Online social network platforms: toward a model-backed security evaluation

While presently enjoying a tremendous popularity among Internet users, Online Social Network (OSN) platforms have also recently increasingly come under fire for a number of security (and privacy) issues stemming from their usage. In an attempt to somehow formalize the study of such issues, we propose in this paper a conceptual model of the workings of a "typical" OSN platform as experienced by its users, putting a distinct emphasis on the resources published through such platforms for the pivotal role they have come to occupy, notably in regard to misuses. We then briefly discuss potential applications of that model, not only as a support to assess security properties inherent to the configuration of current OSN platforms, but also as a tool to further investigate practical attack scenarios against those (and their users).

[1]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[2]  Andrei Z. Broder,et al.  Graph structure in the Web , 2000, Comput. Networks.

[3]  Krishna P. Gummadi,et al.  On the evolution of user interaction in Facebook , 2009, WOSN '09.

[4]  Mark Manulis,et al.  Security and Privacy in Online Social Networks , 2010, Handbook of Social Network Technologies.

[5]  Edgar R. Weippl,et al.  Social Networking Sites Security: Quo Vadis , 2010, 2010 IEEE Second International Conference on Social Computing.

[6]  Refik Molva,et al.  Safebook: A privacy-preserving online social network leveraging on real-life trust , 2009, IEEE Communications Magazine.

[7]  Barbara Carminati,et al.  Enforcing access control in Web-based social networks , 2009, TSEC.

[8]  Danah Boyd,et al.  Social Network Sites: Definition, History, and Scholarship , 2007, J. Comput. Mediat. Commun..

[9]  Sonja Buchegger,et al.  PeerSoN: P2P social networking: early experiences and insights , 2009, SNS '09.

[10]  Sotiris Ioannidis,et al.  Antisocial Networks: Turning a Social Network into a Botnet , 2008, ISC.

[11]  Philip W. L. Fong,et al.  A Privacy Preservation Model for Facebook-Style Social Network Systems , 2009, ESORICS.

[12]  Yuguang Fang,et al.  Privacy and security for online social networks: challenges and opportunities , 2010, IEEE Network.

[13]  Francesca Musiani,et al.  When social links are network links: The dawn of peer-to-peer social networks and its implications for privacy , 2010 .

[14]  H. Park Hyperlink network analysis: A new method for the study of social structure on the web , 2003 .

[15]  George Danezis,et al.  Prying Data out of a Social Network , 2009, 2009 International Conference on Advances in Social Network Analysis and Mining.

[16]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[17]  Scott A. Golder,et al.  Security Issues and Recommendations for Online Social Networks. , 2007 .

[18]  Erdong Chen,et al.  Facebook immune system , 2011, SNS '11.

[19]  Raphael C.-W. Phan,et al.  Security and Privacy Preservation in Human-Involved Networks , 2009, iNetSeC.

[20]  Krishna P. Gummadi,et al.  Measurement and analysis of online social networks , 2007, IMC '07.

[21]  Vern Paxson,et al.  @spam: the underground on 140 characters or less , 2010, CCS '10.