Access control for online social networks third party applications
Introduction
The recent growth of social network sites such as Facebook, Twitter and MySpace has created many interesting and challenging security and privacy problems. In social networks, users manage their profile, interact with other users, and self-organize into different communities. Users profiles usually include information such as the user's name, birthdate, address, contact information, emails, education, interests, photos, music, videos, blogs and many other attributes. Controlling access to the information posted on user profile is a challenging task as it requires average Internet users to act as system administrators to specify and configure access control policies for their profiles. To control interactions between users, the user's world is divided into a trusted and a non-trusted set of users, typically referred to as friends and strangers respectively. Furthermore, some social networks allow users to further partition the set of friends by geographical location, social group, organization, or by how well they know them. Users are provided with group based access control mechanisms (Facebook Inc, 2011) that apply access rules on the different groups of friends and strangers. Facebook, one of the most popular social sites, enables users to create friend lists and to compose profile policies based on these friend lists (Facebook Inc, 2010). In addition to the challenges involved with enabling fine grain access control for user profiles (Damiani et al., 2002) to control which data attributes viewable by other users, a yet unexplored problem is related to users' profile access from entities different from other social network users.
With the development of Web 2.0 technologies (O'Reilly, 2005), online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications (or APIs). For example, Facebook allows anyone to create software plug-ins that can be added to user profiles to provide services based on profile data. Although these open platforms enable such advanced features, they also pose serious privacy risks (Tootoonchian et al., 2008; Gates, 2007; Hart et al., 2007). Users' profiles in fact have a great commercial value to marketing companies, competing networking sites, and identity thieves.
Social networks platforms have focused on user-to-user fine grain access control, for example, the Facebook Privacy Policy allows users to specify fine grain policies controlling which profile attributes can be accessed by their friends and friends of friends (Facebook Inc, 2009). When installing social network applications users have to grant the applications all the requested permissions in order to successfully complete the installation process (Facebook Inc, 2010; Myspace Inc, 2009). For example, Fig. 1(a) and (b), show the application permission request displayed by the Google+ and Facebook platforms respectively when the user attempts to install an application. Basically, the adopted application access control model is an all-or-nothing policy, where the application should be granted all the requested permissions in order to install it successfully. In addition, API developers have access to users' data regardless of the actual applications' needs, leading to potentially serious privacy breaches (Irvine, 2008; CNET Blog, 2008; Washington Chronicle, 2008). Such privacy threat is often hidden or not clear to social network users, who are often not aware of the amount of data that is actually being disclosed, since they do not really distinguish between social network users and developers outside the social network boundaries. In November 2011, Facebook's privacy practices were the subject of complaints filed with the Federal Trade Commission (FTC) (2011). The complaints were related to the Facebook's privacy practices that deceived customers and failed to keep privacy promises. One of the main complaints was related to Facebook's claim that third-party applications that users' installed would have access only to user information that they needed to operate, where in fact, the apps could access nearly all of users' personal data. In addition, Facebook claimed that it certified the security of apps participating in its “Verified Apps” program, where in fact they did not.
We believe, in order to promote healthy development of social network environments and to protect individuals' privacy rights, users should be able to take advantage of the available applications while still having a stronger control on their data. The problem is not trivial, in that it requires designing new access control models for APIs in social networks, as well as extending social network applications. Applications should be designed and customized with the users' profile preferences, and users should have the ability to specify the data that they are willing to reveal. Additionally, users should be able to use data privacy mechanisms such as generalization to enjoy the services provided through APIs without having to disclose identifying or private information.
In this paper we address this issue by deploying an access control mechanism for applications in social networks. Our goal is to provide a privacy-enabled solution that is in line with social network ethics of openness, and does not hinder users' opportunities of adding useful and entertaining applications to their profiles. Our access control mechanism is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. Enabling such a mechanism requires applications to be developed to accommodate different user preferences. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. The user is faced with the challenge of specifying the minimum set of attributes and their minimum generalization levels required to acquire specific services provided by the application. In order to address this problem we proposed the weighted application transition system and formulated the Minimal Attribute Generalization Problem. Furthermore, we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services. We assess our solution by implementing a proof-of-concept prototype using the Drupal platform, which is an open source platform for the development of online communities and social networks. Additionally, we conduct extensive user studies using the Facebook social network. We simulate our selective installation process for different applications currently provided by Facebook and assess the users' perceived benefits and ease of use. The response is encouraging and positive, in that respondents acknowledge the need for solutions of this kind to better protect their privacy and security. They also believed that our approach is appropriate to gain control of the data disclosed at the application's end.
The rest of the paper is organized as follows. In Section 2, we describe the related work. In Section 3, we provide background information related to Social Network APIs. In Section 4, we introduce our developer APIs access control framework. In Section 5, we discuss how to provide customized applications. Section 6 presents our implementation and experimental results. The conclusion and future work are discussed in Section 7.
