Conference Paper

A Privacy Preservation Model for Facebook-Like Social Network Systems

DOI: 10.1007/978-3-642-04444-1_19 Conference: Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings
Source: DBLP


Recent years have seen unprecedented growth in the popularity of social network systems, with Face- book being an archetypical example. The access control paradigm behind the privacy preservation mech- anism of Facebook is distinctly different from such existing access control paradigms as Discretionary Access Control, Role-Based Access Control, Capability Systems, and Trust Management Systems. This work takes a first step in deepening the understanding of this access control paradigm, by proposing an access control model that formalizes and generalizes the privacy preservation mechanism of Facebook. The model can be instantiated into a family of Facebook-style social network systems, each with a rec- ognizably different access control mechanism, so that Facebook is but one instantiation of the model. We also demonstrate that the model can be instantiated to express policies that are not currently supported by Facebook but possess rich and natural social significance. This work thus delineates the design space of privacy preservation mechanisms for Facebook-style social network systems, and lays out a formal framework for policy analysis in these systems.

Download full-text


Available from: Mohd Anwar,
  • Source
    • "The improved model allows more flexible policies; for example, it is possible to grant access to the last four friends, or grant access if at least n friends of the owner fulfill a certain requirement. These three works [25] [24] [10] share the same limitation. They do not consider the strength or intensity of the relationships (i.e., they only consider relationships as a boolean: either a relationship exist or not). "
    [Show abstract] [Hide abstract]
    ABSTRACT: Social networking services (SNSs) such as Facebook or Twitter have experienced an explosive growth during the few past years. Millions of users have created their profiles on these services because they experience great benefits in terms of friendship. SNSs can help people to maintain their friendships, organize their social lives, start new friendships, or meet others that share their hobbies and interests. However, all these benefits can be eclipsed by the privacy hazards that affect people in SNSs. People expose intimate information of their lives on SNSs, and this information affects the way others think about them. It is crucial that users be able to control how their information is distributed through the SNSs and decide who can access it. This paper presents a list of privacy threats that can affect SNS users, and what requirements privacy mechanisms should fulfill to prevent this threats. Then, we review current approaches and analyze to what extent they cover the requirements.
    International Journal of Human-Computer Interaction 02/2015; 31(5):0-0. DOI:10.1080/10447318.2014.1001300 · 0.85 Impact Factor
  • Source
    • "To address such an issue, we recently proposed a multiparty access control (MPAC) model [22] to capture the core features of multiparty authorization requirements, which have not been accommodated by other access control systems for OSNs (e.g., [10] [11] [16] [17]). In particular, we introduced a systematic conflict detection and resolution approach [21] to cope with privacy conflicts occurring in collaborative management of data sharing in OSNs, balancing the need for privacy protection and the users' desire for information sharing by quantitative analysis of privacy risk and sharing loss. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Existing online social networks (OSNs) only allow a single user to restrict access to her/his data but cannot provide any mechanism to enforce privacy concerns over data associated with multiple users. This situation leaves privacy conflicts largely unresolved and leads to the potential disclosure of users' sensitive information. To ad-dress such an issue, a MultiParty Access Control (MPAC) model was recently proposed, including a systematic approach to identify and resolve privacy conflicts for collaborative data sharing in OSNs. In this paper, we take another step to further study the problem of analyzing the strategic behavior of rational controllers in multiparty access control, where each controller aims to maximize her/his own benefit by adjusting her/his privacy setting in collaborative data sharing in OSNs. We first formulate this problem as a multiparty control game and show the existence of unique Nash Equilibrium (NE) which is critical because at an NE, no controller has any incentive to change her/his privacy setting. We then present algorithms to compute the NE and prove that the system can con-verge to the NE in only a few iterations. A numerical analysis is also provided for different scenarios that illustrate the interplay of controllers in the multiparty control game. In addition, we con-duct user studies of the multiparty control game to explore the gap between game theoretic approaches and real human behaviors.
    19th ACM Symposium on Access Control Models And Technologies (SACMAT 2014), London, Ontario, Canada; 06/2014
  • Source
    • "Spam, scam, phishing, and malware applications are some of the common security and privacy threats to social networks (Fong, 2009). These common threats result in a hidden threat of expediting the spread of malicious applications. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Securing Information and Communication Systems (ICSs) is a highly complex process due in large part to the feedback relationship that holds between the users and the system and its 'ecosystem' of usage. Such a relationship is critical for experience designers. The design of secure systems can thereby be enhanced by using principles from disciplines where similar relations hold, such as security engineering and adaptive systems. In this work, we propose a user experience design framework based on six principles and use a social networking system as an example of its application. The proposed design principles are grounded in complex systems theory. We address several potential security and privacy challenges inherent in the design of a large-scale adaptive system. By means of this framework we reflect upon the participation of an experience designer regarding the conceptualization, selection, review, and update of security and privacy matters. In this sense, we observe the role of the designer as a translator across disciplines. By introducing our framework, we also attempt to start a conversation about the challenges a designer faces in the appropriation of this role, either for the case of securing large-scale systems or in those situations where the boundaries of design and knowledge from other disciplines already overlap.
    DRS 2014 - Design Research Society Conference, Umeå, Sweden; 06/2014
Show more