research-article

Simplifying Data Disclosure Configurations in a Cloud Computing Environment

Authors:

Ron Hirschprung,

Oded MaimonAuthors Info & Claims

ACM Transactions on Intelligent Systems and Technology (TIST), Volume 6, Issue 3

Article No.: 32, Pages 1 - 26

https://doi.org/10.1145/2700472

Published: 30 April 2015 Publication History

Abstract

Cloud computing offers a compelling vision of computation, enabling an unprecedented level of data distribution and sharing. Beyond improving the computing infrastructure, cloud computing enables a higher level of interoperability between information systems, simplifying tasks such as sharing documents between coworkers or enabling collaboration between an organization and its suppliers. While these abilities may result in significant benefits to users and organizations, they also present privacy challenges due to unwanted exposure of sensitive information. As information-sharing processes in cloud computing are complex and domain specific, configuring these processes can be an overwhelming and burdensome task for users. This article investigates the feasibility of configuring sharing processes through a small and representative set of canonical configuration options. For this purpose, we present a generic method, named SCON-UP (Simplified CON-figuration of User Preferences). SCON-UP simplifies configuration interfaces by using a clustering algorithm that analyzes a massive set of sharing preferences and condenses them into a small number of discrete disclosure levels. Thus, the user is provided with a usable configuration model while guaranteeing adequate privacy control. We describe the algorithm and empirically evaluate our model using data collected in two user studies (n = 121 and n = 352). Our results show that when provided with three canonical configuration options, on average, 82% of the population can be covered by at least one option. We exemplify the feasibility of discretizing sharing levels and discuss the tradeoff between coverage and simplicity in discrete configuration options.

References

[1]

Alessandro Acquisti. 2004. Privacy in electronic commerce and the economics of immediate gratification. In Proceedings of the 5th ACM Conference on Electronic Commerce. ACM. 21--29.

Digital Library

[2]

Michael Armbrust, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy Katz, Andy Konwinski, Gunho Lee, David A. Patterson, Ariel Rabkin, Ion Stoica, and Matei Zaharia. 2009. Above the clouds: A Berkeley view of cloud computing. UC Berkeley Reliable Adaptive Distributed Systems Laboratory. Vols. Rep. UCB/EECS, 28, 13. Dept. Electrical Eng. and Comput. Sciences, University of California, Berkeley.

[3]

Kenneth J. Arrow. 1951. Social Choice and Individual Values. Cowles Foundation.

[4]

Bettina Berendt, Oliver Günther, and Sarah Spiekermann. 2005. Privacy in e-commerce: Stated preferences vs. actual behavior. Communications of the ACM 48 (4), 101--106.

Digital Library

[5]

Margaret Betzel. 2005. Privacy law developments in California. Vol. 2, ISJLP 831. HEINONLINE.

[6]

John S. Breese, David Heckerman, and Carl Kadie. 1998. Empirical analysis of predictive algorithms for collaborative filtering. In Proceedings of the 14th Conference on Uncertainty in Artificial Intelligence. Morgan Kaufmann Publishers. 43--52.

Digital Library

[7]

Alexander Chernev. 2003. When more is less and less is more: The role of ideal point availability and assortment in consumer choice. Journal of Consumer Research 30 (2), 170--183.

[8]

Louis Columbus. 2011. Predicting Cloud Computing Adoption Rates. A Passion for Research (blog), Focusing on CRM, cloud computing, ERP and enterprise software. Retrieved from www.softwarestrategiesblog.com.

[9]

Lorrie Faith Cranor. 2003. Designing a privacy preference specification interface: A case study. In Proceedings of the Workshop on Human-Computer Interaction and Security Systems. ACM, New York, NY.

[10]

Justin Cranshaw, Jonathan Mugan, and Norman Sadeh. 2011. User-controllable learning of location privacy policies with Gaussian mixture models. In Proceedings of the 25th AAAI Conference on Artificial Intelligence.

[11]

Ralph Gross and Alessandro Acquisti. 2005. Information revelation and privacy in online social networks. In Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society. ACM. 71--80.

Digital Library

[12]

Robert H. Guttman, Alexandros G. Moukas, and Pattie Maes. 2000. Agent-mediated electronic commerce: A survey. Knowledge Engineering Review 13 (02), 147--159.

Digital Library

[13]

Will Hill, Larry Stead, Mark Rosenstein, and George Furnas. 1995. Recommending and evaluating choices in a virtual community of use. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM/Addison-Wesley, 194--201.

Digital Library

[14]

Iulia Ion, Niharika Sachdeva, Ponnurangam Kumaraguru, and Srdjan Capkun. 2011. Home is safer than the cloud&excl; Privacy concerns for consumer cloud storage. In Proceedings of the 7th Symposium on Usable Privacy and Security. ACM. 13.

Digital Library

[15]

Eric J. Johnson, Steven Bellman, and Gerald L. Lohse. 2002. Defaults, framing and privacy: Why opting in-opting out. Marketing Letters 13 (1), 5--15.

