Abstract
With social networks (SNs) allowing their users to host large amounts of personal data on their platforms, privacy protection mechanisms are becoming increasingly important. The current privacy protection mechanisms offered by SNs mostly enforce access control policies based on users’ privacy settings. The task of setting privacy preferences may be tedious and confusing for the average user, who has hundreds of connections (e.g., acquaintances, colleagues, friends, etc.) and maintains an extensive profile on his main SN. Hence, users often end up with policies that do not sufficiently protect their personal information, thus facilitating potential privacy breaches and information misuse. In this paper, we propose PriMa (Privacy Manager), a privacy protection mechanism that supports semiautomated generation of access rules for users’ profile information, filling the gap between the privacy management needs of SN users and the existing SNs’ privacy protection mechanisms. PriMa access rules are generated using a multicriteria algorithm, so as to account for an extensive set of criteria to be considered when dealing with access control in SN sites. The resulting rules are simple yet powerful specifications, indicating the adequate level of protection for each user, and are dynamically adapted to the ever-changing requirements of the users’ preferences and SN configuration. We have implemented PriMa on a Drupal platform and as a third-party Facebook application. We have evaluated the performance of the PriMa application with respect to access rule generation.
Similar content being viewed by others
Notes
For simplicity, we do not consider images among the trait’s types. Treating images requires different technologies than those for textual data, which are beyond the scope of this work.
Although our current prototype only supports an English ontology, it is possible to apply language-specific ontologies based on the location of the user, for correct semantic analysis.
We associate a time stamp to the last updates of trait values and of users’ privacy preferences.
References
Orkut. http://www.orkut.com. Accessed 05 June 2009
Acquisti A (2004) Privacy in electronic commerce and the economics of immediate gratification. In: Press A (ed) Proceedings of the 5th ACM electronic commerce conference, pp 21–29. ACM, New York
Acquisti A, Grossklags J (2005) Privacy and rationality in decision making. IEEE Secur Priv (January/February) 26–33
Adu-Oppong F, Gardiner CK, Kapadia A, Tsang PP (2008) Social circles: tackling privacy in social networks In: Symposium on usable privacy and security (SOUPS)
Akcora C, Carminati B, Ferrari E (2012) Privacy in social networks: how risky is your social graph? In: 2012 IEEE 28th international conference on data engineering, IEEE, pp 9–19
Backstrom L, Dwork C, Kleinberg J (2007) Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. In: Proceedings of the 16th international conference on World Wide Web, WWW ’07, ACM, New York, pp 181–190
Bonneau J, Anderson J, Anderson R, Stajano F (2009) Eight friends are enough: social graph approximation via public listings. In: Proceedings of the second ACM EuroSys workshop on social network systems. SNS ’09, ACM, New York, pp 13–18
Bonneau J, Anderson J, Church L (2009) Privacy suites: shared privacy for social networks. In: Symposium on usable privacy and security
Bonneau J, Anderson J, Danezis G (2009) Prying data out of a social network. In: ASONAM: international conference on advances in social network analysis and mining, pp 249–254
Carminati B, Ferrari E (2008) Privacy-aware collaborative access control in web-based social networks. In: DBSec, pp 81–96
Carminati B, Ferrari E, Perego A (2007) Private relationships in social networks. In: ICDE workshops, pp 163–171
Carminati B, Ferrari E, Perego A (2009) Enforcing access control in web-based social networks. ACM Trans Inf Syst Secur 13(1):191–233
Facebook http://www.facebook.com. Accessed 05 June 2009
Facebook Statistics. http://www.facebook.com/press/info.php(?)factsheet(#)!/press/info.php(?)statistic. Accessed 10 Aug 2011
Fang L, LeFevre K (2010) Privacy wizards for social networking sites. In: 19th international conference on World Wide Web, WWW ’10, ACM, New York, pp 351–360
