1 / 36

Design Extensions to Google+

This presentation by Nikhil Komawar addresses the imperative need for privacy and security within social networks, particularly Google+. It introduces the Community-Oriented Privacy System (COPS), which allows users to maintain privacy through customizable communities. The outline includes motivation behind COPS, implementation details utilizing OAuth and Selenium, challenges faced, and future work. The presentation emphasizes the importance of preventing accidental disclosure of sensitive information and raising awareness of privacy expectations in overlapping online communities.

colby-moon
Télécharger la présentation

Design Extensions to Google+

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Design Extensions to Google+ CS6204 Privacy and Security Virginia Tech -Nikhil Komawar Dec 7, 2011

  2. Outline • Motivation • Introduction • Implementation • Overall Picture • Challenges • Summary (Impact) • Future work

  3. Outline • Motivation • Introduction • Implementation • Overall Picture • Challenges • Summary (Impact) • Future work

  4. Motivation • COPS: Privacy is the main concern in amongst individuals which form overlapping communities. • Accidental disclosure of sensitive information • Lack of awareness of privacy expectations • Whether a disclosure meets privacy expectations • Can there be a system which will allow us to do these things transparently? • The domain of social networks have communities: Subscriptions in FB, Circles in Google+ - a good place to implement this idea!

  5. Outline • Motivation • Introduction • Implementation • Overall Picture • Challenges • Summary (Impact) • Future work

  6. Community Oriented Privacy System (COPS) CommunityA Community B A1 B1 A2 A1,B1 A2,B1

  7. Circles Concept in Google+ Charlie’s circle C Alice’s circle A Community Charlie’s post Alice’s post Bob’s circle B Bob’s post

  8. Outline • Motivation • Introduction • Implementation • Overall Picture • Challenges • Summary (Impact) • Future work

  9. Walkthrough of the semester • Some explorations for possible implementation: • Directly using the exposed APIs by Google for plus.google.com domain. • How a browser renders the HTML – putting a handle inside the browser? • Use some HTML parsing libraries which come with Open Source browsers

  10. Overview of the System • Taking input from the users for creating the condensed community. • Parsing of the HTML elements. • Autonomous agents running on individual machines communicating with each other. • Preventing possible breach – account login information is needed by the agent.

  11. Anatomy of the implementation • (Final Selection of components) • OAuth (OAuth2) for authenticating the agent without exposing credentials. • Selenium – backbone of the implementation! • Pythonbased GUI(Tkinter) • Socket communication using python • Firebug for looking at the source code of the google+ webpage

  12. OAuth protocol Auth Req Client Resource Owner Auth Grant Credential Req Authorization Server Access Token Access Token Resource Server Protected Resource

  13. Reference - http://code.google.com/p/google-api-python-client/wiki/HowAuthenticationWorks OAuth protocol Flow Credentials Storage Object storing the steps to obtain credentials Key used for Auth Storing key for retrieval

  14. OAuth protocol • At a basic level, the process is as follows: • Your application requests access and gets an unauthorized request token from Google's authorization server. • Google asks the user to grant you access to the required data. • Your application gets an authorized request token from the authorization server. • You exchange the authorized request token for an access token. • You use the access token to request data from Google's service access servers.

  15. Some OAuth2 code used

  16. As a result…

  17. And …

  18. Selenium • A firefox plug-in which is used for automated testing for websites • Also, a standalone library - can be used to operate on different browsers like Chrome, IE • Can perform the following actions: • Navigation • Locating elements • Perform actions • Remote use

  19. Reference: Selenium Python Bindings Documentation, Release 2.3 by Selenium Project Team Selenium contd… • Navigation • Moving between windows and frames • driver.switch_to_window(“docs.google.com") • Pop up handling • alert = driver.switch_to_alert() • History and location • driver.forward() • driver.back() • Locating elements • element = driver.find_element_by_id(“Circles") • We can also locate by name, Xpath, class, link text • Cookies • Drag and Drop (Driver is the handle on the browser)

  20. Selenium contd… • Perform actions • We have seen some navigation actions • Also drag and drop • elem.send_keys(“COPS") // circle name as COPS • A few other like handling exceptions, alerts, etc. • Remote use • A server which enables to use multiple browsers at the same time (Chrome, FF, IE) • Send the script to be run on the remote server

  21. Study of page source code

  22. Source for “add new person” class in the HTML

  23. Some Selenium code

  24. Some Selenium code

  25. GUI

  26. Outline • Motivation • Introduction • Implementation • OverallPicture • Challenges • Summary (Impact) • Future work

  27. What has been achieved? An interface to independently interact with the Google+ interface • Although, integrating with the website – would be first preference, • alternately, a more feasible research prototype giving us flexibility as well would be: • An agent independent with the website • GUI for the input and prompts • Alternate login method without exposing the credentials • Flexibility to extend the features :- • Possibility to use the same for other web rendered utilities

  28. Outline • Motivation • Introduction • Implementation • Overall Picture • Challenges • Summary (Impact) • Future work

  29. Some roadblocks… • Initial approach to use the google+ APIs unsuccessful: • Limited APIs available • Do not have write provisions • Access to only the public information • Does not provide all the desired functionalities. • With the fast development phase code could fail to run in the changed environment with the desired performance • One language/platform which makes all the functionalities available. • Robustness within the system – some implementation details need: • Ability to handle corner cases like exceptions, client down, retry, etc.

  30. Outline • Motivation • Introduction • Implementation • Overall Picture • Challenges • Summary • Future work

  31. Impact • Theoretical foundations of the COPS concept in the social networks can be supported by this prototype system. • This can serve us as a model to implement the COPS concept in the other collaboration tools. • Provide some reusable code like GUI, OAuth2 library integration. • Understanding the behavior of the browser to render the website.

  32. Outline • Motivation • Introduction • Implementation • Overall Picture • Challenges • Summary • Future work

  33. Possible enhancements … • GUI based handle on all elements of the system. • Robustness:- • Cases for exception handling. • Communication channel amongst all running agents. • Storage module to keep the COPS related information. • Ability to scale the interface to a larger group of people.

  34. Communication code (to be modified further) …

  35. Communication code (to be modified further) … Client code Server code

  36. Thank You! Q&A

More Related