Skip to main content
Log in

PriMa: a comprehensive approach to privacy protection in social network sites

  • Published:
annals of telecommunications - annales des télécommunications Aims and scope Submit manuscript

Abstract

With social networks (SNs) allowing their users to host large amounts of personal data on their platforms, privacy protection mechanisms are becoming increasingly important. The current privacy protection mechanisms offered by SNs mostly enforce access control policies based on users’ privacy settings. The task of setting privacy preferences may be tedious and confusing for the average user, who has hundreds of connections (e.g., acquaintances, colleagues, friends, etc.) and maintains an extensive profile on his main SN. Hence, users often end up with policies that do not sufficiently protect their personal information, thus facilitating potential privacy breaches and information misuse. In this paper, we propose PriMa (Privacy Manager), a privacy protection mechanism that supports semiautomated generation of access rules for users’ profile information, filling the gap between the privacy management needs of SN users and the existing SNs’ privacy protection mechanisms. PriMa access rules are generated using a multicriteria algorithm, so as to account for an extensive set of criteria to be considered when dealing with access control in SN sites. The resulting rules are simple yet powerful specifications, indicating the adequate level of protection for each user, and are dynamically adapted to the ever-changing requirements of the users’ preferences and SN configuration. We have implemented PriMa on a Drupal platform and as a third-party Facebook application. We have evaluated the performance of the PriMa application with respect to access rule generation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. For simplicity, we do not consider images among the trait’s types. Treating images requires different technologies than those for textual data, which are beyond the scope of this work.

  2. http://www.w3.org/TR/owl2-overview/

  3. Although our current prototype only supports an English ontology, it is possible to apply language-specific ontologies based on the location of the user, for correct semantic analysis.

  4. We associate a time stamp to the last updates of trait values and of users’ privacy preferences.

References

  1. Orkut. http://www.orkut.com. Accessed 05 June 2009

  2. Acquisti A (2004) Privacy in electronic commerce and the economics of immediate gratification. In: Press A (ed) Proceedings of the 5th ACM electronic commerce conference, pp 21–29. ACM, New York

    Google Scholar 

  3. Acquisti A, Grossklags J (2005) Privacy and rationality in decision making. IEEE Secur Priv (January/February) 26–33

  4. Adu-Oppong F, Gardiner CK, Kapadia A, Tsang PP (2008) Social circles: tackling privacy in social networks In: Symposium on usable privacy and security (SOUPS)

  5. Akcora C, Carminati B, Ferrari E (2012) Privacy in social networks: how risky is your social graph? In: 2012 IEEE 28th international conference on data engineering, IEEE, pp 9–19

  6. Backstrom L, Dwork C, Kleinberg J (2007) Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. In: Proceedings of the 16th international conference on World Wide Web, WWW ’07, ACM, New York, pp 181–190

  7. Bonneau J, Anderson J, Anderson R, Stajano F (2009) Eight friends are enough: social graph approximation via public listings. In: Proceedings of the second ACM EuroSys workshop on social network systems. SNS ’09, ACM, New York, pp 13–18

  8. Bonneau J, Anderson J, Church L (2009) Privacy suites: shared privacy for social networks. In: Symposium on usable privacy and security

  9. Bonneau J, Anderson J, Danezis G (2009) Prying data out of a social network. In: ASONAM: international conference on advances in social network analysis and mining, pp 249–254

  10. Carminati B, Ferrari E (2008) Privacy-aware collaborative access control in web-based social networks. In: DBSec, pp 81–96

  11. Carminati B, Ferrari E, Perego A (2007) Private relationships in social networks. In: ICDE workshops, pp 163–171

  12. Carminati B, Ferrari E, Perego A (2009) Enforcing access control in web-based social networks. ACM Trans Inf Syst Secur 13(1):191–233

    Article  Google Scholar 

  13. Facebook http://www.facebook.com. Accessed 05 June 2009

  14. Facebook Statistics. http://www.facebook.com/press/info.php(?)factsheet(#)!/press/info.php(?)statistic. Accessed 10 Aug 2011

  15. Fang L, LeFevre K (2010) Privacy wizards for social networking sites. In: 19th international conference on World Wide Web, WWW ’10, ACM, New York, pp 351–360

  16. Fellbaum C (ed) (1998) WordNet an electronic lexical database. MIT, Cambridge

    MATH  Google Scholar 

  17. Fong PW (2011) Preventing sybil attacks by privilege attenuation: a design principle for social network systems. In: Security and privacy (SP), 2011 IEEE symposium on, pp 263–278

  18. Fong PW (2011) Relationship-based access control: protection model and policy language. In: Proceedings of the first ACM conference on data and application security and privacy, CODASPY ’11, ACM, New York, pp 191–202

  19. Golbeck J (2007) The dynamics of web-based social networks: membership, relationships, and change. First Monday 12(11):1–15

    Article  Google Scholar 

  20. Golbeck JA (2005) Computing and applying trust in web-based social networks. PhD thesis, College Park, MD, USA, Chair-Hendler, James

  21. Gross R, Acquisti A (2005) Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM workshop on privacy in the electronic society, WPES ’05, ACM, New York, pp 71–80

  22. Gruber TR (1995) Toward principles for the design of ontologies used for knowledge sharing. Int J Human-Comput Stud 43:907–928

    Article  Google Scholar 

  23. Hart M, Johnson R, Stent A (2007) More content—less control: access control in the web 2.0. In: IEEE Web 2.0 privacy and security workshop

  24. Hay M, Miklau G, Jensen D, Towsley D, Weis P (2008) Resisting structural re-identification in anonymized social networks. Proc. VLDB Endow 1:102–114

    Google Scholar 

  25. Kollu KK, Saroiu S, Wolman A (2009) A social networking-based access control scheme for personal content. In: 21st ACM symposium on operating systems principles

  26. Krishnamurthy B, Wills CE (2008) Characterizing privacy in online social networks. In: Proceedings of the first workshop on online social networks, WOSN ’08, ACM, New York, pp 37–42

  27. Kruk SR, Gzella A, Grzonkowski S (2006) D-FOAF: distributed identity management based on social networks. In: 3rd European semantic web conference (ESWC 2006)—demos and posters

  28. Lindamood J, Heatherly R, Kantarcioglu M, Thuraisingham B (2009) Inferring private information using social network data. In: 18th international World Wide Web conference (WWW2009)

  29. Liu Y, Gummadi KP, Krishnamurthy B, Mislove A (2011) Analyzing facebook privacy settings: user expectations vs. reality. In: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, IMC’11, ACM, New York, pp 61–70

  30. Mannan M, van Oorschot PC (2008) Privacy-enhanced sharing of personal content on the web. In: WWW ’08: proceeding of the 17th international conference on World Wide Web, ACM, New York, pp 487–496

  31. Narayanan A, Shmatikov V (2009) De-anonymizing social networks. In: IEEE symposium on security and privacy

  32. Newman MEJ (2008) The new palgrave encyclopedia of economics. In: Blume LE, Durlauf SN (eds) The mathematics of networks, 2nd edn. Palgrave Macmillan, Basingstoke

    Google Scholar 

  33. Platform TD http://www.drupal.org. Accessed 11 Dec 2011

  34. Resnick P, Zeckhauser R, Swanson J, Lockwood K (2006) The value of reputation on eBay: a controlled experiment 9(2):79–101

  35. Robertson SE, van Rijsbergen CJ, Porter MF (1981) Probabilistic models of indexing and searching. In: Proceedings of the 3rd annual ACM conference on research and development in information retrieval, SIGIR ’80, Butterworth & Co., Kent, pp 35–56

  36. Sambra AV, Laurent M (2012) Context-aware decentralized approach for web services. In: SERVICES. IEEE, pp 73–79

  37. Shehab M, Cheek GP, Touati H, Squicciarini AC, Cheng P-C (2010) Learning based access control in online social networks. In: WWW, pp 1179–1180

  38. Strater K, Lipford H (2008) Strategies and struggles with privacy in an online social networking community. In: British computer society conference on human-computer interaction

  39. Zheleva E, Getoor L (2009) To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In: Proceedings of the 18th international conference on World Wide Web, WWW ’09, ACM, New York, pp 531–540

  40. Ziegler C-N, Golbeck J (2007) Investigating interactions of trust and interest similarity. Decis Support Syst 43(2):460–475

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Anna C. Squicciarini.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Squicciarini, A.C., Paci, F. & Sundareswaran, S. PriMa: a comprehensive approach to privacy protection in social network sites. Ann. Telecommun. 69, 21–36 (2014). https://doi.org/10.1007/s12243-013-0371-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-013-0371-x

Keywords

Navigation