A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks

On-line Social Networks (OSN) have become one of the most used Internet services. However, as happens with every new technology, they are prone to several security issues. Despite privacy concerns begin to emerge, there are still other dangerous vulnerabilities that affect security and threaten organisations and users assets. In this paper, we present the first Threat Modelling approach in Online Social Networks that intends to identify the threats and vulnerabilities that can be exploited. Next, we define what we call the Circle of Risk (CoR), a graphical definition of every security aspect involved in the threat modelling.

[1]  Naphtali Rishe,et al.  Content-based image retrieval , 1995, Multimedia Tools and Applications.

[2]  Jing Liu,et al.  An Analysis of Security in Social Networks , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[3]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[4]  José María Gómez Hidalgo,et al.  Data Leak Prevention through Named Entity Recognition , 2010, 2010 IEEE Second International Conference on Social Computing.

[5]  Balachander Krishnamurthy,et al.  On the leakage of personally identifiable information via online social networks , 2010, Comput. Commun. Rev..

[6]  Th. Hermes,et al.  Content-based image retrieval , 1995 .

[7]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense Against Sybil Attacks , 2010, IEEE/ACM Trans. Netw..

[8]  Balachander Krishnamurthy,et al.  Proceedings of the 2nd ACM workshop on Online social networks , 2009, SIGCOMM 2009.

[9]  Ari Takanen Fuzzing for the masses , 2008 .

[10]  Urs E. Gattiker The Information Security Dictionary: Defining The Terms That Define Security For E-business, Internet, Information And Wireless Technology (KLUWER INTERNATIONAL SERIES IN ENGINEERING AND COMPUTER SCIENCE) , 2004 .

[11]  Zygmunt Mazur,et al.  Security of Internet Transactions , 2009 .

[12]  P. Jonathon Phillips,et al.  Support Vector Machines Applied to Face Recognition , 1998, NIPS.

[13]  Lise Getoor,et al.  To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles , 2009, WWW '09.

[14]  Wouter Joosen,et al.  Threat Modelling for Web Services Based Web Applications , 2004, Communications and Multimedia Security.

[15]  Steve Mansfield-Devine,et al.  Social Networking: Anti-social networking: exploiting the trusting environment of Web 2.0 , 2008 .

[16]  Ashwin Machanavajjhala,et al.  Privacy-Preserving Data Publishing , 2009, Found. Trends Databases.

[17]  Robert Slade Dictionary of Information Security , 2006 .