1 / 22

Security/Privacy Model for Social Computing

Security/Privacy Model for Social Computing . By Chi Ben Department of Computer and Information Sciences, Florida A&M University 1333 Wahnish Way 308-A Banneker Technical Bldg. Tallahassee, Florida 32307. Table of Contents. Definition of social networking sites Potential threats

elina
Download Presentation

Security/Privacy Model for Social Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security/Privacy Model for Social Computing By Chi Ben Department of Computer and Information Sciences, Florida A&M University 1333 Wahnish Way 308-A Banneker Technical Bldg. Tallahassee, Florida 32307

  2. Table of Contents • Definition of social networking sites • Potential threats • Real life examples • Related work • A proposed model

  3. Social Network • Nodes • Individuals or organizations1 • Ties • Connections • Friendship, kinship, financial exchange, knowledge or prestige1

  4. Social Networking Sites/Services (SNS) • Definition: Online communities formed for people who share common interests/activities. • Well-known services: Table 1: a list of most popular SNS

  5. Fig. 1 Fast growing number of patent applications in social network

  6. Social Network Sites/Services (SNS)continued • Mimicking in-person interactions • Storing large amount of personal information • Violating the principle of least privilege5 • Users inclined to reveal private info/activities to someone they know2 • Bringing security issues

  7. Security issues from SNS • Accidental data release • Intentional use of private data for marketing purposes • Identity theft • Worms and Adwares • Phishing attacks • And many more

  8. A recent famous case: • M16 chief’s wife blows his cover on Facebook3 • Details on where they liveand work, their friends’ identities3 Sir John Sawer on the beach in one of the family photos

  9. Another case • US Marines Ban Twitter, MySpace, Facebook. Effective immediately. (As of Aug 03, 2009 ) • Will last a year. • A waiver is possible.

  10. Facebook’s new features Facebook: change in geography networks and new privacy features.

  11. Work that is being done • Matthew M. Lucas, and et al, designed a Facebook application, flyByNight.4 • Encrypts private information, separates sensitive data from Facebook servers and public access. • Users must install a javascript client. • The vulnerability of the flyByNight server is unknown.

  12. Work that is being done, cont’d • Andrew Besmer, and et al, designed a user-to-application policy, in addition to existing user-to-user policy and default application policy. Which effectively limits the applications’ access to users private information.6 • Complex, time-consuming settings for applications may impel users to skip applying proper policies.

  13. A User-Server-Agent Model View Audition Log USER SERVER Report Suspicious Activities Report Investigation Investigation INDEPENDENTINVESTIGATOR (AGENT)

  14. A User-Server-Agent Model Audits all access information • Server audits users’ activities • Log in time, duration, IP addresses, access information • Users can view activities related to their own accounts • Agents can view all activitiesof specified accounts SERVER Provides log upon request

  15. A User-Server-Agent Model What a user sees What an agent sees Kevin’s visit Kevin visits Sara Bella’s visit Kevin visits Mike Sara’s visit Kevin visits Dave Mike’s visit Kevin visits Alice Dave’s visit . . . . . . USER INDEPENDENTINVESTIGATOR (AGENT)

  16. A User-Server-Agent Model Accepts Investigation Requests Step I Provides Results to User Step III Step II INDEPENDENT INVESTGATOR (AGENT) Analyze Information On server

  17. A User-Server-Agent Model • Agent receives decrypted request from user • Alice sends request for concern about Kevin’s activities • Agent will see “03tn90a” and “01ad53h” in stead of “Alice” and “Kevin”, in the request • Agent connects to server, asks for information on account 01ad53h • After decryption server recognizes account name is Kevin

  18. A User-Server-Agent Model • What action can an agent perform? • Use combined policies to detect unusual activities: IP address, multiple profiles access in a short term, inactive socializing activities. • How can an agent help a user? • Simplest: suggest revoking “friend” label of malicious users • Suggest server take action on malicious accounts • Report to authorities when necessary

  19. Conclusion • Increasing use of SNS • Security/privacy is a big issue • User-Server-Agent model

  20. Future work • Investigate/watch privacy frequently • Other functions will be added

  21. References • 1 http://en.wikipedia.org/wiki/Social_network • 2 Gross, Ralph, Alessandro Acquisti, and H. John Heinz III. (2005). Information Revelation and Privacy in Online SocialNetworks. Proceedings of the 2005 ACM Workshop onPrivacy in the Electronic Society, p. 71-80. • 3 http://www.timesonline.co.uk/tol/news/uk/article6639521.ece • 4 Matthew M. Lucas, Nikita Borisov. (2008). FlyByNight: mitigating the privacy risks of social networking. WPES '08. • 5 Saltzer J., Schroeder M., (1975). The Protection of Information inComputer Systems. Proceedings of the IEEE 63(9), 1278–1308. • 6 Andrew Besmer, Heather Richter Lipford, Mohamed Shehab, Gorrell Cheek. (2009). Social applications: exploring a more secure framework. SOUPS '09. • 7 Doug Gross, CNN. Facebook to lose geography networks, add privacy features. http://www.cnn.com/2009/TECH/12/02/facebook.networks.changes/index.html

  22. Thank you!

More Related