Hongxin Hu
Gail-Joon Ahn
ABSTRACT
We have seen tremendous growth in online social networks (OSNs) in recent years. These OSNs not only offer attractive means for virtual social interactions and information sharing, but also raise a number of security and privacy issues. Although OSNs allow a single user to govern access to her/his data, they currently do not provide any mechanism to enforce privacy concerns over data associated with multiple users, remaining privacy violations largely unresolved and leading to the potential disclosure of information that at least one user intended to keep private. In this paper, we propose an approach to enable collaborative privacy management of shared data in OSNs. In particular, we provide a systematic mechanism to identify and resolve privacy conflicts for collaborative data sharing. Our conflict resolution indicates a tradeoff between privacy protection and data sharing by quantifying privacy risk and sharing loss. We also discuss a proof-of-concept prototype implementation of our approach as part of an application in Facebook and provide system evaluation and usability study of our methodology.
- Facebook Places. http://www.facebook.com/places/.Google Scholar
- Facebook Privacy Policy. http://www.facebook.com/policy.php/.Google Scholar
- Facebook Statistics. http://http://www.facebook.com/press/info.php?statistics.Google Scholar
- Google+ Privacy Policy. http://http://www.google.com/intl/en/+/policy/.Google Scholar
- The Google+ Project. https://plus.google.com.Google Scholar
- J. Becker and H. Chen. Measuring privacy risk in online social networks. In Proceedings of the 2009 Workshop on Web, volume 2. Citeseer.Google Scholar
- A. Besmer and H. Richter Lipford. Moving beyond untagging: Photo privacy in a tagged world. In Proceedings of the 28th international conference on Human factors in computing systems, pages 1563--1572. ACM, 2010. Google ScholarDigital Library
- J. Brickell and V. Shmatikov. The cost of privacy: destruction of data-mining utility in anonymized data publishing. In Proceeding of the 14th ACM SIGKDD, pages 70--78. ACM, 2008. Google ScholarDigital Library
- B. Carminati, E. Ferrari, and A. Perego. Rule-based access control for social networks. In On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops, pages 1734--1744. Springer, 2006. Google ScholarDigital Library
- B. Carminati, E. Ferrari, and A. Perego. Enforcing access control in web-based social networks. ACM Transactions on Information and System Security (TISSEC), 13(1):1--38, 2009. Google ScholarDigital Library
- E. Carrie. Access Control Requirements for Web 2.0 Security and Privacy. In Proc. of Workshop on Web 2.0 Security & Privacy (W2SP). Citeseer, 2007.Google Scholar
- P. Fong. Relationship-Based Access Control: Protection Model and Policy Language. In Proceedings of the First ACM Conference on Data and Application Security and Privacy. ACM, 2011. Google ScholarDigital Library
- P. Fong, M. Anwar, and Z. Zhao. A privacy preservation model for facebook-style social network systems. In Proceedings of the 14th European conference on Research in computer security, pages 303--320. Springer-Verlag, 2009. Google ScholarDigital Library
- J. Golbeck. Computing and applying trust in web-based social networks. Ph.D. thesis, University of Maryland at College Park College Park, MD, USA. 2005. Google ScholarDigital Library
- H. Hu and G. Ahn. Multiparty authorization framework for data sharing in online social networks. In Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy, DBSec'11, pages 29--43. Springer, 2011. Google ScholarDigital Library
- H. Hu, G. Ahn, and K. Kulkarni. Anomaly discovery and resolution in web access control policies. In Proceedings of the 16th ACM symposium on Access control models and technologies, pages 165--174. ACM, 2011. Google ScholarDigital Library
- S. Kruk, S. Grzonkowski, A. Gzella, T. Woroniecki, and H. Choi. D-FOAF: Distributed identity management with access rights delegation. The Semantic Web-ASWC 2006, pages 140--154, 2006. Google ScholarDigital Library
- A. Lampinen, V. Lehtinen, A. Lehmuskallio, and S. Tamminen. We're in it together: interpersonal management of disclosure in social network services. In Proceedings of the 2011 annual conference on Human factors in computing systems, pages 3217--3226. ACM, 2011. Google ScholarDigital Library
- T. Li and N. Li. On the tradeoff between privacy and utility in data publishing. In Proceedings of the 15th ACM SIGKDD, pages 517--526. ACM, 2009. Google ScholarDigital Library
- K. Liu and E. Terzi. A framework for computing the privacy scores of users in online social networks. ACM Transactions on Knowledge Discovery from Data (TKDD), 5(1):6, 2010. Google ScholarDigital Library
- M. Madejski, M. Johnson, and S. Bellovin. The Failure of Online Social Network Privacy Settings. Technical Report CUCS-010-11, Columbia University, NY, USA. 2011.Google Scholar
- A. Squicciarini, M. Shehab, and F. Paci. Collective privacy management in social networks. In Proceedings of the 18th international conference on World wide web, pages 521--530. ACM, 2009. Google ScholarDigital Library
- N. Talukder, M. Ouzzani, A. Elmagarmid, H. Elmeleegy, and M. Yakout. Privometer: Privacy protection in social networks. In Proceedings of 26th International Conference on Data Engineering Workshops (ICDEW), pages 266--269. IEEE, 2010.Google ScholarCross Ref
- K. Thomas, C. Grier, and D. Nicol. unFriendly: Multi-party Privacy Risks in Social Networks. In Privacy Enhancing Technologies, pages 236--252. Springer, 2010. Google ScholarDigital Library
- G. Wondracek, T. Holz, E. Kirda, and C. Kruegel. A practical attack to de-anonymize social network users. In 2010 IEEE Symposium on Security and Privacy, pages 223--238. IEEE, 2010. Google ScholarDigital Library
- E. Zheleva and L. Getoor. To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In Proceedings of the 18th international conference on World wide web, pages 531--540. ACM, 2009. Google ScholarDigital Library
Index Terms
- Detecting and resolving privacy conflicts for collaborative data sharing in online social networks
Recommendations
Privacy-preserving data sharing in cloud computing
Storing and sharing databases in the cloud of computers raise serious concern of individual privacy. We consider two kinds of privacy risk: presence leakage, by which the attackers can explicitly identify individuals in (or not in) the database, and ...
Collaborative privacy management: mobile privacy beyond your own devices
SPME '14: Proceedings of the ACM MobiCom workshop on Security and privacy in mobile environmentsAs the development of mobile devices and applications, mobile privacy has become a very important issue. Current researches on mobile privacy mainly focus on potential leakages on a particular device. However, leakage of sensitive data on a mobile ...
Privacy protection in data sharing: towards feedback based solutions
ICEGOV '14: Proceedings of the 8th International Conference on Theory and Practice of Electronic GovernanceSharing data is gaining importance in recent years due to proliferation of social media and a growing tendency of governments to gain citizens' trust through being transparent. Data dissemination, however, increases chance of compromising privacy ...
Comments