compliance monitoring of third party applicatjons in
play

Compliance Monitoring of Third-Party Applicatjons in Online Social - PowerPoint PPT Presentation

Jan 17, 2024 •357 likes •1.2k views

Compliance Monitoring of Third-Party Applicatjons in Online Social Networks Florian Kelbert, Imperial College London Alexander Fromm, Technical University of Munich Problem Problem How to ensure that data is used in correspondence with

  1. Compliance Monitoring of Third-Party Applicatjons in Online Social Networks Florian Kelbert, Imperial College London Alexander Fromm, Technical University of Munich

  6. Problem

  7. Problem How to ensure that data is used in correspondence with policies?

  8. Problem How to ensure that data is used in correspondence with policies?

  9. Problem How to ensure that data is used in correspondence with policies?

  10. Problem How to ensure that data is used in correspondence with policies?

  11. Problem How to ensure that data is used in correspondence with policies?

  12. Problem How to ensure that data is used in correspondence with policies? “You may cache the content for up to 24 hours”

  13. Problem How to ensure that data is used in correspondence with policies? “You may cache the content for up to 24 hours” “Only use friend data in the person’s experience in your app”

  14. Problem How to ensure that data is used in correspondence with policies? “You may cache the content for up to 24 hours” “Only use friend data in the person’s experience in your app” “You may not disclose confidential information to a third party without the prior explicit consent of Tumblr.”

  15. To start with ...

  16. To start with ... Social Networks are trusted

  17. To start with ... Social Networks are trusted

  18. To start with ... Social Networks are trusted Third Party Applications are not

  19. To start with ... Social Networks are trusted Third Party Applications are not Thousands of apps and developers

  20. Overview

  21. Overview User Data OSN Operator (trusted)

  22. Overview User Data OSN Operator (trusted)

  23. Overview User Data 1. Policy Provisioning Policy Database OSN Operator (trusted)

  24. Overview Applications (untrusted) User Data 1. Policy Provisioning Policy Database OSN Operator (trusted)

  25. Overview Applications (untrusted) User Data 1. Policy Provisioning PaaS / SEE (trusted) Policy Database PaaS Provider (trusted) OSN Operator (trusted)

  26. Overview Applications (untrusted) User Data Libraries 1. Policy Provisioning PaaS / SEE (trusted) Policy Database PaaS Provider (trusted) OSN Operator (trusted)

  27. Overview Applications (untrusted) User Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) Policy Database PaaS Provider (trusted) OSN Operator (trusted)

  28. Overview Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) Policy Database PaaS Provider (trusted) OSN Operator (trusted)

  29. Overview Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request Policy Database Coordinator PaaS Provider (trusted) OSN Operator (trusted)

  30. Overview Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies Policy Database Coordinator PaaS Provider (trusted) OSN Operator (trusted)

  31. Overview Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies Policy 5. Policies Database Coordinator PaaS Provider (trusted) OSN Operator (trusted)

  32. Overview Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies Policy 5. Policies Database Coordinator Decision Engine PaaS Provider (trusted) OSN Operator (trusted)

  33. Overview Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies Policy 5. Policies Database 6. deployPolicy Coordinator Decision Engine PaaS Provider (trusted) OSN Operator (trusted)

  34. Overview 7. Request Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies Policy 5. Policies Database 6. deployPolicy Coordinator Decision Engine PaaS Provider (trusted) OSN Operator (trusted)

  35. Overview 7. Request 8. Response Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies Policy 5. Policies Database 6. deployPolicy Coordinator Decision Engine PaaS Provider (trusted) OSN Operator (trusted)

  36. Overview 7. Request 8. Response Applications (untrusted) User 2. Request Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies 9. Response Policy 5. Policies Database 6. deployPolicy Coordinator Decision Engine PaaS Provider (trusted) OSN Operator (trusted)

  37. Overview 7. Request 8. Response Applications (untrusted) User 2. Request 10. Response Data Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies 9. Response Policy 5. Policies Database 6. deployPolicy Coordinator Decision Engine PaaS Provider (trusted) OSN Operator (trusted)

