论文信息 - Social applications: exploring a more secure framework

Social applications: exploring a more secure framework

Online social network sites, such as MySpace, Facebook and others have grown rapidly, with hundreds of millions of active users. A new feature on many sites is social applications -- applications and services written by third party developers that provide additional functionality linked to a user's profile. However, current application platforms put users at risk by permitting the disclosure of large amounts of personal information to these applications and their developers. This paper formally abstracts and defines the current access control model applied to these applications, and builds on it to create a more secure framework. We do so in the interest of preserving as much of the current architecture as possible, while seeking to provide a practical balance between security and privacy needs of the users, and the needs of the applications to access users' information. We present a user study of our interface design for setting a user-to-application policy. Our results indicate that the model and interface work for users who are more concerned with their privacy, but we still need to explore alternate means of creating policies for those who are less concerned.

[1] David Evans,et al. Privacy Protection for Social Networking Platforms , 2008 .

[2] Danah Boyd,et al. Friendster and publicly articulated social networking , 2004, CHI EA '04.

[3] Heather Richter Lipford,et al. Understanding Privacy Settings in Facebook with an Audience View , 2008, UPSEC.

[4] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.

[5] Alessandro Acquisti,et al. Information revelation and privacy in online social networks , 2005, WPES '05.

[6] Ponnurangam Kumaraguru,et al. Privacy Indexes: A Survey of Westin's Studies , 2005 .

[7] Marti A. Hearst,et al. Why phishing works , 2006, CHI.

[8] Judith Donath,et al. Public Displays of Connection , 2004 .

[9] Gail-Joon Ahn,et al. Beyond User-to-User Access Control for Online Social Networks , 2008, ICICS.

[10] Ariel Rabkin,et al. Personal knowledge questions for fallback authentication: security questions in the era of Facebook , 2008, SOUPS '08.