ABSTRACT
Online social networks (OSNs) facilitate many third-party applications (TPAs) that offer users additional functionality and services. However, they also pose serious user privacy risk as current OSNs provide little control over disclosure of user data to TPAs. Addressing the privacy and security issues related to TPAs (and the underlying social networking platforms) requires solutions beyond a simple all-or-nothing strategy. In this paper, we outline an access control framework that provides users flexible controls over how TPAs can access user data and activities in OSNs while still retaining the functionality of TPAs. The proposed framework specifically allows TPAs to utilize some private data without actually transmitting this data to TPAs. Our approach determines access from TPAs based on user-specified policies in terms of relationships between the user and the application.
- Facebook platform. http://developers.facebook.com/.Google Scholar
- Opensocial. http://opensocial.org/.Google Scholar
- P. Anthonysamy, A. Rashid, J. Walkerdine, P. Greenwood, and G. Larkou. Collaborative privacy management for third-party applications in online social networks. In Proceedings of the 1st Workshop on Privacy and Security in Online Social Media, 2012. Google ScholarDigital Library
- A. Besmer, H. R. Lipford, M. Shehab, and G. Cheek. Social applications: exploring a more secure framework. In Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS '09, 2009. Google ScholarDigital Library
- B. Carminati, E. Ferrari, and A. Perego. Enforcing access control in web-based social networks. ACM Trans. Inf. Syst. Secur., 13(1), 2009. Google ScholarDigital Library
- Y. Cheng, J. Park, and R. Sandhu. Relationship-based access control for online social networks: Beyond user-to-user relationships. In Proceddings of the 4th IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT), 2012. Google ScholarDigital Library
- Y. Cheng, J. Park, and R. Sandhu. A user-to-user relationship-based access control model for online social networks. In Proceedings of the 26th IFIP Annual WG 11.3 Conference on Data and Application Security and Privacy (DBSec '12), 2012. Google ScholarDigital Library
- M. Egele, A. Moser, C. Kruegel, and E. Kirda. Pox: Protecting users from malicious facebook applications. Computer Communications, 35(12), 2012. Google ScholarDigital Library
- A. Felt and D. Evans. Privacy protection for social networking apis. In Proc. of Workshop on Web 2.0 Security and Privacy (W2SP '08), 2008.Google Scholar
- P. W. Fong. Relationship-based access control: protection model and policy language. In Proceedings of the first ACM conference on Data and application security and privacy, 2011. Google ScholarDigital Library
- C. E. Gates. Access control requirements for web 2.0 security and privacy. In Proc. of Workshop on Web 2.0 Security and Privacy (W2SP '07), 2007.Google Scholar
- M. M. Lucas and N. Borisov. Flybynight: mitigating the privacy risks of social networking. In Proceedings of the 7th ACM workshop on Privacy in the electronic society, WPES '08, 2008. Google ScholarDigital Library
- M. Shehab, A. Squicciarini, and G.-J. Ahn. Beyond user-to-user access control for online social networks. In L. Chen, M. Ryan, and G. Wang, editors, Information and Communications Security, volume 5308 of Lecture Notes in Computer Science. Springer Berlin / Heidelberg, 2008. Google ScholarDigital Library
- K. Singh, S. Bhola, and W. Lee. xbook: redesigning privacy control in social networking platforms. In Proceedings of the 18th conference on USENIX security symposium, SSYM'09, 2009. Google ScholarDigital Library
- B. Viswanath, E. Kiciman, and S. Saroiu. Keeping information safe from social networking apps. In Proceedings of the 2012 ACM Workshop on online social networks, WOSN '12, 2012. Google ScholarDigital Library
Index Terms
- Preserving user privacy from third-party applications in online social networks
Recommendations
Collaborative privacy management for third-party applications in online social networks
PSOSM '12: Proceedings of the 1st Workshop on Privacy and Security in Online Social MediaPrivacy control mechanisms for online social networks (OSNs) offer little by way of managing access to a user's personal information by third-party applications (TPAs). Most OSNs provide an "accept all or nothing" mechanism for managing permissions from ...
Do online social network friends still threaten my privacy?
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacyA user's online social network (OSN) friends commonly share information on their OSN profiles that might also characterize the user him-/herself. Therefore, OSN friends are potentially jeopardizing users' privacy. Previous studies demonstrated that ...
A Trust-Based Privacy-Preserving Friend Recommendation Scheme for Online Social Networks
Online social networks (OSNs), which attract thousands of million people to use everyday, greatly extend OSN users' social circles by friend recommendations. OSN users' existing social relationship can be characterized as 1-hop trust relationship, and ...
Comments