[16]

Eric Johnson and Daniel Goldstein. 2003. Do defaults save lives&quest; SCIENCE. 302, 1338--1339.

[17]

Balachander Krishnamurthy and Craig E. Wills. 2008. Characterizing privacy in online social networks. The 1st Workshop on Online Social Networks. ACM. 37--42.

Digital Library

[18]

Ponnurangam Kumaraguru and Lorrie Faith Cranor. 2005. Privacy Indexes: A Survey of Westin's Studies. Institute for Software Research International, School of Computer Science, Carnegie Mellon University.

[19]

John Kupersmith. 2012. Library Terms That Users Understand (Findings from the 51 Usability Studies). UC Berkeley Library. http://lgdata.s3-website-us-east-1.amazonaws.com/docs/35/427304/LibraryJargonStudy.pdf.

[20]

Kevin Lewis, Jason Kaufman, and Nicholas Christakis. 2008. The taste for privacy: An analysis of college student privacy settings in an online social network. Journal of Computer-Mediated Communication 14 (1), 79--100.

[21]

Michelle Madejski, Maritza Johnson, and Steven M. Bellovin. 2012. A study of privacy settings errors in an online social network. Pervasive Computing and Communications Workshops (PERCOM Workshops). IEEE. 340--345.

[22]

Michelle Madejskiy, Maritza Johnson, and Steven M. Bellovin. 2011. The Failure of Online Social Network Privacy Settings. Columbia University.

[23]

Craig R. M. McKenzie, Michael J. Liersch, and Stacey R. Finkelstein. 2006. Recommendations implicit in policy defaults. Psychological Science 17 (5), 414--420.

[24]

Deng Neng, Chen B. Jeng, Wei-Po Lee, and Cheng-Hung Chuang. 2008. An agent-based model for consumer-to-business electronic commerce. Expert Systems with Applications 34 (1), 469--481.

Digital Library

[25]

Helen Nissenbau. 2004. Privacy as contextual integrity. Washington Law Review 79, 119.

[26]

Helen Nissenbaum. 2011. A contextual approach to privacy online. Daedalus 140 (4), 32--48.

[27]

OECD. 2013. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Retrieved from http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm.

[28]

David L. Olson, Helen M. Moshkovich, R. Schellentmger, and Alexander I. Mechitov. 1995. Consistency and accuracy in decision aids: Experiments with four multiattribute systems. Deckion Sciences 26 (6), 723--747.

[29]

Judith S. Olson, Jonathan Grudin, and Eric Horvitz. 2005. A study of preferences for sharing and privacy. In CHI’05 Extended Abstracts on Human Factors in Computing Systems (April 2005). ACM. 1985--1988.

Digital Library

[30]

Antti Oulasvirta, Janne P. Hukkinen, and Barry Schwartz. 2009. When more is less: The paradox of choice in search engine use. In Proceedings of the 32nd International ACM SIGIR Conference on Research and Development in Information Retrieval. ACM. 516--523.

Digital Library

[31]

Leysia Paled. 1999. Social, individual & technological issues for groupware calendar systems. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM. 17--24.

Digital Library

[32]

Christy Pettey and Rob van der Meulen. 2010. Gartner highlights key predictions for IT organizations and users in 2010 and beyond. Gratner, Newsroom. Retrieved from www.gartner.com/newsroom/id/1278413.

[33]

PRWeb. 2012. Gartner Predict Cloud Computing Spending to Increase by 100&percnt; in 2016. PRWeb, London, UK.

[34]

Lara Quijano-Sanches, Juan A. Recio-Garcia, and Belen Diaz-Agudo. 2013. Social factors in group recommender systems. ACM Transactions on Intelligent Systems and Technology (TIST) 4 (1), 8.

Digital Library

[35]

Ramprasad Ravichandran, Michael Benisch, Patrick Gage Kelley, and Norman M. Sadeh. 2009. Capturing social networking privacy preferences. In Privacy Enhancing Technologies. Springer, Berlin. 1--18.

Digital Library

[36]

Joel Ross, Lilly Irani, M. Six Silberman, Andrew Zaldivar, and Bill Tomlinson. 2010. Who are the crowdworkers&quest; Shifting demographics in Mechanical Turk. In CHI 2010. ACM.

Digital Library

[37]

Barry Schawarts. 2004. The Paradox of Choices - Why More Is Less. Ecco, New York, NY.

[38]

Amartya Sen. 1999. The possibility of social choice. The American Economic Review 89 (3), 349--378.

[39]

David J. Sheskin. 2003. Handbook of Parametric and Nonparametric Statistical Procedures. CRC Press.

[40]

Eran Toch. 2014. Crowdsourcing privacy preferences in context-aware applications. Personal and Ubiquitous Computing 18 (1), 129--141.

