Number of co-authors:14
Number of publications with 3 favourite co-authors:Gorrell Cheek:2Arif Ghafoor:2Hakim Touati:1
Mohamed Shehab's 3 most productive colleagues in number of publications:Arif Ghafoor:16Heather Richter Li..:13Andrew Besmer:6
The worst misstep one can make in design is to solve the wrong problem.
-- John Carroll, Cited by Malcolm McCullough in Digital Ground, 2004
Read the fascinating history of Wearable Computing, told by its father, Steve Mann
Read Steve's chapter !
Our Latest Books
Kumar and Herger 2013: Gamification at Work: Designing Engaging Business Software...
by Janaki Mythily Kumar and Mario Herger
Whitworth and Ahmad 2013: The Social Design of Technical Systems: Building technologies for communities...
by Brian Whitworth and Adnan Ahmad
Soegaard and Dam 2013: The Encyclopedia of Human-Computer Interaction, 2nd Ed....
by Mads Soegaard and Rikke Friis Dam
Publications by Mohamed Shehab (bibliography)
Shehab, Mohamed, Marouf, Said and Hudel, Christopher (2011): ROAuth: recommendation based open authorization. In: Proceedings of the 2011 Symposium on Usable Privacy and Security 2011. p. 11.
Many major online platforms such as Facebook, Google, and Twitter, provide an open Application Programming Interface which allows third party applications to access user resources. The Open Authorization protocol (OAuth) was introduced as a secure and efficient method for authorizing third party applications without releasing a user's access credentials. However, OAuth implementations don't provide the necessary fine-grained access control, nor any recommendations vis-a-vis which access control decisions are most appropriate. We propose an extension to the OAuth 2.0 authorization that enables the provisioning of fine-grained authorization recommendations to users when granting permissions to third party applications. We propose a mechanism that computes permission ratings based on a multi-criteria recommendation model which utilizes previous user decisions, and application requests to enhance the privacy of the overall site's user population. We implemented our proposed OAuth extension as a browser extension that allows users to easily configure their privacy settings at application installation time, provides recommendations on requested privacy attributes, and collects data regarding user decisions. Experiments on the collected data indicate that the proposed framework efficiently enhanced the user awareness and privacy related to third party application authorizations.
© All rights reserved Shehab et al. and/or ACM Press
Shehab, Mohamed, Cheek, Gorrell, Touati, Hakim, Squicciarini, Anna C. and Cheng, Pau-Chen (2010): Learning based access control in online social networks. In: Proceedings of the 2010 International Conference on the World Wide Web 2010. pp. 1179-1180.
Online social networking sites are experiencing tremendous user growth with hundreds of millions of active users. As a result, there is a tremendous amount of user profile data online, e.g., name, birthdate, etc. Protecting this data is a challenge. The task of access policy composition is a tedious and confusing effort for the average user having hundreds of friends. We propose an approach that assists users in composing and managing their access control policies. Our approach is based on a supervised learning mechanism that leverages user provided example policy settings as training sets to build classifiers that are the basis for auto-generated policies. Furthermore, we provide mechanisms to enable users to fuse policy decisions that are provided by their friends or others in the social network. These policies then regulate access to user profile objects. We implemented our approach and, through extensive experimentation, prove the accuracy of our proposed mechanisms.
© All rights reserved Shehab et al. and/or their publisher
Squicciarini, Anna Cinzia, Shehab, Mohamed and Paci, Federica (2009): Collective privacy management in social networks. In: Proceedings of the 2009 International Conference on the World Wide Web 2009. pp. 521-530.
Social Networking is one of the major technological phenomena of the Web 2.0, with hundreds of millions of people participating. Social networks enable a form of self expression for users, and help them to socialize and share content with other users. In spite of the fact that content sharing represents one of the prominent features of existing Social Network sites, Social Networks yet do not support any mechanism for collaborative management of privacy settings for shared content. In this paper, we model the problem of collaborative enforcement of privacy policies on shared data by using game theory. In particular, we propose a solution that offers automated ways to share images based on an extended notion of content ownership. Building upon the Clarke-Tax mechanism, we describe a simple mechanism that promotes truthfulness, and that rewards users who promote co-ownership. We integrate our design with inference techniques that free the users from the burden of manually selecting privacy preferences for each picture. To the best of our knowledge this is the first time such a protection mechanism for Social Networking has been proposed. In the paper, we also show a proof-of-concept application, which we implemented in the context of Facebook, one of today's most popular social networks. We show that supporting these type of solutions is not also feasible, but can be implemented through a minimal increase in overhead to end-users.
© All rights reserved Squicciarini et al. and/or ACM Press
Besmer, Andrew, Lipford, Heather Richter, Shehab, Mohamed and Cheek, Gorrell (2009): Social applications: exploring a more secure framework. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 2.
Online social network sites, such as MySpace, Facebook and others have grown rapidly, with hundreds of millions of active users. A new feature on many sites is social applications -- applications and services written by third party developers that provide additional functionality linked to a user's profile. However, current application platforms put users at risk by permitting the disclosure of large amounts of personal information to these applications and their developers. This paper formally abstracts and defines the current access control model applied to these applications, and builds on it to create a more secure framework. We do so in the interest of preserving as much of the current architecture as possible, while seeking to provide a practical balance between security and privacy needs of the users, and the needs of the applications to access users' information. We present a user study of our interface design for setting a user-to-application policy. Our results indicate that the model and interface work for users who are more concerned with their privacy, but we still need to explore alternate means of creating policies for those who are less concerned.
© All rights reserved Besmer et al. and/or ACM Press
Shehab, Mohamed, Bhattacharya, Kamal and Ghafoor, Arif (2007): Web services discovery in secure collaboration environments. In ACM Trans. Internet Techn., 8 (1) .
Bhatti, Rafae, Shafiq, Basit, Shehab, Mohamed and Ghafoor, Arif (2005): Distributed Access Management in Multimedia IDCs. In IEEE Computer, 38 (9) pp. 60-69.
Show list on your website
Join the design elite and advance:
Changes to this page (author)05 Apr 2012: Modified03 Nov 2010: Modified
08 Sep 2009: Modified
18 Aug 2009: Modified
09 Jul 2009: Modified
01 Jun 2009: Added
Page maintainer: The Editorial Team