A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
A lattice model of secure information flow
Communications of the ACM
Protecting Respondents' Identities in Microdata Release
IEEE Transactions on Knowledge and Data Engineering
A Flexible Containment Mechanism for Executing Untrusted Code
Proceedings of the 11th USENIX Security Symposium
Practical privacy: the SuLQ framework
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
L-diversity: Privacy beyond k-anonymity
ACM Transactions on Knowledge Discovery from Data (TKDD)
Proceedings of the 16th international conference on World Wide Web
MAPbox: using parameterized behavior classes to confine untrusted applications
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Secure web applications via automatic partitioning
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Robust De-anonymization of Large Sparse Datasets
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Verifiable functional purity in java
Proceedings of the 15th ACM conference on Computer and communications security
Privacy wizards for social networking sites
Proceedings of the 19th international conference on World wide web
Detecting and characterizing social spam campaigns
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
unfriendly: multi-party privacy risks in social networks
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
FIRM: capability-based inline mediation of Flash behaviors
Proceedings of the 26th Annual Computer Security Applications Conference
Secure data preservers forweb services
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
SudoWeb: minimizing information disclosure to third parties in single sign-on platforms
ISC'11 Proceedings of the 14th international conference on Information security
Collaborative privacy management for third-party applications in online social networks
Proceedings of the 1st Workshop on Privacy and Security in Online Social Media
Fine-grained access control of personal data
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
PoX: Protecting users from malicious Facebook applications
Computer Communications
Keeping information safe from social networking apps
Proceedings of the 2012 ACM workshop on Workshop on online social networks
Privacy-preserving social plugins
Security'12 Proceedings of the 21st USENIX conference on Security symposium
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
πBox: a platform for privacy-preserving apps
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Preserving user privacy from third-party applications in online social networks
Proceedings of the 22nd international conference on World Wide Web companion
Toward principled browser security
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Appinspect: large-scale evaluation of social networking apps
Proceedings of the first ACM conference on Online social networks
Dynamic enforcement of knowledge-based security policies using probabilistic abstract interpretation
Journal of Computer Security
Hi-index | 0.00 |
Social networking websites have recently evolved from being service providers to platforms for running third party applications. Users have typically trusted the social networking sites with personal data, and assume that their privacy preferences are correctly enforced. However, they are now being asked to trust each third-party application they use in a similar manner. This has left the users' private information vulnerable to accidental or malicious leaks by these applications. In this work, we present a novel framework for building privacy-preserving social networking applications that retains the functionality offered by the current social networks. We use information flow models to control what untrusted applications can do with the information they receive. We show the viability of our design by means of a platform prototype. The usability of the platform is further evaluated by developing sample applications using the platform APIs. We also discuss both security and nonsecurity challenges in designing and implementing such a framework.