research-article

Preserving user privacy from third-party applications in online social networks

Authors:
Yuan Cheng

University of Texas at San Antonio, San Antonio, TX, USA

University of Texas at San Antonio, San Antonio, TX, USA
View Profile

,
Jaehong Park

University of Texas at San Antonio, San Antonio, TX, USA

University of Texas at San Antonio, San Antonio, TX, USA
View Profile

,
Ravi Sandhu

University of Texas at San Antonio, San Antonio, TX, USA

University of Texas at San Antonio, San Antonio, TX, USA
View Profile

WWW '13 Companion: Proceedings of the 22nd International Conference on World Wide WebMay 2013Pages 723–728https://doi.org/10.1145/2487788.2488032

Published:13 May 2013Publication History

WWW '13 Companion: Proceedings of the 22nd International Conference on World Wide Web

Pages 723–728

ABSTRACT

Online social networks (OSNs) facilitate many third-party applications (TPAs) that offer users additional functionality and services. However, they also pose serious user privacy risk as current OSNs provide little control over disclosure of user data to TPAs. Addressing the privacy and security issues related to TPAs (and the underlying social networking platforms) requires solutions beyond a simple all-or-nothing strategy. In this paper, we outline an access control framework that provides users flexible controls over how TPAs can access user data and activities in OSNs while still retaining the functionality of TPAs. The proposed framework specifically allows TPAs to utilize some private data without actually transmitting this data to TPAs. Our approach determines access from TPAs based on user-specified policies in terms of relationships between the user and the application.

References

Facebook platform. http://developers.facebook.com/.Google Scholar
Opensocial. http://opensocial.org/.Google Scholar
P. Anthonysamy, A. Rashid, J. Walkerdine, P. Greenwood, and G. Larkou. Collaborative privacy management for third-party applications in online social networks. In Proceedings of the 1st Workshop on Privacy and Security in Online Social Media, 2012. Google ScholarDigital Library
A. Besmer, H. R. Lipford, M. Shehab, and G. Cheek. Social applications: exploring a more secure framework. In Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS '09, 2009. Google ScholarDigital Library
B. Carminati, E. Ferrari, and A. Perego. Enforcing access control in web-based social networks. ACM Trans. Inf. Syst. Secur., 13(1), 2009. Google ScholarDigital Library
Y. Cheng, J. Park, and R. Sandhu. Relationship-based access control for online social networks: Beyond user-to-user relationships. In Proceddings of the 4th IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT), 2012. Google ScholarDigital Library
Y. Cheng, J. Park, and R. Sandhu. A user-to-user relationship-based access control model for online social networks. In Proceedings of the 26th IFIP Annual WG 11.3 Conference on Data and Application Security and Privacy (DBSec '12), 2012. Google ScholarDigital Library
M. Egele, A. Moser, C. Kruegel, and E. Kirda. Pox: Protecting users from malicious facebook applications. Computer Communications, 35(12), 2012. Google ScholarDigital Library
A. Felt and D. Evans. Privacy protection for social networking apis. In Proc. of Workshop on Web 2.0 Security and Privacy (W2SP '08), 2008.Google Scholar
P. W. Fong. Relationship-based access control: protection model and policy language. In Proceedings of the first ACM conference on Data and application security and privacy, 2011. Google ScholarDigital Library
C. E. Gates. Access control requirements for web 2.0 security and privacy. In Proc. of Workshop on Web 2.0 Security and Privacy (W2SP '07), 2007.Google Scholar
M. M. Lucas and N. Borisov. Flybynight: mitigating the privacy risks of social networking. In Proceedings of the 7th ACM workshop on Privacy in the electronic society, WPES '08, 2008. Google ScholarDigital Library
M. Shehab, A. Squicciarini, and G.-J. Ahn. Beyond user-to-user access control for online social networks. In L. Chen, M. Ryan, and G. Wang, editors, Information and Communications Security, volume 5308 of Lecture Notes in Computer Science. Springer Berlin / Heidelberg, 2008. Google ScholarDigital Library
K. Singh, S. Bhola, and W. Lee. xbook: redesigning privacy control in social networking platforms. In Proceedings of the 18th conference on USENIX security symposium, SSYM'09, 2009. Google ScholarDigital Library
B. Viswanath, E. Kiciman, and S. Saroiu. Keeping information safe from social networking apps. In Proceedings of the 2012 ACM Workshop on online social networks, WOSN '12, 2012. Google ScholarDigital Library

Index Terms

Preserving user privacy from third-party applications in online social networks
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Collaborative privacy management for third-party applications in online social networks
PSOSM '12: Proceedings of the 1st Workshop on Privacy and Security in Online Social Media

Privacy control mechanisms for online social networks (OSNs) offer little by way of managing access to a user's personal information by third-party applications (TPAs). Most OSNs provide an "accept all or nothing" mechanism for managing permissions from ...
Read More
Do online social network friends still threaten my privacy?
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

A user's online social network (OSN) friends commonly share information on their OSN profiles that might also characterize the user him-/herself. Therefore, OSN friends are potentially jeopardizing users' privacy. Previous studies demonstrated that ...
Read More
A Trust-Based Privacy-Preserving Friend Recommendation Scheme for Online Social Networks
Online social networks (OSNs), which attract thousands of million people to use everyday, greatly extend OSN users' social circles by friend recommendations. OSN users' existing social relationship can be characterized as 1-hop trust relationship, and ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
WWW '13 Companion: Proceedings of the 22nd International Conference on World Wide Web
May 2013
1636 pages
ISBN:9781450320382
DOI:10.1145/2487788
General Chairs:
Daniel Schwabe
PUC-Rio - Brazil
,
Virgílio Almeida
UFMG - Brazil
,
Hartmut Glaser
CGI.br - Brazil
,
Program Chairs:
Ricardo Baeza-Yates
Yahoo! Labs - Spain & Chile
,
Sue Moon
KAIST - South Korea
Copyright © 2013 Copyright is held by the International World Wide Web Conference Committee (IW3C2).
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 13 May 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
online social networks
privacy
social applications
Qualifiers
- research-article
Conference

Acceptance Rates
WWW '13 Companion Paper Acceptance Rate831of1,250submissions,66%Overall Acceptance Rate1,899of8,196submissions,23%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 23
  Total Citations
  View Citations
- 544
  Total Downloads
- Downloads (Last 12 months)21
- Downloads (Last 6 weeks)3
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Preserving user privacy from third-party applications in online social networks

WWW '13 Companion: Proceedings of the 22nd International Conference on World Wide Web

ABSTRACT

References

Cited By

Index Terms

Recommendations

Collaborative privacy management for third-party applications in online social networks

Do online social network friends still threaten my privacy?

A Trust-Based Privacy-Preserving Friend Recommendation Scheme for Online Social Networks