A Policy Based Infrastructure for Social Data Access with Privacy Guarantees

We present a policy based infrastructure for social data access with the goal of enabling scientific research, while preserving privacy. We describe motivating application scenarios that could be enabled with the growing number of user datasets such as social networks, medical datasets etc. These datasets contain sensitive user information and sufficient caution must be exercised while sharing them with third parties to prevent privacy leaks. One of the goals of our framework is to allow users to control how their data is used, while at the same time enabling the aggregate data to be used for scientific research. We extend existing access control languages to explicitly model user intent in data sharing as well as supporting additional access modes that go beyond the traditional allow/deny binary semantics of access control. We describe our policy infrastructure and show how it can be used to enable the above scenarios while still guaranteeing individual privacy and present a prototype implementation of the framework extending the SecPAL authorization language to account for new roles and operations.