  38. Overview 7. Request 8. Response Applications (untrusted) User 2. Request 10. Response Data Continuous policy evaluation Libraries Monitor 1. Policy Provisioning PaaS / SEE (trusted) 3. Request 4. getPolicies 9. Response Policy 5. Policies Database 6. deployPolicy Coordinator Decision Engine PaaS Provider (trusted) OSN Operator (trusted)

  39. Some details follow ...

  40. Some details follow ... Policy Provisioning

  41. Some details follow ... Policy Provisioning

  42. Some details follow ... Policy Provisioning

  43. Policy Provisioning

  44. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date”

  45. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” →

  46. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours”

  47. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours” →

  48. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours” → Event: Condition: Action:

  49. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours” → Event: process(data) Condition: Action:

  50. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours” → Event: process(data) Condition: Action: <inhibit>

  51. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours” → Event: process(data) Condition: not(repmin(24[hours], 1, receive(data))) Action: <inhibit>

  52. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours” Complex LTL formulas: → ● propositional ● temporal ● cardinal Event: process(data) ● spatial constraints Condition: not(repmin(24[hours], 1, receive(data))) Action: <inhibit>

  53. Policy Provisioning “If you cache data you receive from us, [. . . ] keep it up to date” → “Whenever some data is processed by the application, then it must have been received from the OSN within the last 24 hours” Complex LTL formulas: → ● propositional ● temporal ● cardinal Event: process(data) ● spatial constraints Condition: not(repmin(24[hours], 1, receive(data))) Action: <inhibit>

  54. Some details follow ... Policy Provisioning Application Deployment

  55. Some details follow ... Policy Provisioning Application Deployment

  56. Some details follow ... Policy Provisioning Application Deployment

  57. Applicatjon Deployment

  58. Applicatjon Deployment Analysis of binary app to find

  59. Applicatjon Deployment Analysis of binary app to find Data sources e.g., retrieve from OSN

  60. Applicatjon Deployment Analysis of binary app to find Data sources e.g., retrieve from OSN Data sinks e.g., data usage/sharing

  61. Applicatjon Deployment Analysis of binary app to find Data sources e.g., retrieve from OSN Data sinks e.g., data usage/sharing Dependencies between them

Recommend

A competitive advantage for your company through Third Party Monitoring ODIS THIRD PARTY

A competitive advantage for your company through Third Party Monitoring ODIS THIRD PARTY

A competitive advantage for your company through Third Party Monitoring ODIS THIRD PARTY (CONTRACT) MANAGEMENT (TPM) Index Introduction Complexity, governance and risk Past, Present and Future, where are you in the evolution?

295 views • 15 slides
THIRD PARTY COMPLIANCE IN INDIA Red Flags, Cultural Hurdles &amp; Emerging Best Practices Manish

THIRD PARTY COMPLIANCE IN INDIA Red Flags, Cultural Hurdles &amp; Emerging Best Practices Manish

Dun &amp; Bradstreet presents: THIRD PARTY COMPLIANCE IN INDIA Red Flags, Cultural Hurdles &amp; Emerging Best Practices Manish Sinha Managing Director India Satyajit Nandi Abhay Bhat Senior Manager, Third Party Compliance Head, Legal

334 views • 10 slides
BBH Grants Monitoring &amp; Compliance Brandy Byrnside, Director, Compliance Division Lewisburg,

BBH Grants Monitoring &amp; Compliance Brandy Byrnside, Director, Compliance Division Lewisburg,

BBH Grants Monitoring &amp; Compliance Brandy Byrnside, Director, Compliance Division Lewisburg, WV September 18, 2019 What is Grants Monitoring &amp; Compliance? Adopting and consistently applying systematic procedures to assure: that

439 views • 19 slides
Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done Party!!!!!! Party!!!!!! Curling Orientation Party!!!!!! Party!!!!!! Party!!!!!! National day parade Airport picking-uping Party!!!!!!

