Social Network Privacy via Evolving Access Control

We study the problem of limiting privacy loss due to data shared in a social network, where the basic underlying assumptions are that users are interested in sharing data and cannot be assumed to constantly follow appropriate privacy policies. Note that if these two assumptions do not hold, social network privacy is theoretically very easy to achieve; for instance, via some form of access control and confidentiality transformation on the data. In this paper we observe that users-regulated access control has shown to be unsuccessful for practical social network, and propose that social networks deploy an additional layer of server-assisted access control which, even under no action from a user, automatically evolves over time, by restricting access to the user's data. The evolving access control mechanism provides non-trivial quantifiable guarantees for formally specified requirements of utility (i.e., users share as much data as possible to all other users) and privacy (i.e., users expose combinations of sensitive data only with low probability and over a long time). To the best of our knowledge, this is the first research solution attempting to simultaneously maximizes utility and safeguards privacy of users sharing data in social networking websites.

[1]  Starr Roxanne Hiltz,et al.  Trust and Privacy Concern Within Social Networking Sites: A Comparison of Facebook and MySpace , 2007, AMCIS.

[2]  Anna Cinzia Squicciarini,et al.  WWW 2009 MADRID! Track: Security and Privacy / Session: Web Privacy Collective Privacy Management in Social Networks , 2022 .

[3]  Balachander Krishnamurthy,et al.  Characterizing privacy in online social networks , 2008, WOSN '08.

[4]  P. Erdös,et al.  Families of finite sets in which no set is covered by the union ofr others , 1985 .

[5]  Rajeev Motwani,et al.  Link Privacy in Social Networks , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[6]  Man Lung Yiu,et al.  Group-by skyline query processing in relational engines , 2009, CIKM.

[7]  Richard C. Singleton,et al.  Nonrandom binary superimposed codes , 1964, IEEE Trans. Inf. Theory.

[8]  Giovanni Di Crescenzo,et al.  Modeling cryptographic properties of voice and voice-based entity authentication , 2007, DIM '07.

[9]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[10]  Danah Boyd,et al.  Friendster and publicly articulated social networking , 2004, CHI EA '04.

[11]  Andreas Schaad,et al.  Privacy-preserving social network analysis for criminal investigations , 2008, WPES '08.

[12]  Avishai Wool,et al.  Long-Lived Broadcast Encryption , 2000, CRYPTO.

[13]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.