Section snippets
Related work
Security and privacy in social networks is currently a well-studied research topic (IEEE. W2SP, 2008; Masoumzadeh and Joshi, 2011; Acquisti and Gross, 2006; Hogben, 2007; Golbeck and Hendler, 2006; Fong, 2011; Carminati et al., 2006, 2009). Several studies conducted in the past few years have identified the need for solutions to address the problem of information leakage in social networks. These solutions are envisioned to be based on interpersonal relationships and very flexible social
Background on social network APIs
With the emergence of new web technologies, and with the establishment of the Web 2.0, a large number of web sites are exposing their services by providing web programming interfaces (APIs). For example, Google Web API (Code, 2009) provides a programming interface to query web pages through Google from user developed applications. Several social network web sites have released APIs that allow developers to leverage and aggregate information stored in user profiles and provide extended social
Developer APIs access control framework
Applications require permission to access user's profile data to provide a service customized to the user's profile data. In this section we present our approach to enable fine grain access control (Damiani et al., 2002; Rizvi et al., 2004) for third party applications, to limit applications' access only to relevant user's profile data. We first provide some preliminary definitions related to applications and API set, and then we discuss our proposed fine grain access control framework for API
Customized application service provisioning
The user sheet provides a mechanism for users to specify generalization preferences on the profile attributes to restrict the data accessible to the application. On the other hand, by enabling attribute generalizations the application is faced with the problem of missing data, and might not ensure the provisioning of the request service based on the provided data generalizations. To address this issue we propose that during the application registration phase the application developer is
Implementation and experimental results
Our approach to assess the proposed solution is two-fold. First, we investigate the architectural changes that our approach would entail on an existing social network. To this extent, we develop a proof-of-concept implementation using an existing open source framework for social network sites. Second, we show the feasibility of our proposed approach by conducting user studies on a widely-used social network platform.
Conclusions
In this paper we have presented an access control framework for social networks developer applications that enables users to specify profile attribute preferences and requires applications to be designed so to be customized based on users' profile preferences. Our framework provided a privacy-enabled solution that is in line with social network ethics of openness, and does not hinder users' opportunities of adding useful and entertaining applications to their profiles. We modeled the
Mohamed Shehab is an assistant professor in the Department of Software and Information Systems, College of Computing and Informatics, University of North Carolina at Charlotte. He is the director of the Lab of Information Integration Security and Privacy. His research interests lie in network and information security, especially in the design and implementation of distributed access-control protocols to cope with the requirements of emerging distributed social networks, mobile applications, web
References (42)
- Acquisti Alessandro, Gross Ralph. Imagined communities: awareness, information sharing, and privacy on the facebook....
- Baden Randolph, Bender Adam, Spring Neil, Bhattacharjee Bobby, Starin Daniel. Persona: an online social network with...
- et al.
Social applications: exploring a more secure framework
Exclusive: the next Facebook privacy scandal
(2008)- Carminati Barbara, Ferrari Elena, Perego Andrea. Rule-based access control for social networks. In: OTM Workshops (2),...
- et al.
Enforcing access control in web-based social networks
ACM Transactions on Information and System Security (TISSEC)
(2009) Drupal platform
(August 2009)- et al.
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security
(2002) Facebook's privacy policy
(Dec 2010)Facebook asks more than 350 million users around the world to personalize their privacy
(December 2009)
Facebook settles ftc charges that it deceived consumers by failing to keep privacy promises
Relationship-based access control: protection model and policy language
Inferring binary trust relationships in web-based social networks
ACM Transactions on Internet Technology
Google's developer network
Google+ privacy policy
Cited by (0)
Mohamed Shehab is an assistant professor in the Department of Software and Information Systems, College of Computing and Informatics, University of North Carolina at Charlotte. He is the director of the Lab of Information Integration Security and Privacy. His research interests lie in network and information security, especially in the design and implementation of distributed access-control protocols to cope with the requirements of emerging distributed social networks, mobile applications, web services, and peer-to-peer environments. Shehab received a PhD in computer engineering from Purdue University. He is a member of the IEEE Computer Society and the ACM. Contact him at [email protected].
Anna Cinzia Squicciarini (M'08) received the Ph.D. degree in computer science from the University of Milan, Milan, Italy, in February 2006. She is currently an Assistant Professor in the College of Information of Information Science and Technology, Pennsylvania State University, University Park, PA. During 2006–2007, she was a Postdoctoral Research Associate at Purdue University, West Lafayette, IN. She is the author or coauthor of more than 40 in refereed journals, and in proceedings of international conferences and symposia. Her research interests include access control for distributed systems, privacy, security for Web 2.0 technologies, and grid computing.
Gail-Joon Ahn, Ph.D, CISSP is an Associate Professor of Computer Science and Engineering Program in the School of Computing, Informatics and Decision Systems Engineering at Arizona State University and Director of Laboratory of Security Engineering for Future Computing (SEFCOM). His research foci include access control, secure information sharing, vulnerability and risk management, identity and privacy management, security-enhanced computing platforms, security architecture for networked distributed systems, and modeling for computer security. He is a recipient of Department of Energy Early Career Principal Investigator. He earned his MS and PhD degrees from George Mason University, Fairfax, Virginia in 1996 and 2000, respectively.
Irini Kokkinou is a Professor of Liberal Arts at the Savannah College of Art and Design (SCAD). Professor Kokkinou's research interests lie in the areas of motivation, self-regulation, creativity, work family conflict, and discrimination in employment. She received a Ph.D. in Industrial/Organizational Psychology from Purdue University. She has taught courses in general psychology, industrial/organizational psychology, and statistics at Purdue University, IUPUI, and SCAD. You may contact Professor Kokkinou at [email protected].