1.18k views • 69 slides
SECURITY. RISKS. COMPLIANCE. How Can Third Party Assurance Help Your Business Drive

SECURITY. RISKS. COMPLIANCE. How Can Third Party Assurance Help Your Business Drive

SECURITY. RISKS. COMPLIANCE. How Can Third Party Assurance Help Your Business Drive Efficiencies and Build Market Trust? IIA/ISACA Chicago Hacking Conference October 28, 2019 BDO USA, LLP, a Delaware limited liability partnership, is the U.S.

153 views • 13 slides
Regulation update Monitoring and Compliance 2016 Statement of Compliance Evidence required

Regulation update Monitoring and Compliance 2016 Statement of Compliance Evidence required

Regulation update Monitoring and Compliance 2016 Statement of Compliance Evidence required for Conditions: A6 Risk management A7, B3 Event management and notification A1.3 Activity in Wales I3.1 Certificate design

340 views • 17 slides
C. KBL Post-Fire Hydrogeological Assessment of Site Third party review of the fire monitoring

C. KBL Post-Fire Hydrogeological Assessment of Site Third party review of the fire monitoring

innovative environmental solutions I Post-Fire Water Quality I Monitoring at Solid Waste Disposal Facilities C. KBL Post-Fire Hydrogeological Assessment of Site Third party review of the fire monitoring data (Beckingham Hay River Landfill

550 views • 9 slides
Monitoring for Compliance Murray Darling A Basin Scale Solution Association AGM October 2019

Monitoring for Compliance Murray Darling A Basin Scale Solution Association AGM October 2019

Monitoring for Compliance Murray Darling A Basin Scale Solution Association AGM October 2019 Current compliance monitoring approach Fragmented no consistent approach Puts onus on irrigators &amp; farmers Huge up front &amp;

477 views • 13 slides
C. KBL Background Third Party Consultant review of historical groundwater monitoring data and

C. KBL Background Third Party Consultant review of historical groundwater monitoring data and

innovative environmental solutions I Groundwater Monitoring Network I Design at the SWDF C. KBL Background Third Party Consultant review of historical groundwater monitoring data and recommendations. Review included an in depth review of:

614 views • 10 slides
The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why

The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why

The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why a Mobile Application Code? Extend the NAI compliance program into the mobile application space Provide extra flexibility for this rapidly

319 views • 18 slides
Implementing a Consistent and Efficient Third-Party Due Diligence Process Practical insight into

Implementing a Consistent and Efficient Third-Party Due Diligence Process Practical insight into

Implementing a Consistent and Efficient Third-Party Due Diligence Process Practical insight into technology deployment and review to ensure ongoing compliance Paul Hommes Risk &amp; Compliance Specialist LexisNexis June 2016 Agenda

466 views • 43 slides
FCPA Compliance: Third-Party Due Diligence Minimizing Corruption Risks When Using Foreign Agents,

FCPA Compliance: Third-Party Due Diligence Minimizing Corruption Risks When Using Foreign Agents,

Presenting a live 90-minute webinar with interactive Q&amp;A FCPA Compliance: Third-Party Due Diligence Minimizing Corruption Risks When Using Foreign Agents, Distributors and Other Intermediaries WEDNESDAY, JANUARY 16, 2013 1pm Eastern |

720 views • 59 slides
Whats on the Horizon? Accountability, Compliance &amp; Monitoring will have some changes based

Whats on the Horizon? Accountability, Compliance &amp; Monitoring will have some changes based

Whats on the Horizon? Accountability, Compliance &amp; Monitoring will have some changes based on mandates under Senate Bill 1, Rider 70 Texas 83 rd Legislative Session, 2013 Impl plem emen entation tion of of St Stan and Al Alone Specia

286 views • 5 slides
Compliance

Compliance

20/03/17 Compliance Workshop 1 - 2017 Identification of clients, Complicate structures, Risk assessment &amp; monitoring of transactions www.cfa.org.cy

657 views • 44 slides
Compliance Monitoring and Enforcement Program Annual Report Ed Kichline, Senior Counsel and

Compliance Monitoring and Enforcement Program Annual Report Ed Kichline, Senior Counsel and

