Preserving user privacy from third-party applications in online social networks

Authors:
Yuan Cheng;Jaehong Park;Ravi Sandhu
Affiliations:
University of Texas at San Antonio, San Antonio, TX, USA;University of Texas at San Antonio, San Antonio, TX, USA;University of Texas at San Antonio, San Antonio, TX, USA
Venue:
Proceedings of the 22nd international conference on World Wide Web companion
Year:
2013

Citing 11
Cited 0

FlyByNight: mitigating the privacy risks of social networking

Proceedings of the 7th ACM workshop on Privacy in the electronic society
Beyond User-to-User Access Control for Online Social Networks

ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Social applications: exploring a more secure framework

Proceedings of the 5th Symposium on Usable Privacy and Security
Enforcing access control in Web-based social networks

ACM Transactions on Information and System Security (TISSEC)
xBook: redesigning privacy control in social networking platforms

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Relationship-based access control: protection model and policy language

Proceedings of the first ACM conference on Data and application security and privacy
Collaborative privacy management for third-party applications in online social networks

Proceedings of the 1st Workshop on Privacy and Security in Online Social Media
PoX: Protecting users from malicious Facebook applications

Computer Communications
Keeping information safe from social networking apps

Proceedings of the 2012 ACM workshop on Workshop on online social networks
A user-to-user relationship-based access control model for online social networks

DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Relationship-Based Access Control for Online Social Networks: Beyond User-to-User Relationships

SOCIALCOM-PASSAT '12 Proceedings of the 2012 ASE/IEEE International Conference on Social Computing and 2012 ASE/IEEE International Conference on Privacy, Security, Risk and Trust

Quantified Score

Hi-index	0.00

Visualization

Abstract

Online social networks (OSNs) facilitate many third-party applications (TPAs) that offer users additional functionality and services. However, they also pose serious user privacy risk as current OSNs provide little control over disclosure of user data to TPAs. Addressing the privacy and security issues related to TPAs (and the underlying social networking platforms) requires solutions beyond a simple all-or-nothing strategy. In this paper, we outline an access control framework that provides users flexible controls over how TPAs can access user data and activities in OSNs while still retaining the functionality of TPAs. The proposed framework specifically allows TPAs to utilize some private data without actually transmitting this data to TPAs. Our approach determines access from TPAs based on user-specified policies in terms of relationships between the user and the application.