Access control for online social networks third party applications

Computers and Security

Volumn 31, Issue 8, 2012, Pages 897-911

  Shehab, Mohamed ^a   Squicciarini, Anna ^b   Ahn, Gail Joon ^c   Kokkinou, Irini ^d  

^a UNIVERSITY OF NORTH CAROLINA AT CHARLOTTE   (United States)

^b PENNSYLVANIA STATE UNIVERSITY   (United States)

^c ARIZONA STATE UNIVERSITY   (United States)

^d INDIANA UNIVERSITY   (United States)

Author keywords

Access control; Applications; Attribute generalization; Finite state machine; Social networks

Indexed keywords

APPLICATION EXECUTION; APPLICATION SERVICES; ATTRIBUTE GENERALIZATION; CONTROL FRAMEWORK; DATA ATTRIBUTES; DEGREE OF SPECIFICITY; MODEL APPLICATION; ONLINE SOCIAL NETWORKS; OPEN INTERFACE; PRIVACY CONCERNS; PROFILE DATA; PROOF OF CONCEPT; SHORTEST PATH PROBLEM; SOCIAL NETWORK SERVICES; SOCIAL NETWORKS; THIRD PARTY APPLICATION (APPS); USER PROFILE; USER STUDY; WEB 2.0;

ACCESS CONTROL; APPLICATIONS; FINITE AUTOMATA; GRAPH THEORY; SOCIAL NETWORKING (ONLINE);

SOCIAL SCIENCES COMPUTING;

EID: 84870302029     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2012.07.008     Document Type: Article

References (42)

1. Acquisti Alessandro, Gross Ralph. Imagined communities: awareness, information sharing, and privacy on the facebook. In: Privacy enhancing technologies, pp. 36-58; 2006.
2. Baden Randolph, Bender Adam, Spring Neil, Bhattacharjee Bobby, Starin Daniel. Persona: an online social network with user-defined privacy. In: SIGCOMM, pp. 135-146; 2009.
3. Andrew Besmer, Heather Richter Lipford, Mohamed Shehab, and Gorrell Cheek Social applications: exploring a more secure framework Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS'09 2009 ACM New York, NY, USA 2:1 2:10
4. CNET Blog Exclusive: the next Facebook privacy scandal 2008 http://news.cnet.com/8301-13739-3-9854409-46.html
5. Carminati Barbara, Ferrari Elena, Perego Andrea. Rule-based access control for social networks. In: OTM Workshops (2), pp. 1734-1744; 2006.
6. Barbara Carminati, Elena Ferrari, and Andrea Perego Enforcing access control in web-based social networks ACM Transactions on Information and System Security (TISSEC) 13 1 2009
7. Dries Buytaert Drupal platform August 2009 http://drupal.org/
8. E. Damiani, S. Vimercati, S. Paraboschi, and P. Samarati A fine-grained access control system for XML documents ACM Transactions on Information and System Security 5 2 2002 169 202
9. Facebook Inc Facebook's privacy policy Dec 2010 https://www.facebook.com/ policy.php
10. Facebook Inc Facebook asks more than 350 million users around the world to personalize their privacy December 2009 http://www.facebook.com/press/ releases.php?p=133917
11. Federal Trade Commission (FTC) Facebook settles ftc charges that it deceived consumers by failing to keep privacy promises Nov 2011 http://www.ftc.gov/opa/2011/11/privacysettlement.shtm
12. Felt Adrienne, Evans David. Privacy protection for social networking platforms. In: Workshop on Web 2.0 Security and Privacy; May 2008.
13. Philip W.L. Fong Relationship-based access control: protection model and policy language Proceedings of the first ACM conference on data and application security and privacy, CODASPY'11 2011 ACM New York, NY, USA 191 202
14. Foster H, Uchitel S, Magee J, Kramer J, Hu M. Using a rigorous approach for engineering web service compositions: a case study. In: 2005 IEEE international conference on services computing, vol. 1, pp. 217-224, July 2005.
15. Foster H, Uchitel S, Magee J, Kramer J. Ltsa-ws: a tool for model-based verification of web service compositions and choreography. In: Proceeding of the 28th international conference on software engineering, pp. 771-774, May 2006.
16. Gates Carrie E. Access control requirements for Web 2.0 security and privacy. In: W2SP 2007: Web 2.0 security & privacy, p. 3, 2007.
17. Geambasu Roxana, Balazinska Magdalena, Gribble Steven D, Levy Henry M. Homeviews: peer-to-peer middleware for personal data sharing applications. In: SIGMOD conference, pp. 235-246; 2007.
18. Jennifer Golbeck, and James A. Hendler Inferring binary trust relationships in web-based social networks ACM Transactions on Internet Technology 6 4 2006 497 529
19. Google Code Google's developer network 2009 http://code.google.com/
20. Google Inc. Google+ privacy policy June 2011 http://www.google.com/intl/ en-US/+/policy/
21. Gollu Kiran K, Saroiu Stefan, Wolman Alec. A social networking-based access control scheme for personal content. In: Proc. 21st ACM Symposium on Operating Systems Principles (SOSP'07). Work in progress; 2007.
22. Michael Hart, Rob Johnson, and Amanda Stent More content - less control: access control in the Web 2.0 Web 2.0 Security & Privacy 2003
23. Hart M, Johnson R, Stent A. More content - less control: access control in the Web 2.0. In: W2SP 2007: Web 2.0 security & privacy, p. 3; 2007.
24. Giles Hogben Security issues and recommendations for online social networks ENISA Position Paper N.1 2007
25. IEEE. W2SP 2008 Web 2.0 security and privacy 2008
26. M. Irvine Social networking applications can pose security risks April 2008 Associated Press
27. Liu Kun, Terzi Evimaria. A framework for computing the privacy scores of users in online social networks. In: ICDM 2009, The ninth IEEE international conference on data mining, pp. 288-297; December 2009.
28. Amirreza Masoumzadeh, and James Joshi Ontology-based access control for social network systems International Journal of Information Privacy, Security and Integrity 1 1 2011 59 78
29. MySpace Inc Myspace privacy policy 2009 http://www.myspace.com/index.cfm? fuseaction=misc.privacy
30. T. O'Reilly What is Web 2.0 September 2005 O'Reilly Network pp. 169-202 [Online]
31. OASIS OASIS WSBPEL TC Webpage 2008 http://www.oasis-open.org/committees/ tc-home.php?wg-abbrev=wsbpel
32. Adrienne Porter Felt, Kate Greenwood, and David Wagner The effectiveness of application permissions Proceedings of the 2nd USENIX conference on Web application development, WebApps'11 2011 USENIX Association Berkeley, CA, USA pp. 1-12
33. S. Rizvi, A. Mendelzon, S. Sudarshan, and P. Roy Extending query rewriting techniques for fine-grained access control SIGMOD'04: proceedings of the 2004 ACM SIGMOD international conference on management of data 2004 ACM New York, NY, USA 551 562
34. Salaun G, Bordeaux L, Schaerf M. Describing and reasoning on web services using process algebra. In: Proceedings of the IEEE international conference on web services, pp. 43-51; June 2005.
35. J. Saltzer, and M. Schroeder The protection of information in computer systems Proceedings of the IEEE 63 9 Sept 1975 1278 1308
36. P. Samarati, and L. Sweeney Generalizing data to provide anonymity when disclosing information (abstract) In PODS'98: proceedings of the seventeenth ACM SIGACT-SIGMOD-SIGART symposium on principles of database systems 1998 ACM New York, NY, USA 188
37. Shehab Mohamed, Squicciarini Anna Cinzia, Ahn Gail-Joon. Beyond user-to-user access control for online social networks. In: ICICS, pp. 174-189; 2008.
38. Singh Kapil, Bhola Sumeer, Lee Wenke. xbook: redesigning privacy control in social networking platforms. In: Proceedings of 18th USENIX security symposium, pp. 235-246; August 2009.
39. L. Sweeney k-anonymity: a model for protecting privacy International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10 5 2002 557 570
40. Amin Tootoonchian, Kiran Kumar Gollu, Stefan Saroiu, Yashar Ganjali, and Alec Wolman Lockr: social access control for Web 2.0 WOSP'08: proceedings of the first workshop on online social networks 2008 ACM New York, NY, USA 43 48
41. Marco Vanetti, Elisabetta Binaghi, Barbara Carminati, Moreno Carullo, and Elena Ferrari Content-based filtering in on-line social networks Proceedings of the international ECML/PKDD conference on privacy and security issues in data mining and machine learning, PSDML'10 2011 Springer-Verlag Berlin, Heidelberg 127 140
42. Washington Chronicle Study raises new privacy concerns about Facebook 2008 http://chronicle.com/free/2008/02/1489n.htm