Conference Paper

A Privacy Preservation Model for Facebook-Style Social Network Systems.

DOI: 10.1007/978-3-642-04444-1_19 Conference: Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings
Source: DBLP

ABSTRACT Recent years have seen unprecedented growth in the popularity of social network systems, with Face- book being an archetypical example. The access control paradigm behind the privacy preservation mech- anism of Facebook is distinctly different from such existing access control paradigms as Discretionary Access Control, Role-Based Access Control, Capability Systems, and Trust Management Systems. This work takes a first step in deepening the understanding of this access control paradigm, by proposing an access control model that formalizes and generalizes the privacy preservation mechanism of Facebook. The model can be instantiated into a family of Facebook-style social network systems, each with a rec- ognizably different access control mechanism, so that Facebook is but one instantiation of the model. We also demonstrate that the model can be instantiated to express policies that are not currently supported by Facebook but possess rich and natural social significance. This work thus delineates the design space of privacy preservation mechanisms for Facebook-style social network systems, and lays out a formal framework for policy analysis in these systems.

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Understanding the privacy implication of adopting a certain privacy setting is a complex task for the users of social network systems. Users need tool support to articulate potential access scenarios and perform policy analysis. Such a need is particularly acute for Facebook-style Social Network Systems (FSNSs), in which semantically rich topology-based policies are used for access control. In this work, we develop a prototypical tool for Reflective Policy Assessment (RPA) --- a process in which a user examines her profile from the viewpoint of another user in her extended neighbourhood in the social graph. We verify the utility and usability of our tool in a within-subject user study.
    Proceedings of the 27th Annual ACM Symposium; 03/2012
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The management of group context in socially mediating technologies is an important challenge for the design community. To better understand how users manage group context, we explored the practice of multiple profile management in social media. In doing so, we observed creative and opportunistic strategies for group context management. We found that multiple profile maintenance is motivated by four factors: privacy, identity, utility, and propriety. Drawing on these motives, we observe a continuum of boundary regulation behaviors: pseudonymity, practical obscurity, and transparent separation. Based on these findings, we encourage designers of group context management systems to more broadly consider motives and practices of group separations in social media. Group context management systems should be privacy-enhancing, but a singular focus on privacy overlooks a range of other group context management practices.
    CSCW '12 Computer Supported Cooperative Work, Seattle, WA, USA, February 11-15, 2012; 02/2012
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Existing online social networks (OSNs) only allow a single user to restrict access to her/his data but cannot provide any mechanism to enforce privacy concerns over data associated with multiple users. This situation leaves privacy conflicts largely unresolved and leads to the potential disclosure of users' sensitive information. To ad-dress such an issue, a MultiParty Access Control (MPAC) model was recently proposed, including a systematic approach to identify and resolve privacy conflicts for collaborative data sharing in OSNs. In this paper, we take another step to further study the problem of analyzing the strategic behavior of rational controllers in multiparty access control, where each controller aims to maximize her/his own benefit by adjusting her/his privacy setting in collaborative data sharing in OSNs. We first formulate this problem as a multiparty control game and show the existence of unique Nash Equilibrium (NE) which is critical because at an NE, no controller has any incentive to change her/his privacy setting. We then present algorithms to compute the NE and prove that the system can con-verge to the NE in only a few iterations. A numerical analysis is also provided for different scenarios that illustrate the interplay of controllers in the multiparty control game. In addition, we con-duct user studies of the multiparty control game to explore the gap between game theoretic approaches and real human behaviors.
    19th ACM Symposium on Access Control Models And Technologies (SACMAT 2014), London, Ontario, Canada; 06/2014

Full-text (2 Sources)

Available from
May 21, 2014