security privacy model for social computing l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security/Privacy Model for Social Computing PowerPoint Presentation
Download Presentation
Security/Privacy Model for Social Computing

Loading in 2 Seconds...

play fullscreen
1 / 22

Security/Privacy Model for Social Computing - PowerPoint PPT Presentation


  • 304 Views
  • Uploaded on

Security/Privacy Model for Social Computing . By Chi Ben Department of Computer and Information Sciences, Florida A&M University 1333 Wahnish Way 308-A Banneker Technical Bldg. Tallahassee, Florida 32307. Table of Contents. Definition of social networking sites Potential threats

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security/Privacy Model for Social Computing' - elina


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security privacy model for social computing

Security/Privacy Model for Social Computing

By Chi Ben

Department of Computer and Information Sciences,

Florida A&M University

1333 Wahnish Way

308-A Banneker Technical Bldg.

Tallahassee, Florida 32307

table of contents
Table of Contents
  • Definition of social networking sites
  • Potential threats
  • Real life examples
  • Related work
  • A proposed model
social network
Social Network
  • Nodes
    • Individuals or organizations1
  • Ties
    • Connections
      • Friendship, kinship, financial exchange, knowledge or prestige1
social networking sites services sns
Social Networking Sites/Services (SNS)
  • Definition:

Online communities

formed for people who

share common

interests/activities.

  • Well-known services:

Table 1: a list of most popular SNS

social network sites services sns continued
Social Network Sites/Services (SNS)continued
  • Mimicking in-person interactions
  • Storing large amount of personal information
    • Violating the principle of least privilege5
    • Users inclined to reveal private info/activities to someone they know2
  • Bringing security issues
security issues from sns
Security issues from SNS
  • Accidental data release
  • Intentional use of private data for marketing purposes
  • Identity theft
  • Worms and Adwares
  • Phishing attacks
  • And many more
a recent famous case
A recent famous case:
  • M16 chief’s wife blows his cover on Facebook3
  • Details on where they liveand work, their friends’ identities3

Sir John Sawer on the beach

in one of the family photos

another case
Another case
  • US Marines Ban Twitter, MySpace, Facebook. Effective immediately. (As of Aug 03, 2009 )
  • Will last a year.
  • A waiver is possible.
facebook s new features
Facebook’s new features

Facebook: change in geography networks and new privacy features.

work that is being done
Work that is being done
  • Matthew M. Lucas, and et al, designed a Facebook application, flyByNight.4
  • Encrypts private information, separates sensitive data from Facebook servers and public access.
  • Users must install a javascript client.
  • The vulnerability of the flyByNight server is unknown.
work that is being done cont d
Work that is being done, cont’d
  • Andrew Besmer, and et al, designed a user-to-application policy, in addition to existing user-to-user policy and default application policy. Which effectively limits the applications’ access to users private information.6
  • Complex, time-consuming settings for applications may impel users to skip applying proper policies.
a user server agent model
A User-Server-Agent Model

View Audition Log

USER

SERVER

Report Suspicious Activities

Report Investigation

Investigation

INDEPENDENTINVESTIGATOR

(AGENT)

a user server agent model14
A User-Server-Agent Model

Audits all

access

information

  • Server audits users’ activities
    • Log in time, duration, IP addresses, access information
  • Users can view activities related to their own accounts
  • Agents can view all activitiesof specified accounts

SERVER

Provides

log upon

request

a user server agent model15
A User-Server-Agent Model

What a user sees

What an agent sees

Kevin’s visit

Kevin visits Sara

Bella’s visit

Kevin visits Mike

Sara’s visit

Kevin visits Dave

Mike’s visit

Kevin visits Alice

Dave’s visit

.

.

.

.

.

.

USER

INDEPENDENTINVESTIGATOR

(AGENT)

a user server agent model16
A User-Server-Agent Model

Accepts

Investigation

Requests

Step I

Provides

Results to

User

Step III

Step II

INDEPENDENT

INVESTGATOR (AGENT)

Analyze

Information

On server

a user server agent model17
A User-Server-Agent Model
  • Agent receives decrypted request from user
    • Alice sends request for concern about Kevin’s activities
    • Agent will see “03tn90a” and “01ad53h” in stead of “Alice” and “Kevin”, in the request
  • Agent connects to server, asks for information on account 01ad53h
  • After decryption server recognizes account name is Kevin
a user server agent model18
A User-Server-Agent Model
  • What action can an agent perform?
    • Use combined policies to detect unusual activities: IP address, multiple profiles access in a short term, inactive socializing activities.
  • How can an agent help a user?
    • Simplest: suggest revoking “friend” label of malicious users
    • Suggest server take action on malicious accounts
    • Report to authorities when necessary
conclusion
Conclusion
  • Increasing use of SNS
  • Security/privacy is a big issue
  • User-Server-Agent model
future work
Future work
  • Investigate/watch privacy frequently
  • Other functions will be added
references
References
  • 1 http://en.wikipedia.org/wiki/Social_network
  • 2 Gross, Ralph, Alessandro Acquisti, and H. John Heinz III. (2005). Information Revelation and Privacy in Online SocialNetworks. Proceedings of the 2005 ACM Workshop onPrivacy in the Electronic Society, p. 71-80.
  • 3 http://www.timesonline.co.uk/tol/news/uk/article6639521.ece
  • 4 Matthew M. Lucas, Nikita Borisov. (2008). FlyByNight: mitigating the privacy risks of social networking. WPES '08.
  • 5 Saltzer J., Schroeder M., (1975). The Protection of Information inComputer Systems. Proceedings of the IEEE 63(9), 1278–1308.
  • 6 Andrew Besmer, Heather Richter Lipford, Mohamed Shehab, Gorrell Cheek. (2009). Social applications: exploring a more secure framework. SOUPS '09.
  • 7 Doug Gross, CNN. Facebook to lose geography networks, add privacy features. http://www.cnn.com/2009/TECH/12/02/facebook.networks.changes/index.html