I co-direct the ALPS lab (Albany Lab for Privacy Security) at the Department of Computer Science.

My research interests broadly cover information security, privacy, and trust. I am interested in developing theories and mechanisms to protect information in modern information systems such as social networking systems. I am also interested in privacy-preserving data sharing methods, and have developed an interest in social network analysis and network science. My more specific themes of research include:

Privacy Control in Social Networking Systems

Social Networking Systems (SNSs), such as Facebook, operate using various information resources related to their users, which are potentially privacy-sensitive. Protecting information in such an environment is challenging due to interconnected nature of information objects and users, and the fact that both users and the system should be able to specify authorization policies for data access. I study specification, enforcement, and analysis of privacy control policies in SNSs.
Ontology-based Social Network Access Control (OSNAC)
Related Publications:

Anonymizing Social Network Datasets

Study of social networks is growing in different domains such as academia, business, and even government, in order to identify interesting patterns at either the node or network levels. In many social network datasets, the exact identity of the involved people does not matter to the purpose of the study. Yet such datasets may carry sensitive information, and hence adequate measures should be in place to ensure protection against reidentification. Recent work in the literature has shown that structural patterns can assist in reidentification attacks on naively-anonymized social networks. Consequently, there have been proposals to anonymize networks in terms of structure to avoid such attacks. However, such methods usually introduce a large amount of distortion to the social network datasets, thus, raising serious questions about their utility for useful social network analysis. My research focuses on improving anonymization methods in terms of utility without sacrificing the privacy guarantees.
Preserving structural properties in anonymization of social networks
Related Publications:

Anonymizing Location-Rich Data

Many systems collect and leverage location information and movement traces today, ranging from search engines that retrieve results relevant to your location to SNSs for sharing for explicitly sharing your location such as Foursquare. However, your whereabouts can reveal a lot about you. An adversary may reidentify you in a location-rich dataset based on your location even if data is anonymized. Also, you may be tracked once your identity is exposed to an adversary. I have explored preserving user privacy in two areas: anonymizing location-based queries that are submitted to Location-Based Services (LBSs), and anonymizing datasets collected by GeoSocial Networking Systems (GSNSs). I propose safe notions of anonymity for LBSs unlike many approaches in the literature. I also propose notions of anonymity in geosocial networks based on not only a user's location but also the location of her friends.
Anonymizing Geosocial Networks Anonymous Location Based Services (LBSs)
Related Publications:

Access Control and Secure Interoperation in Modern Information Environments

Modern information environments introduce challenging requirements for security and privacy. With a group of my colleagues, we have explored security issues in multi-agent systems and have proposed an access control model to secure interactions among agents. I have also studied secure interoperation in multi-domain environments, and proposed a secure interoperation framework that guarantees enforcing time and separation of duty access constraints across domains. I have also studied modelling and enforcing privacy policies in corporate access control policies.
Role interaction Based Access Control Model
Related Publications: