1 On Protecting Private Information in Social Networks: A Proposal Bo Luo 1 and Dongwon Lee 2 1 The University of Kansas, 2 The Pennsylvania.

Slides:

Advertisements

Similar presentations

Privacy: Facebook, Twitter

Advertisements

Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Department of Electrical & Computer.

Social media threats. Warning! May contain mild peril.

Web 2.0: Concepts and Applications 5 Connecting People.

Web 2.0: Concepts and Applications 5 Connecting People.

Privacy in Social Networks CSCE 201. Reading Dwyer, Hiltz, Passerini, Trust and privacy concern within social networking sites: A comparison of Facebook.

Hongyu Gao, Tuo Huang, Jun Hu, Jingnan Wang.  Boyd et al. Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication,

BY CURTIS THOMPSON Social Networking and the Business World.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

Social Networking Systems: Education Awareness Briefing.

SOCIAL NETWORK INFORMATION CONSOLIDATION Developers:  Klasquin Tomer  Nisimov Yaron  Rabih Erez Advisors:  Academic: Prof. Elovici Yuval  Technical:

Explorations in Anonymous Communication Andrew Bortz with Luis von Ahn Nick Hopper Aladdin Center, Carnegie Mellon University, 8/19/2003.

GenSpace: Exploring Social Networking Metaphors for Knowledge Sharing and Scientific Collaborative Work Chris Murphy, Swapneel Sheth, Gail Kaiser, Lauren.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

Anthony Bonomi, Amber Heeg, Elizabeth Newton, Bianca Robinson & Marzi Shabani.

 Digital marketing: Uses digital media to develop communications and exchanges with customers  Electronic media (E-marketing): Refers to the strategic.

MAKING THE INTERNET WORK FOR A HEALTHCARE FACILITY Creating functional websites with optimal Customer Service.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Norman SecureSurf Protect your users when surfing the Internet.

10 Privacy Settings Every Facebook User Should Know.

You can customize your privacy settings. The privacy page gives you control over who can view your content. At most only your friends, their friends and.

How to Expand Your School’s Online Reach using Facebook, Blogs and Twitter.

Copyright ©: SAMSUNG & Samsung Hope for Youth. All rights reserved Tutorials The internet: Social networks and communities Suitable for: Improver.

Social Networking and On-Line Communities: Classification and Research Trends Maria Ioannidou, Eugenia Raptotasiou, Ioannis Anagnostopoulos.

Towards A User-Centric Identity-Usage Monitoring System - ICIMP Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.

Social Media Attacks By Laura Jung. How the Attacks Start Popularity of these sites with millions of users makes them perfect places for cyber attacks.

Introduction Finlay Carmichael – Managing Director, C2 Software Ltd Quick introduction on who we are... How the web has evolved Effective Forums The potential.

Planned Giving Design Center. What is the Planned Giving Design Center? National network of websites dedicated to advancing philanthropy.

Network and Systems Security By, Vigya Sharma (2011MCS2564) FaisalAlam(2011MCS2608) DETECTING SPAMMERS ON SOCIAL NETWORKS.

AVI/Psych 358/IE 340: Human Factors Web 2.0 November

Social scope: Enabling Information Discovery On Social Content Sites

WEB 2.0 and SOCIAL NETWORKING Mike Wood Executive Director Media Resources Center.

IEEE R lmap 23 Feb 2015.

© Hodder Gibson 2012 Staying safe online. © Hodder Gibson 2012 Dangers on the Internet There are a number of dangers on the Internet such as: viruses.

Staying Safe Online Aberdeen Grammar School. Things to do online Keep in touch with friends and family using , twitter and social networking sites.

Computing Essentials 2014 Privacy, Security and Ethics © 2014 by McGraw-Hill Education. This proprietary material solely for authorized instructor use.

Suggested grade levels 7-12 Students will explore strategies that promote personal safety when using the texting-based social network, Twitter.

Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.

 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.

A Proposed Solution Goal: To build a model where libraries can continue to access purchased ebook content in meaningful and useful ways. Means: Through.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

Voice of Pakistan Submitted by : Ghulam mujtaba Term project (Individual ) Social Computing Application MS (CS), IBA Karachi. Submitted to : Dr. Zaheerddin.

Introducing HingX now with Capacity Development Network.

Guidelines for ENSCONET partners in the use of the e-forum.

Copenhagen, 7 June 2006 Toolkit update and maintenance Anton Cupcea Finsiel Romania.

BEHAVIORAL TARGETING IN ON-LINE ADVERTISING: AN EMPIRICAL STUDY AUTHORS: JOANNA JAWORSKA MARCIN SYDOW IN DEFENSE: XILING SUN & ARINDAM PAUL.

By Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna Presented By Awrad Mohammed Ali 1.

Legitimate Vulnerability Markets By: Jeff Wheeler.

POP-SNAQ: Privacy-preserving Open Platform for Social Network Application Queries Brian Thompson Huijun Xiong.

Privacy Issues on The Internet. Login if you want everyone to see your private life * * * * *

Preventing Private Information Inference Attacks on Social Networks.

Educational Networks What are they and why are they important?

Anonymity and Privacy Issues --- re-identification

Kendra Hunter & Charde Johnson EDUC Dr. M. Kariuki.

1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Awareness raising session for Parents and Carers June Todd Awareness raising session for Parents and Carers June Todd.

