Privacy in Social Networks - PowerPoint PPT Presentation

1 / 39
About This Presentation
Title:

Privacy in Social Networks

Description:

Leaving 'Friendprints': How Online Social Networks Are Redefining Privacy and ... No support for differentiating relationship 'closeness' ... – PowerPoint PPT presentation

Number of Views:102
Avg rating:3.0/5.0
Slides: 40
Provided by: brandon123
Category:

less

Transcript and Presenter's Notes

Title: Privacy in Social Networks


1
  • Privacy in Social Networks
  • CSCE 201

2
Reading
  • Dwyer, Hiltz, Passerini, Trust and privacy
    concern within social networking sites A
    comparison of Facebook and MySpace,
    http//csis.pace.edu/dwyer/research/DwyerAMCIS200
    7.pdf
  • Leaving 'Friendprints' How Online Social
    Networks Are Redefining Privacy and Personal
    Security, http//knowledge.wharton.upenn.edu/print
    er_friendly.cfm?articleid2262

3
Social Relationships
  • Communication context changes social
    relationships
  • Social relationships maintained through different
    media grow at different rates and to different
    depths
  • No clear consensus which media is the best

4
Internet and Social Relationships
  • Internet
  • Bridges distance at a low cost
  • New participants tend to like each other more
  • Less stressful than face-to-face meeting
  • People focus on communicating their selves
    (except a few malicious users)

5
Social Networks
  • Description of the social structure between
    actors
  • Connections various levels of social
    familiarities, e.g., from casual acquaintance to
    close familiar bonds
  • Support online interaction and content sharing
  • Current support for security is limited
  • Users often do not use existing security features

6
Current Social Networks
  • Access to personal data
  • Hard-coded into the system
  • Owners have system dependent access categories
  • Common Access Categories
  • Public
  • Group Membership
  • Friend
  • No support for differentiating relationship
    closeness
  • Friend connections must be symmetric, unlike
    reality

7
Social network analysis
  • The mapping and measuring of relationships and
    flows between people, groups, organizations,
    computers or other information/knowledge
    processing entities
  • The nodes in the network are the people and
    groups while the links show relationships or
    flows between the nodes

8
Security Privacy Issues
  • Malware exploiting social networks
  • Malicious banner ads
  • Adware
  • Phishing attacks
  • Customizable scripts
  • Facebooks attempt make visible relationship
    actions to entire social group
  • Everyone reading everyones shared information

9
Behavioral Profiling
  • SN users post personal information for friends,
    family, and the World
  • Data Mining applications ? pattern of behavior
  • Misuse of information
  • Identity thefts
  • Scam
  • Phishing
  • Etc.

10
Privacy?
  • SN and privacy issues in early research stage
  • Users tend to give out too much information
  • Privacy thresholds vary by individuals
  • What are the long term effects?

11
Users
  • April, 2009 139.8 million visitors (12 increase
    from March)
  • MySpace 71 million visitors
  • Facebook 67.5 million visitors
  • Twitter 17 million visitors
  • Risk of third party applications!
  • Facial recognition of friends of friends
  • Relationships
  • Targeted advertisement
  • Marketing tools

12
Privacy Policies
  • Difficult to understand
  • No one reads privacy policies
  • Voluntary release of personal data
  • Social Network Signatures
  • User names may change, family and friends are
    more difficult to change

13
Facebook or MySpace?
  • Online survey to evaluate privacy concerns and
    trust influence
  • Users are both site had similar privacy concerns
  • Facebook users had more trust in Facebook and
    were willing to share identifying information
    with the site than MySpace users
  • MySpace users had more experience to establish a
    new relationship via MySpace than Facebook users

14
What SN Users Can Do?
  • Current Data Protection Methods
  • Some systems support custom user groups
  • Special additional permissions or restrictions
    may be applied
  • Information visibility control is limited by the
    system.

15
Related Work
  • Access Control Models for Social Networks
  • Specify access rules based upon relationship
    type, relationship depth, and trust level
    (Carminati B., Ferrari E., and Perego A.
    Rule-Based Access Control for Social Networks.
    Proceedings OTM workshops, 2006)?
  • Generate access control rules from plain English
    rules the user specifies and the content itself
    (Hart M., Johnson R., and Stent A. More Content
    Less Control Access Control in the Web 2.0. Web
    2.0 Security Privacy, 2007)?

