes in policies that arise from their interactions with and the demands that they place on the system. Our contribution targets this specific problem, drawing together the assurances actually presented to users in the form of policies and the large codebases with which developers work. We demonstrate that a mapping between policies and code can be inferred from the semantics of the natural language. These semantics manifest not only in the policy statements but also coding conventions. Our technique, implemented in a tool CASTOR, can infer semantic mappings with F1 accuracy of 70i?ź% and 78i?ź% for two social networks, Diaspora and Friendica respectively --- as compared with a ground truth mapping established through manual examination of the policies and code.

Software engineering for privacy in-the-large

There will be an estimated 35 zettabytes (35 × 1021) of digital records worldwide by the year 2020. This effectively amounts to privacy management on an ultra-large-scale. In this briefing, we discuss the privacy challenges posed by such an ultra-large-scale ecosystem - we term this “Privacy in the Large”. We will contrast existing approaches to privacy management, reflect on their strengths and limitations in this regard and outline key software engineering research and practice challenges to be addressed in the future.

Taming Unbounded Variability in Service Engineering

Service Engineering has appeared as a paradigm where businesses can easily collaborate and take advantage of services provided by other organizations or third-party entities for efficient delivery of software-solutions. Although the open-ended landscape of service engineering provides high degrees of flexibility, it also leads to extreme diversity in terms of service development environments, service configuration mechanisms, etc. The number of service variants that arise from such diversity can increase tremendously and potentially can be unbounded. In this paper, we highlight the challenges arising from unbounded variability and present a vision of how it may be tamed without compromising the flexibility afforded by the open-ended nature of service engineering.