Agenda Item 3 Compliance Monitoring and Enforcement Program Annual Report Ed Kichline, Senior Counsel and Director of Enforcement Oversight Steven Noess, Director of Regulatory Programs Compliance Committee Meeting February 5, 2020 RELI ABI

256 views • 22 slides
Third Party Compliance Model Records Management Plan Review NRS PRSA Stakeholder Forum 25 th

Third Party Compliance Model Records Management Plan Review NRS PRSA Stakeholder Forum 25 th

Third Party Compliance Model Records Management Plan Review NRS PRSA Stakeholder Forum 25 th August 2018 Heather Jack Talk topics Background Obligations, resources and guidance Themes and issues to explore Addressing issues,

415 views • 6 slides
Compliance Tracking T ool Activity Entry and Progress Monitoring November 2012 1 Login

Compliance Tracking T ool Activity Entry and Progress Monitoring November 2012 1 Login

Compliance Tracking T ool Activity Entry and Progress Monitoring November 2012 1 Login Add an Activity Progress Monitoring Verify Correction of Noncompliance 2 Compliance Tracking T ool Address

747 views • 36 slides
Communication campaign: medicines under additional monitoring Patients and Consumers

Communication campaign: medicines under additional monitoring Patients and Consumers

Communication campaign: medicines under additional monitoring Patients and Consumers Working Party / Healthcare Professionals Working Party joint meeting, 25 September 2013 Presented by: Christopher Gadd, Communication An agency of the

891 views • 15 slides
Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan

Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan

Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan Evaluation Section, Pharmacovigilance and Special Access Branch Why does RMP compliance matter? RMPs aim to ensure that the benefits of a

732 views • 22 slides
monitoring and compliance problems January, 2019 1 Introdu oduct ctions ons: Silicon

monitoring and compliance problems January, 2019 1 Introdu oduct ctions ons: Silicon

Cost-effective solutions to Chelan Countys short-term rental monitoring and compliance problems January, 2019 1 Introdu oduct ctions ons: Silicon Valley based technology company Only provider of short-term rental compliance

730 views • 24 slides
CALGA QUARRY CURRENT SITE OPERATIONS May 2019 Compliance Conducted annual environmental

CALGA QUARRY CURRENT SITE OPERATIONS May 2019 Compliance Conducted annual environmental

CALGA QUARRY CURRENT SITE OPERATIONS May 2019 Compliance Conducted annual environmental monitoring (Cumberland Ecology) report available for access on the business website. Conducted quarterly compliance noise monitoring no

154 views • 3 slides
MONITORING WEATHER AND CLIMATE FROM SPACE EUMETSAT Third-party Data Services Simon Elliott

MONITORING WEATHER AND CLIMATE FROM SPACE EUMETSAT Third-party Data Services Simon Elliott

MONITORING WEATHER AND CLIMATE FROM SPACE EUMETSAT Third-party Data Services Simon Elliott Third-party Data Services Team Leader EUMETSAT simon.elliott@eumetsat.int Third-party data services at EUMETSAT EUMETSAT makes use of existing

299 views • 17 slides
Third-Party DKIM Policy IETF 70 Transparent and Flexible Policy Compliance Douglas Otis

Third-Party DKIM Policy IETF 70 Transparent and Flexible Policy Compliance Douglas Otis

Third-Party DKIM Policy IETF 70 Transparent and Flexible Policy Compliance Douglas Otis Doug_Otis@trendmicro.com http://www.ietf.org/internet-drafts/draft-otis-dkim-tpa-ssp-02.txt SSP is based only upon the From header SSP assertions

364 views • 8 slides
Brokering Techniques for Managing Three- Tier Applicatjons in Distributed Cloud Computjng

Brokering Techniques for Managing Three- Tier Applicatjons in Distributed Cloud Computjng

Brokering Techniques for Managing Three- Tier Applicatjons in Distributed Cloud Computjng Environments Nikolay Grozev Supervisor: Prof. Rajkumar Buyya 7 th October 2015 PhD Completjon Seminar 1 2 3 Cloud Computjng Cloud computjng ...

979 views • 58 slides

More recommend