Digital Library

[41]

Eran Toch, Norman M. Sadeh, and Jason Hong. 2010. Generating default privacy policies for online social networks. In CHI’10 Extended Abstracts on Human Factors in Computing Systems. ACM. 4243--4248.

Digital Library

[42]

Shari Trewin. 2000. Configuration agents, control and privacy. In Proceedings of the 2000 Conference on Universal Usability. ACM. 9--16.

Digital Library

[43]

Alan F. Westin. 2003. Social and political dimensions of privacy. Journal of Social Issues 59 (2), 431--453.

[44]

Shomir Wilson, Justin Cranshaw, Norman Sadeh, Alessandro Acquisti, Lorrie Faith Cranor, Jay Springfield, Sae Young Jeong, and Arun Balasubramanian. 2013. Privacy manipulation and acclimation in a location sharing application. In Proceedings of the 2013 ACM International Joint Conference on Pervasive and Ubiquitous Computing. ACM. 549--558.

Digital Library

[45]

Jierui Xie, Bart Piet Knijnenburg, and Hongxia Jin. 2014. Location sharing privacy preference: Analysis and personalized recommendation. In Proceedings of the 19th International Conference on Intelligent User Interfaces on Intelligent User Interfaces. ACM. 189--198.

Digital Library

[46]

Jie Zhang and Robin Cohen. 2013. A framework for trust modeling in multiagent electronic marketplaces with buying advisors to consider varying seller behavior and the limiting of seller bids. ACM Transactions on Intelligent Systems and Technology (TIST) 4 (2), 24.

Digital Library

Cited By

Hirschprung RKlein MMaimon O(2022)Harnessing Soft Logic to Represent the Privacy ParadoxInformatics10.3390/informatics90300549:3(54)Online publication date: 18-Jul-2022
https://doi.org/10.3390/informatics9030054
Duan X(2019)Research on abnormal data detection method of web browser in cloud computing environmentCluster Computing10.1007/s10586-017-1221-922:1(1229-1238)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1007/s10586-017-1221-9
Hirschprung RToch ESchwartz-Chassidim HMendel TMaimon O(2017)Analyzing and Optimizing Access Control Choice Architectures in Online Social NetworksACM Transactions on Intelligent Systems and Technology10.1145/30466768:4(1-22)Online publication date: 11-May-2017
https://dl.acm.org/doi/10.1145/3046676
Show More Cited By

Index Terms

Simplifying Data Disclosure Configurations in a Cloud Computing Environment

Recommendations

Policing as a Service in the Cloud
EIDWT '13: Proceedings of the 2013 Fourth International Conference on Emerging Intelligent Data and Web Technologies

Security and Privacy are fundamental concerns in cloud computing both in terms of legal complications and user trust. Cloud computing is a new computing paradigm, aiming to provide reliable, customized, and guaranteed computing dynamic environment for ...
Privacy Preservation of a Group and Secure Data Storage in Cloud Environment

AbstractCloud computing has become a victorious archetype for data storage, as well as for computation purposes. Greater than ever it concerns user's privacy, so that data security in a cloud is increasing day by day. Ensuring security and privacy for ...
Privacy-preserving data sharing in cloud computing

Storing and sharing databases in the cloud of computers raise serious concern of individual privacy. We consider two kinds of privacy risk: presence leakage, by which the attackers can explicitly identify individuals in (or not in) the database, and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Intelligent Systems and Technology

ACM Transactions on Intelligent Systems and Technology Volume 6, Issue 3

Survey Paper, Regular Papers and Special Section on Participatory Sensing and Crowd Intelligence

May 2015

319 pages

ISSN:2157-6904

EISSN:2157-6912

DOI:10.1145/2764959

Editor:
Huan Liu
Arizona State University, USA

Issue’s Table of Contents

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 April 2015

Accepted: 01 September 2014

Revised: 01 October 2013

Received: 01 August 2013

Published in TIST Volume 6, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
419
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hirschprung RKlein MMaimon O(2022)Harnessing Soft Logic to Represent the Privacy ParadoxInformatics10.3390/informatics90300549:3(54)Online publication date: 18-Jul-2022
https://doi.org/10.3390/informatics9030054
Duan X(2019)Research on abnormal data detection method of web browser in cloud computing environmentCluster Computing10.1007/s10586-017-1221-922:1(1229-1238)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1007/s10586-017-1221-9
Hirschprung RToch ESchwartz-Chassidim HMendel TMaimon O(2017)Analyzing and Optimizing Access Control Choice Architectures in Online Social NetworksACM Transactions on Intelligent Systems and Technology10.1145/30466768:4(1-22)Online publication date: 11-May-2017
https://dl.acm.org/doi/10.1145/3046676
Such JCriado N(2016)Resolving Multi-Party Privacy Conflicts in Social MediaIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2016.253916528:7(1851-1863)Online publication date: 1-Jul-2016
https://doi.org/10.1109/TKDE.2016.2539165

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents