Skip to main content
SpringerLink
Log in

Restricting data-leakage using fine-grained access control on OSN objects

  • regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

In recent years, Online Social Networks like Facebook, Twitter have become an integral part of our daily life to share a variety of information with others. These information contents are accessible to a large group of Internet users causing a serious privacy risk. In this paper, we propose a simple and flexible access control model to regulate access to users’ resources on Twitter. Our proposed model employs an object matrix and access capability list to enable users to regulate access to their private resources and can be tuned to other Online Social Networks. The main advantages of our model are its simplicity and ease of deployment. The correctness of the access control model is verified using a logical model in Answer Set Programming. The efficiency and feasibility of our mechanism is evaluated through a prototype.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. https://www.telegraph.co.uk/technology/facebook/8070513/Facebook-admits-inadvertent-privacy-breach.html.

  2. www.bgr.in/news/data-breach-some-app-misuse-twitter-and-facebook-logins-to-steal-personal-data-860576.

  3. www.business-standard.com/article/pti-stories/malicious-3rd-party-apps-leak-personal-data-from-facebook-twitter-119112801503.html.

  4. Owner and Co-owners.

  5. People he follows.

  6. For other OSNs such as Facebook where relationship between a pair of users is symmetric, these pairs are unordered.

  7. A forwarded request repeats the original flow id.

References

  1. Kemp, S.: The digital 2021 global overview report (2021)

  2. Facebook. Facebook: company info (2022)

  3. Facebook. Facebook: number of monthly active users worldwide 2008–2022 (2022)

  4. Tankovska, H.: Twitter: number of monthly active users 2010–2019 (2021)

  5. www.internetlivestats.com. Twitter usage statistics (2020)

  6. InternetWorldStats: Internet usage statistics: the internet big picture (2019)

  7. Team HostingFacts: Internet stats & facts (2020): list of internet, ecommerce, hosting, mobile & social media statistics for 2020 (2020)

  8. Samarati, P.: Protecting respondents identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001)

    Article  Google Scholar 

  9. Eckersley, P.: How online tracking companies know most of what you do online (and what social networks are doing to help them), electronic frontier foundation (2009)

  10. BullGuard: Privacy violations-the dark side of social media (2017)

  11. Robertson, J., Mehrotra, K., Wagner, K.: Twitter’s security woes included broad access to user accounts (2020)

  12. Carolyn, D. M.: 15 Worst internet privacy scandals of all time, network world (2012)

  13. Jain, A.K., Sahoo, S.R., Kaubiyal, J.: Online social networks security and privacy: comprehensive review and analysis. Complex Intell. Syst. 7, 2157–2177 (2021)

    Article  Google Scholar 

  14. Pierson, D.: Facebook needed third-party apps to grow. now it’s left with a privacy crisis (2018)

  15. Giffin, D.B., Levy, A., Stefan, D., Terei, D., Mazières, D., Mitchell, J.C., Russo, A.: Hails: Protecting data privacy in untrusted web applications. In: 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12), pp. 47–60. USENIX, Hollywood (2012)

  16. Aldhafferi, N., Watson, C., Sajeev, A.S.M.: Personal information privacy settings of online social networks and their suitability for mobile internet devices. Int. J. Secur. Priv. Trust Manag. 2(2), 1–17 (2013)

    Article  Google Scholar 

  17. Chaabane, A., Ding, Y., Dey, R., Kaafar, M.A., Ross, K.W.: A Closer Look at Third-Party OSN Applications: Are They Leaking Your Personal Information? pp. 235–246. Springer, Cham (2014)

  18. Tucker, R., Tucker, C., Zheng, J.: Privacy pal: improving permission safety awareness of third party applications in online social networks. In: 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems, pp. 1268–1273 (2015)

  19. Rodriguez, S., Ingram, D., Busvine, D.: Privacy issues emerge as major business risk for facebook (2018)

  20. Becker, J., Chen, H.: Measuring privacy risk in online social networks. In: Web 2.0 Security and Privacy (W2SP), Oakland, CA (2009)

  21. Krishnamurthy, B., Wills, C.E.: On the leakage of personally identifiable information via online social networks. In: Proceedings of the 2Nd ACM Workshop on Online Social Networks, WOSN ’09, pp. 7–12. ACM (2009)

  22. Van Eecke, P., Truyens, M.: Privacy and social networks. Comput. Law Secur. Rev. 26(5), 535–546 (2010)

    Article  Google Scholar 

  23. Patil, V.T., Shyamasundar, R.K.: Undoing of privacy policies on facebook. In: Livraga, G., Zhu, S. (eds.) Data and Applications Security and Privacy XXXI, pp. 239–255. Springer, Berlin (2017)

  24. Joshi, P., Kuo, C.C.J.: Security and privacy in online social networks: a survey. In: 2011 IEEE International Conference on Multimedia and Expo, pp. 1–6 (2011)

  25. Kayes, I., Iamnitchi, A.: Privacy and security in online social networks: a survey. Online Soc. Netw. Media 3–4, 1–21 (2017)

    Google Scholar 

  26. Seng, S., Al-Ameen, M.N., Wright, M.: A look into user privacy and third-party applications in facebook. Inf. Comput. Secur. (2021)

  27. Levin, S.: Facebook suspends 200 apps as part of investigation into data misuse (2018)

  28. Vijayan, J.: Social networking sites leaking personal information to third parties, study warns (2009)

  29. Beaumont, C.: Facebook admits ’inadvertent’ privacy breach (2010)

  30. CISOMAG: Twitter inadvertently exposes users’ email and contact details (2019)

  31. McGee, M.K.: 32.8 Million twitter credentials may have been leaked (2016)

  32. Wong, J.C., Lewis, P., Davies, H.: How academic at centre of facebook scandal tried and failed to spin personal data into gold (2018)

  33. Papamiltiadis, K.: Changes to groups API access (2019)

  34. Sadler, D.: Instagram hit by two privacy breaches in a week: the facebook-owned company fails it users (2019)

  35. Business-Standard. Data breach: Third party apps leak personal information from fb, twitter (2019)

  36. Egele, M., Moser, A., Kruegel, C., Kirda, E.: Pox: protecting users from malicious Facebook applications. Comput. Commun. 35(12), 1507–1515 (2012)

    Article  Google Scholar 

  37. Anthonysamy, P., Rashid, A., Walkerdine, J., Greenwood, P., Larkou, G.: Collaborative privacy management for third-party applications in online social networks. In: Proceedings of the 1st Workshop on Privacy and Security in Online Social Media, PSOSM 12, pp. 51–54. ACM (2012)

  38. Viswanath, B., Kiciman, E., Saroiu, S.: Keeping information safe from social networking apps. In: Proceedings of the 2012 ACM Workshop on Workshop on Online Social Networks, WOSN 12, pp. 49–54. ACM, New York (2012)

  39. Shehab, M., Squicciarini, A., Ahn, G.J., Kokkinou, I.: Access control for online social networks third party applications. Comput. Secur. 31(8), 897–911 (2012)

    Article  Google Scholar 

  40. Cheng, Y., Park, J., Sandhu, R.: Preserving user privacy from third-party applications in online social networks. In: Proceedings of the 22nd International Conference on World Wide Web, WWW 13 Companion, pp. 723–728. ACM, New York (2013)

  41. Tomy, S., Pardede, E.: Controlling privacy disclosure of third party applications in online social networks. Int. J. Web Inf. Syst. 12(2), 215–241 (2016)

    Article  Google Scholar 

  42. Kavianpour, S., Tamimi, A., Shanmugam, B.: A privacy-preserving model to control social interaction behaviors in social network sites. J. Inf. Secur. Appl. 49, 102402 (2019)

    Google Scholar 

  43. Rathore, N.C., Tripathy, S.: Appmonitor: restricting information leakage to third-party applications. Soc. Netw. Anal. Min. 10(1), 6 (2020)

    Article  Google Scholar 

  44. Singh, K., Bhola, S., Lee, W.: xbook: redesigning privacy control in social networking platforms. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 09, pp. 249–266. USENIX Association, Berkeley (2009)

  45. Cutillo, L.A., Molva, R., Strufe, T.: Safebook: a privacy-preserving online social network leveraging on real-life trust. Commun. Mag. 47(12), 94–101 (2009)

    Article  Google Scholar 

  46. Carminati, B., Ferrari, E., Heatherly, R., Kantarcioglu, M., Thuraisingham, B.: Semantic web-based social network access control. Comput. Secur. 30(2–3), 108–115 (2011)

    Article  Google Scholar 

  47. Malik, A.K., Dustdar, S.: Sharing and privacy-aware RBAC in online social networks. In: 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing, pp. 1352–1355 (2011)

  48. Fong, P.W.: Relationship-based access control: Protection model and policy language. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, CODASPY 11, pp. 191–202. Association for Computing Machinery (2011)

  49. Hu, H., Ahn, G.J., Jorgensen, J.: Multiparty access control for online social networks: model and mechanisms. IEEE Trans. Knowl. Data Eng. 25(7), 1614–1627 (2013)

    Article  Google Scholar 

  50. Baek, S., Kim, S.: Trust-based access control model from sociological approach in dynamic online social network environment. Sci. World J. 2014, 936319 (2014)

    Article  Google Scholar 

  51. Pang, J., Zhang, Y.: A new access control scheme for Facebook-style social networks. Comput. Secur. 54, 44–59 (2015)

    Article  Google Scholar 

  52. Rathore, N.C., Tripathy, S.: A trust-based collaborative access control model with policy aggregation for online social networks. Soc. Netw. Anal. Min. 7(1), 7 (2017)

    Article  Google Scholar 

  53. Shan, F., Liu, J., Wang, X., Liu, W., Zhou, B.: A smart access control method for online social networks based on support vector machine. IEEE Access 8, 11096–11103 (2020)

    Article  Google Scholar 

  54. Voloch, N., Nissim, P., Elmakies, M., Gudes, E.: A role and trust access control model for preserving privacy and image anonymization in social networks. In: Meng, W., Cofta, P., Jensen, C.D., Grandison, T. (eds.) Trust Management XIII, pp. 19–27. Springer, Cham (2019)

  55. Rathee, G., Garg, S., Kaddoum, G., Jayakody, D.N.K., Piran, M.J., Muhammad, G.: A trusted social network using hypothetical mathematical model and decision-based scheme. IEEE Access 9, 4223–4232 (2021)

    Article  Google Scholar 

  56. Gates, C.: Access control requirements for web 2.0 security and privacy. IEEE Web 2(0), 12–15 (2007)

    Google Scholar 

  57. Cheng, Y., Park, J., Sandhu, R.: Relationship-based access control for online social networks: beyond user-to-user relationships. In: 2012 International Conference on Privacy, Security, Risk and Trust (PASSAT) and 2012 International Conference on Social Computing (SocialCom), pp. 646–655 (2012)

  58. Cheng, Y., Park, J., Sandhu, R.: Attribute-aware relationship-based access control for online social networks. In: Data and Applications Security and Privacy XXVIII. volume 8566 of Lecture Notes in Computer Science, pp. 292–306. Springer, Berlin (2014)

  59. Nilizadeh, S., Jahid, S., Mittal, P., Borisov, N., Kapadia, A.: Cachet: a decentralized architecture for privacy preserving social networking with caching. In: Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies, CoNEXT 12, pp. 337–348 (2012)

  60. Kelbert, F., Fromm, A.: Compliance monitoring of third-party applications in online social networks. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 9–16 (2016)

  61. Hardt, D.: The OAuth 2.0 authorization framework. RFC 6749, RFC Editor (2012)

  62. Gebser, M., Kaminski, R., König, A., Schaub, T.: Advances in gringo series 3. In: Delgrande, J.P., Faber, W. (eds.) Logic Programming and Nonmonotonic Reasoning, pp. 345–351. Springer, Berlin (2011)

  63. Gebser, M., Kaufmann, B., Schaub, T.: Conflict-driven answer set solving: from theory to practice. Artif. Intell. 187, 52–89 (2012)

    Article  MATH  Google Scholar 

  64. Lifschitz, V.: What is answer set programming? In: Proceedings of the 23rd National Conference on Artificial Intelligence—Volume 3, AAAI 08, pp. 1594–1597. AAAI Press (2008)

  65. Gebser, M., Kaufmann, B., Neumann, A., Schaub, T.: clasp: a conflict-driven answer set solver. In: LPNMR, Volume 4483 of Lecture Notes in Computer Science, pp. 260–265. Springer, Berlin (2007)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Central Univ of South Bihar, Gaya, Bihar, India

    Nemi Chandra Rathore

  2. Department of Computer Science and Engineering, Indian Institute of Technology Patna, Bihta, Bihar, India

    Somanath Tripathy

Authors
  1. Nemi Chandra Rathore
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Somanath Tripathy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nemi Chandra Rathore.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Rathore, N.C., Tripathy, S. Restricting data-leakage using fine-grained access control on OSN objects. Int. J. Inf. Secur. 22, 93–106 (2023). https://doi.org/10.1007/s10207-022-00629-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-022-00629-z

Keywords

Search

Navigation