Fellbaum C (ed) (1998) WordNet an electronic lexical database. MIT, Cambridge
Fong PW (2011) Preventing sybil attacks by privilege attenuation: a design principle for social network systems. In: Security and privacy (SP), 2011 IEEE symposium on, pp 263–278
Fong PW (2011) Relationship-based access control: protection model and policy language. In: Proceedings of the first ACM conference on data and application security and privacy, CODASPY ’11, ACM, New York, pp 191–202
Golbeck J (2007) The dynamics of web-based social networks: membership, relationships, and change. First Monday 12(11):1–15
Golbeck JA (2005) Computing and applying trust in web-based social networks. PhD thesis, College Park, MD, USA, Chair-Hendler, James
Gross R, Acquisti A (2005) Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM workshop on privacy in the electronic society, WPES ’05, ACM, New York, pp 71–80
Gruber TR (1995) Toward principles for the design of ontologies used for knowledge sharing. Int J Human-Comput Stud 43:907–928
Hart M, Johnson R, Stent A (2007) More content—less control: access control in the web 2.0. In: IEEE Web 2.0 privacy and security workshop
Hay M, Miklau G, Jensen D, Towsley D, Weis P (2008) Resisting structural re-identification in anonymized social networks. Proc. VLDB Endow 1:102–114
Kollu KK, Saroiu S, Wolman A (2009) A social networking-based access control scheme for personal content. In: 21st ACM symposium on operating systems principles
Krishnamurthy B, Wills CE (2008) Characterizing privacy in online social networks. In: Proceedings of the first workshop on online social networks, WOSN ’08, ACM, New York, pp 37–42
Kruk SR, Gzella A, Grzonkowski S (2006) D-FOAF: distributed identity management based on social networks. In: 3rd European semantic web conference (ESWC 2006)—demos and posters
Lindamood J, Heatherly R, Kantarcioglu M, Thuraisingham B (2009) Inferring private information using social network data. In: 18th international World Wide Web conference (WWW2009)
Liu Y, Gummadi KP, Krishnamurthy B, Mislove A (2011) Analyzing facebook privacy settings: user expectations vs. reality. In: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, IMC’11, ACM, New York, pp 61–70
Mannan M, van Oorschot PC (2008) Privacy-enhanced sharing of personal content on the web. In: WWW ’08: proceeding of the 17th international conference on World Wide Web, ACM, New York, pp 487–496
Narayanan A, Shmatikov V (2009) De-anonymizing social networks. In: IEEE symposium on security and privacy
Newman MEJ (2008) The new palgrave encyclopedia of economics. In: Blume LE, Durlauf SN (eds) The mathematics of networks, 2nd edn. Palgrave Macmillan, Basingstoke
Platform TD http://www.drupal.org. Accessed 11 Dec 2011
Resnick P, Zeckhauser R, Swanson J, Lockwood K (2006) The value of reputation on eBay: a controlled experiment 9(2):79–101
Robertson SE, van Rijsbergen CJ, Porter MF (1981) Probabilistic models of indexing and searching. In: Proceedings of the 3rd annual ACM conference on research and development in information retrieval, SIGIR ’80, Butterworth & Co., Kent, pp 35–56
Sambra AV, Laurent M (2012) Context-aware decentralized approach for web services. In: SERVICES. IEEE, pp 73–79
Shehab M, Cheek GP, Touati H, Squicciarini AC, Cheng P-C (2010) Learning based access control in online social networks. In: WWW, pp 1179–1180
Strater K, Lipford H (2008) Strategies and struggles with privacy in an online social networking community. In: British computer society conference on human-computer interaction
Zheleva E, Getoor L (2009) To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In: Proceedings of the 18th international conference on World Wide Web, WWW ’09, ACM, New York, pp 531–540
Ziegler C-N, Golbeck J (2007) Investigating interactions of trust and interest similarity. Decis Support Syst 43(2):460–475
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Squicciarini, A.C., Paci, F. & Sundareswaran, S. PriMa: a comprehensive approach to privacy protection in social network sites. Ann. Telecommun. 69, 21–36 (2014). https://doi.org/10.1007/s12243-013-0371-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-013-0371-x