16
Related Work
  • Access Control Models for Social Networks
  • Relationship-based access control that uses the
    relationship between an accessing user and an
    owner to create access control rules (Gates C.
    (2007). Access control requirements for web 2.0
    security and privacy. Web 2.0 security privacy,
    2007)?

17
Limitations of Current Access Control Support
  • Current Social Network Access Limitations
  • Access control flexibility limited to predefined
    groups that contain explicit lists of users.
  • Current Academic Limitations
  • Require too much work on behalf of the end-user
  • Give insufficient details with regards to
    practicality

18
M.S. Thesis Contribution
  • Brandon Barkley, RBAC for SN
  • RBACSN (Role-Based Access Control for Social
    Networks)?
  • Theoretical Definition of RBACSN
  • Implementation of RBACSN

19
RBACSN Model
  • RBACSN is based on the ANSI INCITS 359-2004 RBAC
    Standard
  • Employs a modified limited role hierarchy to
    balance powerful functionality with ease of use
  • Does not employ role membership constraints

20
RBAC Core Model
  • Normally, a role is a job within an organization
  • A user is a member of the service who attempts to
    access information
  • A permission confers access to perform a specific
    operation on a specific set of objects
  • A role provides a gateway for linking the
    collection of users to the collection of
    permissions through user-role and role-permission
    assignment structures
  • One overarching set of roles for controlling
    access to the entire system

21
RBACSN Core Model
  • A role is a collection of users based upon
    arbitrary criteria defined by the role owner
  • Support for an anonymous user
  • A data owner creates and administers roles to
    govern access to the objects he owns

22
Role Hierarchies in RBAC
  • Partial Order
  • Reflexive
  • Transitive
  • Anti-Symmetric
  • General Hierarchy
  • No restrictions
  • Limited Hierarchy
  • Each role has only one parent

23
Role Hierarchies in RBACSN
  • Shares characteristics with limited hierarchies
    in the ANSI standard
  • Partial ordering of roles
  • Each role has only one parent
  • Additional constraint
  • There is one and only one role that has no parent
    forcing the hierarchy to form one complete tree

24
Role Membership in RBACSN
  • Direct assignment
  • Works exactly like assignment in RBAC
  • Indirect assignment
  • Can be based upon user attributes
  • Age
  • Gender
  • Favourite Music
  • Can be based upon a connection
  • User network membership
  • Friendship connection with owner
  • Consist of a non-empty set of conditions

25
Advantages of RBACSN
  • Models current social network security structures
  • Can be transparent to social network users or
    presented explicitly
  • Flexible role assignment mechanisms allow both
    very general and very specific roles
  • Allows rules to be created based upon any
    arbitrary attribute of a user

26
Implementation
  • Facebook Development Platform chosen over
    middle-ware
  • Conforms to the Facebook TOS
  • Provides an API to get useful information from
    the social network
  • Solution potentially usable by a real community
  • PHP4
  • Chosen because of support of official client
    library
  • Chosen instead of PHP5 because of increased
    server support
  • Only supports public methods

27
Implementation
  • Three layers
  • Model Classes
  • Support Classes
  • User Interface

28
Model Classes
  • Base Class
  • User Class
  • Role Class
  • UserAttribute Class
  • Permit Class
  • Datum Class

29
Support Classes
  • Database Class
  • ObjectCollection Class
  • Class Factory

30
User Interface
  • Role Management
  • Set Default Hierarchy
  • Facebook, Myspace, Minimum
  • Show Role Hierarchy
  • Add or Delete Roles
  • Edit Role
  • Add or Remove Users
  • Add or Remove User Attributes
  • Add or Remove Permissions
  • Change Name
  • Profile Viewing
  • Profile Editing

31
Sessions
  • Activate all roles available for a user in each
    session
  • Vary by implementation
  • Generate a permission list on the first access
  • Less database calls
  • Less object overhead
  • Set an expiration time (default 1 hour)?
  • Expire a session if a role is modified in a way
    that affects the user

