PRESERVING PRIVACY IN SOCIAL NETWORKING SYSTEMS: POLICY-BASED CONTROL AND ANONYMITY by

Social Networking Systems (SNSs), such as Facebook, are complex information systems involving a huge number of active entities that provide and consume enormous amounts of information. Such information can be mainly attributed to the users of SNSs and hence, can be considered privacy-sensitive. Therefore, in contrast to traditional systems where access control is governed by system policies, enabling individual users to specify their privacy control policies becomes a natural requirement. The intricate semantic relationships among data objects, users, and between data objects and users further add to the complexity of privacy control needs. Moreover, there is immense interest in studying social network data that is collected by SNSs for various research purposes. Anonymization is a solution to preserve user privacy in this case. However, anonymizing social network datasets effectively and efficiently is a much more challenging task than anonymizing tabular datasets due to the connectedness of the users in a social network graph. In this dissertation, we propose approaches and methods that facilitate preserving user privacy in terms of providing both fine-grained control of information and utility-preserving anonymization. In particular, we propose an ontology-based privacy control framework that enables fine-grained specification and enforcement of privacy control policies by both users and SNS providers. Our framework allows an SNS provider to determine privacy control policy authorities for SNS information, and allows users to specify advanced policies, that in addition to fine-grained policy specification, enables sharing of authority over protected resources. Based on such an ontology-based foundation, we also propose a framework to iii support novel privacy policy analysis tasks in SNSs. Furthermore, we propose a framework to enhance anonymization algorithms for social network datasets in terms of preserving their structural properties without sacrificing privacy requirements set for the algorithms. The proposed approaches direct the behavior of anonymization algorithms based on concepts in social network theory. We evaluate our proposed methods and approaches by implementing a prototype of the privacy control framework, carrying out a policy analysis case study for a real-world SNS, and performing an extensive set of experiments on improving social network anonymization in terms of preserving data utility. ix PREFACE I would like to acknowledge the help and support of many that made conducting this research and concluding my dissertation possible. I am grateful to my PhD advisor, Dr. provided me great career advice and support including Dr. happy and productive working environment with me during these years. I …