Protecting your search privacy A lesson plan created & presented by Maria Bernhey (MLS) Adjunct Information Literacy Instructor

Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.

Privacy Vulnerability of Published Anonymous Mobility Traces Chris Y. T. Ma, David K. Y. Yau, Nung Kwan Yip (Purdue University) Nageswara S. V. Rao (Oak.

Regulation models addressing data protection issues in the EU concerning RFID technology Ioannis Iglezakis Assistant Professor in Computers & Law Faculty.

Social Media Attacks.

Online Social Network: Threats &

563.10: Bloom Cookies Web Search Personalization without User Tracking

Benefits of Social Media and Networking Technologies

Privacy Protection for Social Network Services

Supporting precise data analysis without releasing patient records: the Simulacrum in action Cong Chen, Paul Clarke, Lora Frayling, Sally Vernon, Brian.

Cross Site Request Forgery (CSRF)

Online Safety; Privacy and Sharing

Online Safety; Privacy and Sharing

Presentation transcript:

1 On Protecting Private Information in Social Networks: A Proposal Bo Luo 1 and Dongwon Lee 2 1 The University of Kansas, 2 The Pennsylvania State University,

2 Motivation Online social networks Getting very popular (e.g. Facebook: 68M unique visitors, 1.2B visits) Various types of communities –General (e.g. Facebook; MySpace) –Business/professional (e.g. LinkedIn) –Alumni –Leisure –Healthcare (e.g. SoberCircle; PatientsLikeMe) People socialize with friends But also adversaries!

3 Motivation Privacy vulnerabilities in online social networks Huge amount of personal information available over various types of social network sites. Users are not fully aware of the risks. Adversaries use various techniques to collect such information. –E.g. information retrieval and search engine News stories Facebook Stalkers [Dubow, USA Today, 2007] Gadgets and add-ons read user profiles [Irvin, USA Today, 2008] How Not to Lose Face on Facebook, for Professors. [Young, Chronicle, 2009].

4 Privacy vulnerabilities Threat 1: out-of-context information disclosure Users present information to a “context” (e.g. targeted readers) Implicit assumption –Information stays in the context –This is wrong! Out-of-context information disclosure –Wrong configuration –Mal-functioning code –Users ’ misunderstanding Examples Adversaries could simply register for forums to access many information. Messages in a “closed” -based community is archived and accessible to everyone. Gadgets and add-ons read user profiles

5 Privacy vulnerabilities Threat 2: In-network information aggregation User share information in social networks Implicit assumption: “a small piece of personal information is not a big deal” Adversaries collect all the pieces of information associated with a user. Adversaries aggregate all the information pieces. Significant amount of privacy! In-network information aggregation attack.

6 Threat 3: cross-network information aggregation User participates in multiple networks Different levels of privacy concerns. Adversaries use evidences to link profiles from different SN sites –Attribute –Neighborhood –Similar posts –Propagation Adversaries collects all the private information across multiple SN sites Cross-network information aggregation Privacy vulnerabilities

7 Goals and solutions at a glance Goal: prevent users from unwanted information disclosure, especially from the three threats. Users should be able to socialize. We cannot prevent users from sharing information Honest-but-curious observer Honest: no phishing, no spam, no hacking Curious: very aggressive in seeking information –Registers for social networks –Uses search engines –Manipulates information Our goal: Protect users from honest-but-curious observers

8 Design goals Enable users to describe a privacy plan——How they allow their private information items to be disclosed Solution: privacy models Alert users when they share information over social networks Solution: passive monitor Monitor private information over various social networks to make sure that they are not violated Solution: active monitor

9 Online social networks We define two properties to describe online social networks Openness level –How information in a social network could be accessed –E.g. OL=public – everyone can access; –E.g. OL=registration-required – all registered users can access, but not search engines. Access equivalency group –Social networks with identical openness level belongs to a group.

10 Private information model We define two private information models Multi-level model Private information items are managed in hierarchically organized categories Information flow from lower level (less private) to higher level (more private) –E.g. when user trusts SN with level 3, s/he also trusts SN with levels 1 and 2 Simple model Easy for users to understand Less descriptive

11 Private information model Discretionary model—— a set-based model Private information items are organized into sets Private information items in one set could be released together Private information item may belong to multiple sets Private information disclosure model Formally describes: –out-of-context information disclosure –information aggregation attacks under discretionary model. Details: please refer to the paper

12 Privacy monitor: the proposal

13 Privacy sandbox Picks a privacy model Allows users to describe their privacy plan in the model, i.e. how they want to arrange private information items E.g. define privacy information sets under discretionary model Define how sets could be released to social networks with different openness level. Keeps privacy plans

14 Passive monitor is triggered when users send information to social networks Alerts users –who can access the submitted information –Openness level –Access equivalency group Checks against the privacy plan Keeps a local log of private information disclosure –For future use

15 Remote Component and Active monitor Remote component Actively collects personal information from various social networks Simulates in-network and cross-network information aggregation Stores information in a data repository Active monitor Compares users’ privacy plans with –Local log –Remote data repository –Search engine results Checks for discrepancy –Warns user about unwanted information disclosure

16 Conclusion In this paper, we present privacy vulnerabilities over social networks, especially information aggregation attacks model social networks and private information disclosure from access control perspective describe information aggregation attacks in the model propose our initial design of a privacy monitor This is our preliminary proposal Further analysis and implementation is on-going Thanks a lot!