32
Permissions
  • Types read, append, write, administrate
  • Each build upon one another
  • Applies to a single data object
  • For some data, permission is inherited from a
    parent

33
Conclusions
  • Theoretical Development
  • RBACSN is capable of incorporating flexibility
    with the realities of current social networking
    technology
  • Conforms to current security structures of major
    social networking sites
  • Implementation
  • Easy to use
  • Extensible to future additional data types
  • Work with existing social networks

34
Future Work
  • Model
  • Explore a way to implement multiple inheritance
    without compromising usability
  • Find a user friendly way to present and resolve
    role conflicts
  • Implementation
  • Convert to PHP5 once it is more widely available
  • Split model objects into core model objects and
    Facebook specific object attributes
  • More complex user attributes

35
References
  • 1 Facebook. (2008). Welcome to Facebook!
    Facebook. Retrieved May 8, 2008, from
    http//www.facebook.com.
  • 2 MySpace. (2008). MySpace. Retrieved May 8,
    2008, from http//www.myspace.com.
  • 3 Friendster. (2008). Friendster - Home.
    Retrieved May 8, 2008, from http//www.friendster
    .com.
  • 4 Bebo. (n.d.). www.bebo.com. Retrieved May 8,
    2008, from http//www.bebo.com.
  • 5 Facebook. (2008). Facebook Statistics.
    Retrieved May 8, 2008, from http//www.facebook.co
    m/press/info.php?statistics.
  • 6 Barbarian. (2006, September 27). Debunking
    the MySpace myth of 100 million users.
    Retrieved May 8, 2008, from http//forevergeek.co
    m/articles/debunking_the_myspace_myth_of_100_milli
    on_users.php.

36
References
  • 7 ANSI INCITS. (2004). ANSI INCITS 2004
    American national standard for role based access
    control. Retrieved May 8, 2008, from
    http//www.orbit-lab.org/attachment/wiki/internal/
    ANSI2BINCITS 2B359-2004.pdf?formatraw.
  • 8 Facebook. (2008). Facebook Developers.
    Retrieved May 8, 2008, from http//developers.face
    book.com/.
  • 9 Carminati B., Ferrari E., and Perego A.
    (2006). Rule-based access control for social
    networks. Proceedings OTM workshops, 2006.
    Retrieved May 8, 2008, from http//www.dicom.unins
    ubria.it/barbara.carminati/pubs/42781734.pdf.
  • 10 Hay M., Miklau G., Jensen D., Weis P., and
    Srivastava S. (2007, March) Anonymizing social
    networks. Retrieved May 8, 2008, from
    http//www.cs.umass.edu/mhay/papers/hay-et-al-tr0
    719.pdf.

37
References
  • 11 Backstrom L., Dwork C., and Kleinberg J.
    (2007) Wherefore art thou r3579x? Anonymized
    social networks, hidden patterns, and structural
    steganography. Proceedings of the 16th
    international conference on World Wide Web.
  • 12 Zhou B. and Pei J. (2008). Preserving
    privacy in social networks against neighborhood
    attacks. In Proceedings of the 24th International
    Conference on Data Engineering.
  • 13 Korolova A., Motwani R., Nabar S.U., and Xu
    Y. (2008) Link Privacy in Social Networks. In
    Proceedings of the 24th International Conference
    on Data Engineering.
  • 14 Gates C. (2007). Access control requirements
    for web 2.0 security and privacy. Web 2.0
    security privacy, 2007. Retrieved May 8, 2008,
    from http//seclab.cs.rice.edu/w2sp/2007/papers/pa
    per-205-z_708.pdf.

38
References
  • 15 Hart M., Johnson R., and Stent A. (2007).
    More content less control Access control in
    the web 2.0. Web 2.0 security privacy, 2007.
    Retrieved May 8, 2008 from http//seclab.cs.rice.
    edu/w2sp/2007/papers/paper-193-z_6706.pdf.

39
  • Questions?
Write a Comment
User Comments (0)
About PowerShow.com