BIO: Elena Ferrari
TITLE: Full professor of Computer Science at the University of Insubria, Italy, where she heads the Database & Web Security Group
ACADEMIC DEGREES: MS and PhD in Computer Science from the University of Milano
CAREER HIGHLIGHTS: Dr. Elena Ferrari has served as Program Chair of the 4th ACM Symposium on Access Control Models and Technologies (SACMAT'04), Software Demonstration Chair of the 9th International Conference on Extending Database Technology (EDBT'04), Co-Chair of the third IFIP WG 11.11 International Conference on Trust Management, the first and second ACM SIGKDD International Workshop on Privacy, Security, and Trust in KDD, the first COMPSAC'02 Workshop on Web Security and Semantic Web, the first ECOOP Workshop on XML and Object Technology (XOT 2000), and the first ECOOP Workshop on Object-oriented Databases. She has also served as Program Committee member of several international conferences and workshops. She is a senior member of IEEE.
CS ACTIVITIES: Editorial Board member IEEE Transactions on Knowledge and Data Engineering
Improving Security & Privacy in Social Networks
An interview with Elena Ferrari
Dick Price: Today we’re talking with Elena Ferrari, Professor of Computer Science at Italy’s University of Insubria. You’ve been awarded the IEEE Computer Society’s 2009 Technical Achievement Award, “For pioneering contributions to Secure Data Management.” Tell us a little bit about the work that when into this award.
Elena Ferrari: I’m really happy about this award, because it’s recognition for my group and my research. I consider it a starting point. It gives me more energy for doing what I really like, which is the research.
The award has been given for my research on data and web security. “Security” means several different things. It’s a broad concept, and I mainly work at the data and application level.
I started working on relational databases and relational data, then moved to the web when the web began. I developed the first comprehensive system for securing large amounts of data and web data in general. Then I moved to social networks, and to security and privacy for social networks, which is now my main research topic.
DP: What are the issues with social media security?
EF: Especially for social networks, there is a strong issue with respect to the privacy of social network users. I’m not working on privacy preserving the privacy of users offline. I am working on preserving privacy online during the normal use of the social network.
When you go on a social network, if you share a picture or post a message on the wall, you can be in trouble with your privacy, because you can leave your personal data on the social network. I’m working on that.
With my research group, I’m trying to find user-friendly solutions. One big problem in today’s social networks is that average social network users do not understand even the simple privacy settings that current social networks provide.
So, we are trying to provide more expressive protection mechanisms and also make them usable for average web users. Users have to understand the implications of their actions in the social network and the risk of disclosing their personal data. If you understand how you can benefit from disclosing your data, you can make a choice on your own. That’s my focus now.
DP: How are you approaching this problem of making social networks secure, yet usable by regular people?
EF: My vision is that we have to change the architecture of the social network. Social networks today are managed by very big companies and organizations, which are in charge of managing the data. That is a lot of responsibility.
I would like to go for a more decentralized solution, where the user can locally manage usable data and can use the services of the social network for some kinds of activities but not all the activities.
It’s important to move from a central server, which you have to fully trust, to a decentralized architecture where a user can locally manage usable data and call in privacy policies on how that data should be shared.
I’m just at the beginning. I have no solution at the moment, but I think that it’s the right direction. We have to completely reengineer the way we protect data. We cannot apply the techniques we have typically used for protecting data—let’s say in a relational database—because a social network is a completely different story. We have to change our mind, and then to change the technological solutions that we provide to users.
DP: Where are social networks headed?
EF: I think that the future will be geo social networks—the combination of social networks with smart phones and mobile device that track your location, for example. The challenges for privacy are more and more interesting there, and more and more difficult to solve. You have the social network directory that could use all your social relationships. Then you have your smart phone that keeps track of your position.
If you cross these two kinds of information, you can have very interesting knowledge about those sociological phenomenon or economical phenomenon. But you also have big privacy issues.
DP: How did you get where you are in your career?
EF: I got my Ph.D from the University of Milano working in the database and security group. I came to the U.S. several times during my Ph.D. as a visiting researcher. That was very important for my career, for seeing another way of doing research and for exchanging the new ideas with other people.
