A Case Study on Modeling Social Network Privacy Policies Using Event-B

On the Use of Formal Methods to Enforce Privacy-Aware Social Networking

Social Network Engineering for Secure Web Data and Services

This chapter discusses the use of formal techniques and formal verification tools to ensure privacy-aware social networking; hence users of social-networking sites can predict what the consequences of updating their privacy settings are. A formal methods approach is presented for modeling and comparing social-network privacy policies, and for checking whether a user’s privacy policy can coexist with other policies within a social networking site. The authors present the Poporo tool implementing the approach. Poporo builds on a predicate calculus definition for social networking written in B that models social network content, people in the network, friendship relations, and privacy policies that are modeled as permissions to access content. Several examples of privacy-awareness social networking are also shown using Poporo.

A Formal Privacy Policy Framework for Social Networks

Lecture Notes in Computer Science, 2014

Social networks (SN) provide a great opportunity to help people interact with each other in different ways depending on the kind of relationship that links them. One of the aims of SN is to be flexible in the way one shares information, being as permissive as possible in how people communicate and disseminate information. While preserving the spirit of SN, users would like to be sure that their privacy is not compromised. One way to do so is by providing users with means to define their own privacy policies and give guarantees that they will be respected. In this paper we present a privacy policy framework for SN, consisting of a formal model of SN, a knowledge-based logic, and a formal privacy policy language. The framework may be tailored by providing suitable instantiations of the different relationships, the events, the propositions representing what is to be known, and the additional facts or rules a particular social network should satisfy. Besides, models of Facebook and Twitter are instantiated in our formalism, and we provide instantiations of a number of richer privacy policies.

CoSMeDis: A Distributed Social Media Platform with Formally Verified Confidentiality Guarantees

2017 IEEE Symposium on Security and Privacy (SP)

We present the design, implementation and information flow verification of CoSMeDis, a distributed social media platform. The system consists of an arbitrary number of communicating nodes, deployable at different locations over the Internet. Its registered users can post content and establish intra-node and inter-node friendships, used to regulate access control over the posts. The system's kernel has been verified in the proof assistant Isabelle/HOL and automatically extracted as Scala code. We formalized a framework for composing a class of information flow security guarantees in a distributed system, applicable to input/output automata. We instantiated this framework to confidentiality properties for CoSMeDis's sources of information: posts, friendship requests, and friendship status.

A Graph-Based Approach to Model Privacy and Security Issues of Online Social Networks

Social Network Engineering for Secure Web Data and Services

With millions of users, Online Social Networks (OSNs) are a huge cultural phenomenon. Put briefly, they are characterized by: i) an intrinsic sharing of personal information, ii) a rich set of features to publish, organize and retrieve contents, especially for emphasizing their social organization, iii) the interaction with a heterogeneous set of devices, e.g., ranging from desktops to mobile appliances, and iv) the mix of Web-based paradigms and sophisticated methodologies for processing data. However, if not properly implemented, or without effective security policies, i) – iv) could lead to severe risks in terms both of privacy and security. In this perspective, this chapter analyzes the major peculiarities of OSN platforms, the preferred development methodologies, and usage patterns, also by taking into account how personal information can be exploited to conduct malicious actions. Then, a graph-based modeling approach is introduced to reveal possible attacks, as well as to elab...

1st Workshop on privacy and protection in web-based social networks

2010

The technological threatens to the right of privacy are not only limited to data bases. WBSN and pervasive computer, for instance, are two clear examples of other privacy risks. WBSN have an economic value, and more and more tools focus on WBSN users' personal information. On the contrary, WBSN privacy is only a new research area. Internet communities are trust-based systems. Therefore, they need a privacy-respecting reputation system. Transparency tools should also allow individuals to check at any desired moment what personal data has been given to the data systems, and be able to alter or delete it. IT researchers usually consider privacy as a quantifiable attribute that can be negotiated and possibly exchanged by individuals in return for certain benefits. On the contrary, PET are necessary in WBSN. Thus, they cannot simply be individual options. Human rights, as public policies, should be preserved in the design of IT tools.

Control Mechanism for Online Social Network

2013

xBook: Redesigning Privacy Control in Social Networking Platforms

2009

Social networking websites have recently evolved from being service providers to platforms for running third party applications. Users have typically trusted the social networking sites with personal data, and assume that their privacy preferences are correctly enforced. However, they are now being asked to trust each third-party application they use in a similar manner. This has left the users' private information vulnerable to accidental or malicious leaks by these applications.

CEGON TECHNOLOGIES CEGON TECHNOLOGIES ( We Rise By Lifting Others) Multiparty Access Control for Online Social Networks: Model and Mechanisms

cegon technologies, 2019

Online social networks (OSNs) have experienced tremendous growth in recent years and become a de facto portal for hundreds of millions of Internet users. These OSNs offer attractive means for digital social interactions and information sharing, but also raise a number of security and privacy issues. While OSNs allow users to restrict access to shared data, they currently do not provide any mechanism to enforce privacy concerns over data associated with multiple users. To this end, we propose an approach to enable the protection of shared data associated with multiple users in OSNs. We formulate an access control model to capture the essence of multiparty authorization requirements, along with a multiparty policy specification scheme and a policy enforcement mechanism. Besides, we present a logical representation of our access control model that allows us to leverage the features of existing logic solvers to perform various analysis tasks on our model. We also discuss a proof-of-concept prototype of our approach as part of an application in Facebook and provide usability study and system evaluation of our method. EXISTING SYSTEM: The existing work could model and analyze access control requirements with respect to collaborative authorization management of shared data in OSNs. The need of joint management for data sharing, especially photo sharing, in OSNs has been recognized by the recent work provided a solution for collective privacy management in OSNs. Their work considered access control policies of a content that is co-owned by multiple users in an OSN, such that each co-owner may separately specify her/his own privacy preference for the shared content.

A Case Study on Modeling Social Network Privacy Policies Using Event-B (original) (raw)

Related papers