skip to main content
10.1145/1572532.1572535acmotherconferencesArticle/Chapter ViewAbstractPublication PagessoupsConference Proceedingsconference-collections
research-article

Social applications: exploring a more secure framework

Published: 15 July 2009 Publication History

Abstract

Online social network sites, such as MySpace, Facebook and others have grown rapidly, with hundreds of millions of active users. A new feature on many sites is social applications -- applications and services written by third party developers that provide additional functionality linked to a user's profile. However, current application platforms put users at risk by permitting the disclosure of large amounts of personal information to these applications and their developers. This paper formally abstracts and defines the current access control model applied to these applications, and builds on it to create a more secure framework. We do so in the interest of preserving as much of the current architecture as possible, while seeking to provide a practical balance between security and privacy needs of the users, and the needs of the applications to access users' information. We present a user study of our interface design for setting a user-to-application policy. Our results indicate that the model and interface work for users who are more concerned with their privacy, but we still need to explore alternate means of creating policies for those who are less concerned.

References

[1]
]]BBC News http://news.bbc.co.uk/2/hi/programmes/click_online/7375772.stm, accessed September 29, 2008.
[2]
]]boyd, d. Friendster and publically articulated social networking. In the Extended Abstracts of the Conference on Human Factors and Computing Systems (CHI 2004). Vienna, Austria, 2004, pp 1279--1282.
[3]
]]CNet News, http://news.cnet.com/8301-10784_3-9977762-7.html, Accessed September 29, 2008.
[4]
]]Dhamija R., Tygar J. D., Hearst M., Why phishing works, Proceedings of the SIGCHI conference on Human Factors in computing systems, April 22--27, 2006, Montréal, Québec, Canada
[5]
]]Donath J. and boyd d., Public displays of connection. BT Technology Journal, 22:71--82, 2004.
[6]
]]Facebook http://www.facebook.com/press/info.php?statistics, accessed September 29, 2008.
[7]
]]Felt A. and Evans D., Privacy Protection for Social Networking Platforms. In Web 2.0 Security and Privacy 2008, May 2008.
[8]
]]Gross R. and Acquisiti A., Information Relevation and Privacy in Online Social Networks. In Workshop on Privacy in the Electronic Society, 2005.
[9]
]]Jones H., Soltren J., Facebook: Threats to Privacy. MIT, December 14, 2005. Retrieved from http://www-swiss.ai.mit.edu/6805/student-papers/fall05-papers/facebook.pdf.
[10]
]]Kumaraguru P. and Cranor L. 2005, Privacy Indexes: A Survey of Westin's Studies, ISRI Technical Report, CMU-ISRI-05-138, 2005.
[11]
]]Lipford H., Besmer A., and Watson J., Understanding privacy settings in facebook with an audience view, UPSEC 2008, Berkeley, CA, April 2008.
[12]
]]OpenSocial http://code.google.com/apis/opensocial/, accessed September 29, 2008.
[13]
]]Rabkin A., Personal knowledge questions for fallback authentication. In Symp. on Usable Privacy and Security (SOUPS'08), Pittsburgh, PA, USA, July 2008.
[14]
]]Saltzer J., Schroeder M., The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9), 1278--1308 1975.
[15]
]]Shehab M., Squicciarini A. and Ahn G., Beyond User-to-User Access Control for Online Social Networks, ICICS 2008, October, 2008, Birmingham, UK.
[16]
]]Sophos.com (2007). Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves. Accessed August 8, 2007.
[17]
]]Stutzman F., An evaluation of identity-sharing behavior in social network communities. In the Proceedings of iDMAa and IMS Code Conference, 2005.

Cited By

View all
  • (2021)What Can Fitness Apps Teach Us About Group Privacy?Research Anthology on Privatizing and Securing Data10.4018/978-1-7998-8954-0.ch104(2135-2157)Online publication date: 2021
  • (2021)What Can Fitness Apps Teach Us About Group Privacy?Privacy Concerns Surrounding Personal Information Sharing on Health and Fitness Mobile Apps10.4018/978-1-7998-3487-8.ch001(1-30)Online publication date: 2021
  • (2019)Privacy Is The Best Policy: A Framework for BLE Beacon Privacy Management2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)10.1109/COMPSAC.2019.00121(823-832)Online publication date: Jul-2019
  • Show More Cited By

Index Terms

  1. Social applications: exploring a more secure framework

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security
    July 2009
    205 pages
    ISBN:9781605587363
    DOI:10.1145/1572532

    Sponsors

    • Carnegie Mellon CyLab
    • Google Inc.

    In-Cooperation

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 15 July 2009

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. access control
    2. privacy
    3. security
    4. social networking applications
    5. web 2.0

    Qualifiers

    • Research-article

    Funding Sources

    Conference

    SOUPS '09
    Sponsor:
    SOUPS '09: Symposium on Usable Privacy and Security
    July 15 - 17, 2009
    California, Mountain View, USA

    Acceptance Rates

    SOUPS '09 Paper Acceptance Rate 15 of 49 submissions, 31%;
    Overall Acceptance Rate 15 of 49 submissions, 31%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)8
    • Downloads (Last 6 weeks)2
    Reflects downloads up to 09 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2021)What Can Fitness Apps Teach Us About Group Privacy?Research Anthology on Privatizing and Securing Data10.4018/978-1-7998-8954-0.ch104(2135-2157)Online publication date: 2021
    • (2021)What Can Fitness Apps Teach Us About Group Privacy?Privacy Concerns Surrounding Personal Information Sharing on Health and Fitness Mobile Apps10.4018/978-1-7998-3487-8.ch001(1-30)Online publication date: 2021
    • (2019)Privacy Is The Best Policy: A Framework for BLE Beacon Privacy Management2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)10.1109/COMPSAC.2019.00121(823-832)Online publication date: Jul-2019
    • (2019)Effects of Privacy Notification Style and Frequency on Phone UsageJournal of Computer Information Systems10.1080/08874417.2018.156300861:1(30-41)Online publication date: 24-Jan-2019
    • (2018)Distinguishing Group Privacy From Personal PrivacyProceedings of the ACM on Human-Computer Interaction10.1145/32744372:CSCW(1-22)Online publication date: 1-Nov-2018
    • (2018)Collective Privacy Management in Social MediaACM Transactions on Computer-Human Interaction10.1145/319312025:3(1-33)Online publication date: 8-Jun-2018
    • (2018)Reliability score inference and recommendation using fuzzy-based technique for social media applicationsSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-017-2774-522:24(8289-8300)Online publication date: 1-Dec-2018
    • (2017)The Moral Responsibilities of Online Service ProvidersThe Responsibilities of Online Service Providers10.1007/978-3-319-47852-4_2(13-42)Online publication date: 1-Feb-2017
    • (2016)Networked Privacy Management in FacebookProceedings of the 19th ACM Conference on Computer-Supported Cooperative Work & Social Computing10.1145/2818048.2819996(503-514)Online publication date: 27-Feb-2016
    • (2016)Detecting malicious facebook applicationsIEEE/ACM Transactions on Networking10.1109/TNET.2014.238583124:2(773-787)Online publication date: 1-Apr-2016
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media