Towards usage control models: beyond traditional access control
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Attributed Based Access Control (ABAC) for Web Services
ICWS '05 Proceedings of the IEEE International Conference on Web Services
Information revelation and privacy in online social networks
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Communications of the ACM
NOYB: privacy in online social networks
Proceedings of the first workshop on Online social networks
FlyByNight: mitigating the privacy risks of social networking
Proceedings of the 7th ACM workshop on Privacy in the electronic society
Hi-index | 0.00 |
With the growth in the popularity of social networking sites like Facebook and MySpace, there is an increasing concern about privacy of content posted by users. Many users enter personal details about themselves but have poor understanding of theats such as identity theft and stalking. There is a need to educate and assist users in understanding how their personal data is exposed to other users. In this paper, we introduce the concept of negotiated audit which gives users of social networks valuable feedback about how their data is being used. Our design has three levels of auditing for both sharing and browsing data: no audit, complete audit and anonymous audit. Users can classify their data as requiring some level of auditing and can also set their browsing preference to one of the auditing levels. Users can only see some data if their browsing preference is compatible with the data's audit level thus giving rise to negotiation of how much users are willing to reveal about their activities and how much data they will be able to access. We provide a mathematical model and describe a simple social networking prototype called Share that implements negotiated audit.