PriMa: a comprehensive approach to privacy protection in social network sites

With social networks (SNs) allowing their users to host large amounts of personal data on their platforms, privacy protection mechanisms are becoming increasingly important. The current privacy protection mechanisms offered by SNs mostly enforce access control policies based on users’ privacy settings. The task of setting privacy preferences may be tedious and confusing for the average user, who has hundreds of connections (e.g., acquaintances, colleagues, friends, etc.) and maintains an extensive profile on his main SN. Hence, users often end up with policies that do not sufficiently protect their personal information, thus facilitating potential privacy breaches and information misuse. In this paper, we propose PriMa (Privacy Manager), a privacy protection mechanism that supports semiautomated generation of access rules for users’ profile information, filling the gap between the privacy management needs of SN users and the existing SNs’ privacy protection mechanisms. PriMa access rules are generated using a multicriteria algorithm, so as to account for an extensive set of criteria to be considered when dealing with access control in SN sites. The resulting rules are simple yet powerful specifications, indicating the adequate level of protection for each user, and are dynamically adapted to the ever-changing requirements of the users’ preferences and SN configuration. We have implemented PriMa on a Drupal platform and as a third-party Facebook application. We have evaluated the performance of the PriMa application with respect to access rule generation.

[1]  Kristen LeFevre,et al.  Privacy wizards for social networking sites , 2010, WWW '10.

[2]  Sebastian Ryszard Kruk,et al.  D-FOAF: Distributed Identity Management with Access Rights Delegation , 2006, ASWC.

[3]  Christiane Fellbaum,et al.  Book Reviews: WordNet: An Electronic Lexical Database , 1999, CL.

[4]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[5]  Alec Wolman,et al.  A Social Networking-Based Access Control Scheme for Personal Content , 2007 .

[6]  Philip W. L. Fong Preventing Sybil Attacks by Privilege Attenuation: A Design Principle for Social Network Systems , 2011, 2011 IEEE Symposium on Security and Privacy.

[7]  K. Strater,et al.  Strategies and struggles with privacy in an online social networking community , 2008 .

[8]  Jon M. Kleinberg,et al.  Wherefore art thou R3579X? , 2011, Commun. ACM.

[9]  Rob Johnson,et al.  More Content - Less Control: Access Control in the Web 2.0 , 2006 .

[10]  Jennifer Golbeck,et al.  Investigating interactions of trust and interest similarity , 2007, Decis. Support Syst..

[11]  Frank Stajano,et al.  Eight friends are enough: social graph approximation via public listings , 2009, SNS '09.

[12]  Sebastian Ryszard Kruk,et al.  D-FOAF - Distributed Identity Management based on Social Networks , 2006 .

[13]  Donald F. Towsley,et al.  Resisting structural re-identification in anonymized social networks , 2008, The VLDB Journal.

[14]  Krishna P. Gummadi,et al.  Analyzing facebook privacy settings: user expectations vs. reality , 2011, IMC '11.

[15]  Philip W. L. Fong Relationship-based access control: protection model and policy language , 2011, CODASPY '11.

[16]  Thomas R. Gruber,et al.  Toward principles for the design of ontologies used for knowledge sharing? , 1995, Int. J. Hum. Comput. Stud..

[17]  Stephen E. Robertson,et al.  Probabilistic models of indexing and searching , 1980, SIGIR '80.

[18]  Anna Cinzia Squicciarini,et al.  Learning based access control in online social networks , 2010, WWW '10.

[19]  Barbara Carminati,et al.  Enforcing access control in Web-based social networks , 2009, TSEC.

[20]  Bhavani M. Thuraisingham,et al.  Inferring private information using social network data , 2009, WWW '09.

[21]  Balachander Krishnamurthy,et al.  Characterizing privacy in online social networks , 2008, WOSN '08.

[22]  Maryline Laurent-Maknavicius,et al.  Context-Aware Decentralized Approach for Web Services , 2012, 2012 IEEE Eighth World Congress on Services.

[23]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[24]  An Nguyen The interaction between technologies and society: Lessons learned from 160 evolutionary years of online news services , 2007, First Monday.

[25]  Paul C. van Oorschot,et al.  Privacy-enhanced sharing of personal content on the web , 2008, WWW.

[26]  Stefan Burr,et al.  The Mathematics of networks , 1982 .

[27]  Jennifer Golbeck,et al.  Computing and Applying Trust in Web-based Social Networks , 2005 .

[28]  Paul Resnick,et al.  The value of reputation on eBay: A controlled experiment , 2002 .

[29]  Alessandro Acquisti,et al.  Privacy in electronic commerce and the economics of immediate gratification , 2004, EC '04.

[30]  George Danezis,et al.  Prying Data out of a Social Network , 2009, 2009 International Conference on Advances in Social Network Analysis and Mining.

[31]  Lise Getoor,et al.  To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles , 2009, WWW '09.

[32]  Jennifer Golbeck,et al.  The dynamics of Web-based social networks: Membership, relationships, and change , 2007, First Monday.

[33]  Barbara Carminati,et al.  Privacy in Social Networks: How Risky is Your Social Graph? , 2012, 2012 IEEE 28th International Conference on Data Engineering.

[34]  Barbara Carminati,et al.  Privacy-Aware Collaborative Access Control in Web-Based Social Networks , 2008, DBSec.

[35]  Barbara Carminati,et al.  Private Relationships in Social Networks , 2007, 2007 IEEE 23rd International Conference on Data Engineering Workshop.

[36]  Patrick P. Tsang,et al.  Social Circles: Tackling Privacy in Social Networks , 2008 .

[37]  Cynthia Dwork,et al.  Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography , 2007, WWW '07.

[38]  Luke Church,et al.  Privacy suites: shared privacy for social networks , 2009, SOUPS.

[39]  Alessandro Acquisti,et al.  Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.