Security privacy model for social computing
Download
1 / 22

Security/Privacy Model for Social Computing - PowerPoint PPT Presentation


  • 293 Views
  • Uploaded on

Security/Privacy Model for Social Computing . By Chi Ben Department of Computer and Information Sciences, Florida A&M University 1333 Wahnish Way 308-A Banneker Technical Bldg. Tallahassee, Florida 32307. Table of Contents. Definition of social networking sites Potential threats

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security/Privacy Model for Social Computing' - elina


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Security privacy model for social computing l.jpg

Security/Privacy Model for Social Computing

By Chi Ben

Department of Computer and Information Sciences,

Florida A&M University

1333 Wahnish Way

308-A Banneker Technical Bldg.

Tallahassee, Florida 32307


Table of contents l.jpg
Table of Contents

  • Definition of social networking sites

  • Potential threats

  • Real life examples

  • Related work

  • A proposed model


Social network l.jpg
Social Network

  • Nodes

    • Individuals or organizations1

  • Ties

    • Connections

      • Friendship, kinship, financial exchange, knowledge or prestige1


Social networking sites services sns l.jpg
Social Networking Sites/Services (SNS)

  • Definition:

    Online communities

    formed for people who

    share common

    interests/activities.

  • Well-known services:

Table 1: a list of most popular SNS



Social network sites services sns continued l.jpg
Social Network Sites/Services (SNS) network continued

  • Mimicking in-person interactions

  • Storing large amount of personal information

    • Violating the principle of least privilege5

    • Users inclined to reveal private info/activities to someone they know2

  • Bringing security issues


Security issues from sns l.jpg
Security issues from SNS network

  • Accidental data release

  • Intentional use of private data for marketing purposes

  • Identity theft

  • Worms and Adwares

  • Phishing attacks

  • And many more


A recent famous case l.jpg
A recent famous case: network

  • M16 chief’s wife blows his cover on Facebook3

  • Details on where they liveand work, their friends’ identities3

Sir John Sawer on the beach

in one of the family photos


Another case l.jpg
Another case network

  • US Marines Ban Twitter, MySpace, Facebook. Effective immediately. (As of Aug 03, 2009 )

  • Will last a year.

  • A waiver is possible.


Facebook s new features l.jpg
Facebook’s new features network

Facebook: change in geography networks and new privacy features.


Work that is being done l.jpg
Work that is being done network

  • Matthew M. Lucas, and et al, designed a Facebook application, flyByNight.4

  • Encrypts private information, separates sensitive data from Facebook servers and public access.

  • Users must install a javascript client.

  • The vulnerability of the flyByNight server is unknown.


Work that is being done cont d l.jpg
Work that is being done, cont’d network

  • Andrew Besmer, and et al, designed a user-to-application policy, in addition to existing user-to-user policy and default application policy. Which effectively limits the applications’ access to users private information.6

  • Complex, time-consuming settings for applications may impel users to skip applying proper policies.


A user server agent model l.jpg
A User-Server-Agent Model network

View Audition Log

USER

SERVER

Report Suspicious Activities

Report Investigation

Investigation

INDEPENDENTINVESTIGATOR

(AGENT)


A user server agent model14 l.jpg
A User-Server-Agent Model network

Audits all

access

information

  • Server audits users’ activities

    • Log in time, duration, IP addresses, access information

  • Users can view activities related to their own accounts

  • Agents can view all activitiesof specified accounts

SERVER

Provides

log upon

request


A user server agent model15 l.jpg
A User-Server-Agent Model network

What a user sees

What an agent sees

Kevin’s visit

Kevin visits Sara

Bella’s visit

Kevin visits Mike

Sara’s visit

Kevin visits Dave

Mike’s visit

Kevin visits Alice

Dave’s visit

.

.

.

.

.

.

USER

INDEPENDENTINVESTIGATOR

(AGENT)


A user server agent model16 l.jpg
A User-Server-Agent Model network

Accepts

Investigation

Requests

Step I

Provides

Results to

User

Step III

Step II

INDEPENDENT

INVESTGATOR (AGENT)

Analyze

Information

On server


A user server agent model17 l.jpg
A User-Server-Agent Model network

  • Agent receives decrypted request from user

    • Alice sends request for concern about Kevin’s activities

    • Agent will see “03tn90a” and “01ad53h” in stead of “Alice” and “Kevin”, in the request

  • Agent connects to server, asks for information on account 01ad53h

  • After decryption server recognizes account name is Kevin


A user server agent model18 l.jpg
A User-Server-Agent Model network

  • What action can an agent perform?

    • Use combined policies to detect unusual activities: IP address, multiple profiles access in a short term, inactive socializing activities.

  • How can an agent help a user?

    • Simplest: suggest revoking “friend” label of malicious users

    • Suggest server take action on malicious accounts

    • Report to authorities when necessary


Conclusion l.jpg
Conclusion network

  • Increasing use of SNS

  • Security/privacy is a big issue

  • User-Server-Agent model


Future work l.jpg
Future work network

  • Investigate/watch privacy frequently

  • Other functions will be added


References l.jpg
References network

  • 1 http://en.wikipedia.org/wiki/Social_network

  • 2 Gross, Ralph, Alessandro Acquisti, and H. John Heinz III. (2005). Information Revelation and Privacy in Online SocialNetworks. Proceedings of the 2005 ACM Workshop onPrivacy in the Electronic Society, p. 71-80.

  • 3 http://www.timesonline.co.uk/tol/news/uk/article6639521.ece

  • 4 Matthew M. Lucas, Nikita Borisov. (2008). FlyByNight: mitigating the privacy risks of social networking. WPES '08.

  • 5 Saltzer J., Schroeder M., (1975). The Protection of Information inComputer Systems. Proceedings of the IEEE 63(9), 1278–1308.

  • 6 Andrew Besmer, Heather Richter Lipford, Mohamed Shehab, Gorrell Cheek. (2009). Social applications: exploring a more secure framework. SOUPS '09.

  • 7 Doug Gross, CNN. Facebook to lose geography networks, add privacy features. http://www.cnn.com/2009/TECH/12/02/facebook.networks.changes/index.html


Thank you l.jpg
Thank you! network


ad