Game theoretic analysis of multiparty access control in online social networks

Existing online social networks (OSNs) only allow a single user to restrict access to her/his data but cannot provide any mechanism to enforce privacy concerns over data associated with multiple users. This situation leaves privacy conflicts largely unresolved and leads to the potential disclosure of users' sensitive information. To address such an issue, a MultiParty Access Control (MPAC) model was recently proposed, including a systematic approach to identify and resolve privacy conflicts for collaborative data sharing in OSNs. In this paper, we take another step to further study the problem of analyzing the strategic behavior of rational controllers in multiparty access control, where each controller aims to maximize her/his own benefit by adjusting her/his privacy setting in collaborative data sharing in OSNs. We first formulate this problem as a multiparty control game and show the existence of unique Nash Equilibrium (NE) which is critical because at an NE, no controller has any incentive to change her/his privacy setting. We then present algorithms to compute the NE and prove that the system can converge to the NE in only a few iterations. A numerical analysis is also provided for different scenarios that illustrate the interplay of controllers in the multiparty control game. In addition, we conduct user studies of the multiparty control game to explore the gap between game theoretic approaches and real human behaviors.

[1]  Matthias R. Brust,et al.  Modeling privacy settings of an online social network from a game-theoretical perspective , 2013, 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[2]  Philip W. L. Fong Relationship-based access control: protection model and policy language , 2011, CODASPY '11.

[3]  Ahmed K. Elmagarmid,et al.  Privometer: Privacy protection in social networks , 2010, 2010 IEEE 26th International Conference on Data Engineering Workshops (ICDEW 2010).

[4]  Tansu Alpcan,et al.  A game theoretic model for digital identity and trust in online communities , 2010, ASIACCS '10.

[5]  Barbara Carminati,et al.  Rule-Based Access Control for Social Networks , 2006, OTM Workshops.

[6]  Paul Wicks,et al.  The power of social networking in medicine , 2009, Nature Biotechnology.

[7]  Anna Cinzia Squicciarini,et al.  An Informed Model of Personal Information Release in Social Networking Sites , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[8]  Anna Cinzia Squicciarini,et al.  WWW 2009 MADRID! Track: Security and Privacy / Session: Web Privacy Collective Privacy Management in Social Networks , 2022 .

[9]  Kun Liu,et al.  Multi-party, Privacy-Preserving Distributed Data Mining Using a Game Theoretic Framework , 2007, PKDD.

[10]  E. H. Clarke Multipart pricing of public goods , 1971 .

[11]  ปิยดา สมบัติวัฒนา Behavioral Game Theory: Experiments in Strategic Interaction , 2013 .

[12]  Gail-Joon Ahn,et al.  Multiparty Access Control for Online Social Networks: Model and Mechanisms , 2013, IEEE Transactions on Knowledge and Data Engineering.

[13]  Dusit Niyato,et al.  Competitive Pricing for Spectrum Sharing in Cognitive Radio Networks: Dynamic Game, Inefficiency of Nash Equilibrium, and Collusion , 2008, IEEE Journal on Selected Areas in Communications.

[14]  Steven M. Bellovin,et al.  The Failure of Online Social Network Privacy Settings , 2011 .

[15]  David M. Nicol,et al.  unFriendly: Multi-party Privacy Risks in Social Networks , 2010, Privacy Enhancing Technologies.

[16]  Justine Becker Measuring privacy risk in online social networks , 2009 .

[17]  Sebastian Ryszard Kruk,et al.  D-FOAF: Distributed Identity Management with Access Rights Delegation , 2006, ASWC.

[18]  Evimaria Terzi,et al.  A Framework for Computing the Privacy Scores of Users in Online Social Networks , 2009, ICDM.

[19]  Gail-Joon Ahn,et al.  Multiparty Authorization Framework for Data Sharing in Online Social Networks , 2011, DBSec.

[20]  Gail-Joon Ahn,et al.  Detecting and resolving privacy conflicts for collaborative data sharing in online social networks , 2011, ACSAC '11.

[21]  Philip W. L. Fong,et al.  A Privacy Preservation Model for Facebook-Style Social Network Systems , 2009, ESORICS.

[22]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[23]  Barbara Carminati,et al.  Enforcing access control in Web-based social networks , 2009, TSEC.

[24]  K. J. Ray Liu,et al.  A scalable collusion-resistant multi-winner cognitive spectrum auction game , 2009, IEEE Transactions on Communications.

[25]  Anna Cinzia Squicciarini,et al.  Towards a Game Theoretical Model for Identity Validation in Social Network Sites , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[26]  David C. Parkes,et al.  On non-cooperative location privacy: a game-theoretic analysis , 2009, CCS.

[27]  Tansu Alpcan,et al.  Network Security , 2010 .

[28]  Airi Lampinen,et al.  We're in it together: interpersonal management of disclosure in social network services , 2011, CHI.

[29]  Heather Richter Lipford,et al.  Moving beyond untagging: photo privacy in a tagged world , 2010, CHI.

[30]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.