I entered into the Ph.D. program because it’s very creative. It’s not true that computer science is only about the formulas and logic, and things like that. You have the freedom to develop technological solutions from which people can really benefit.
I like this freedom, and I think that being in the university gives you this kind of opportunity.
DP: Computer science is a heavily male-dominated world. How did you navigate?
EF: The group where I did my Ph.D. was chaired by Elisa Bertino, and the majority of the people in the group were female. When we went to conferences and to workshops around the world, people were very, very surprised, because typically it’s a male job.
My mom was not very happy when I told her that I wanted to study computer science. She preferred a more female-oriented profession.
But I’m very happy. I don’t see any big issue in studying computer science. I like that you have the freedom of doing whatever you want. If you have good results, you have the freedom to do research in whatever subject you want.
Now my mom is very happy. She’s very proud now of me, yes. Before she wanted me to be a lawyer.
DP: Why did you choose to study social networks?
EF: When we were the first on working on them in 2005, nobody was working on social networks. We had this intuition that social network were the future. An important point of my work is that I usually try to balance different things. My research tries to give more sophisticated tools and more protection to users. But efficiency is also very important. If you develop a very nice tool that takes ten minutes to understand, that is completely useless.
An important point of my work is this tradeoff between scalability, efficiency, and specificity of the solutions you are developing.
DP: Who was most influential in getting you started in your career?
EF: Elisa Bertino was the most influential person during my career. She taught me to love this work and not to give up. If you are convinced of your idea, you should work very hard, but don’t give up.
It’s important to have good intuitions, good ideas, but this is not enough. You have to work hard on developing all the technical details. Having an intuition is important, but is only 20 percent of the story. Elisa taught me this. So work hard and develop all the technical details of your solution. So I have to thank her for that.
DP: What advice can you give new people entering the field you have chosen?
EF: It’s not an easy career to be on. There is a strong competition. It’s difficult to get accepted by a good conference or to a good transaction.
You have to work hard and you have to be focused. At the beginning you have to devote the majority of your time to research. You cannot do it part time, because you need time to think about the problem. That’s my suggestion: Be focused, be convinced of your ideas, but be also flexible.
It’s important to be convinced of the ideas that you have, but you have also to listen to others, and to try to learn from them, and also be able to change your mind if you are going in the wrong direction.
It’s also very important to go abroad, to visit other universities all over the world. That gives you an opportunity to learn other ways of doing research and to share your knowledge and your background with other people.
In my case, I went to George Mason for a summer, during my Ph.D., visiting Professor Sushil Jajodia and working on access control. And then I was at the National University at Singapore, visiting another important group. I tried to open my mind and to visit other universities and other institutions.
I also recommend taking an interdisciplinary approach. Consider, for instance, privacy in social networks. Working only on the technological side is not enough. There is also the legal aspect that should work together with the computer science. You cannot develop a technological solution that can be applied without considering the legal aspects.
DP: What do you hope to accomplish in the next five years?
EF: I hope to find a general solution for privacy preserving in datamining. I am convinced that the solution is not to keep the data in the databases of big companies and big organizations, but rather to safely release the data to all the institutions interested in doing data mining on that data, but in a privacy-preserving way.
Up to now we have many techniques for privacy preserving, but no general solution. The solutions we have work only for specific kind of data, for specific kind of environments, having specific assumptions on the type of queries you are doing. I hope that in the five years we will come out with a powerful general solution for privacy-preserving datamining.
- Sumi Helal: Mobile and Pervasive Computing
- Nur A Touba: Design and Test Research
- Deborah Cooper: Reaching the Under-Represented
- George Cybenko: Dorothy and Walter Gramm Professor of Engineering at Dartmouth College
- Sorel Reisman: Technology and Teaching
- Susan K. (Kathy) Land: Software Process Improvement
- Sajal Das: An interview with Sajal Das
- Don Shafer: Complex Control Systems
- Natalia Juristo: Mastering Experimental Software
- Nigel Shadbolt: Huge Amounts of Connectivity
- Shmuel Shottan: A Passion for What You Do
- Elena Ferrari: Improving Security & Privacy in Social Networks
- Harold Javid: Developing Global Understanding
- Dawn Song: MacArthur Award for Computer Security Specialist Dawn Song