FlyByNight: mitigating the privacy risks of social networking
Proceedings of the 7th ACM workshop on Privacy in the electronic society
Beyond User-to-User Access Control for Online Social Networks
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Social applications: exploring a more secure framework
Proceedings of the 5th Symposium on Usable Privacy and Security
Enforcing access control in Web-based social networks
ACM Transactions on Information and System Security (TISSEC)
xBook: redesigning privacy control in social networking platforms
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Relationship-based access control: protection model and policy language
Proceedings of the first ACM conference on Data and application security and privacy
Collaborative privacy management for third-party applications in online social networks
Proceedings of the 1st Workshop on Privacy and Security in Online Social Media
PoX: Protecting users from malicious Facebook applications
Computer Communications
Keeping information safe from social networking apps
Proceedings of the 2012 ACM workshop on Workshop on online social networks
A user-to-user relationship-based access control model for online social networks
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Relationship-Based Access Control for Online Social Networks: Beyond User-to-User Relationships
SOCIALCOM-PASSAT '12 Proceedings of the 2012 ASE/IEEE International Conference on Social Computing and 2012 ASE/IEEE International Conference on Privacy, Security, Risk and Trust
Hi-index | 0.00 |
Online social networks (OSNs) facilitate many third-party applications (TPAs) that offer users additional functionality and services. However, they also pose serious user privacy risk as current OSNs provide little control over disclosure of user data to TPAs. Addressing the privacy and security issues related to TPAs (and the underlying social networking platforms) requires solutions beyond a simple all-or-nothing strategy. In this paper, we outline an access control framework that provides users flexible controls over how TPAs can access user data and activities in OSNs while still retaining the functionality of TPAs. The proposed framework specifically allows TPAs to utilize some private data without actually transmitting this data to TPAs. Our approach determines access from TPAs based on user-specified policies in terms of relationships between the user and the application.