Preserving User Privacy from Third-party Applications in Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security University.

Slides:



Advertisements
Similar presentations
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Advertisements

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
Trust Management of Services in Cloud Environments:
Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.
A Provenance-based Access Control Model (PBAC) July 18, 2012 PST’12, Paris, France Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.
11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Attribute-Based Access Control Models and Beyond
Privacy in Social Networks CSCE 201. Reading Dwyer, Hiltz, Passerini, Trust and privacy concern within social networking sites: A comparison of Facebook.
Named Data Networking for Social Network Content delivery P. Truong, B. Mathieu (Orange Labs), K. Satzke (Alu) E. Stephan (Orange Labs) draft-truong-icnrg-ndn-osn-00.txt.
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
Lesson 4: Configuring File and Share Access
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
1 Speaker : 童耀民 MA1G Authors: Ze Li Dept. of Electr. & Comput. Eng., Clemson Univ., Clemson, SC, USA Haiying Shen ; Hailang Wang ; Guoxin.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
Aegis: A Semantic Implementation of Privacy as Contextual Integrity in Social Ecosystems Imrul Kayes, Adriana Iamnitchi.
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
Evaluation and Testbed Development Bhavani Thuraisingham The University of Texas at Dallas Jim Massaro and Ravi Sandhu.
11 World-Leading Research with Real-World Impact! Towards Provenance and Risk-Awareness in Social Computing Yuan Cheng, Dang Nguyen, Khalid Bijon, Ram.
Lecture 9: Chapter 9 Architectural Design
1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.
© 2008 IBM Corporation ® Atlas for Lotus Connections Unlock the power of your social network! Customer Overview Presentation An IBM Software Services for.
Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)
On Data Provenance in Group-centric Secure Collaboration Oct. 17, 2011 CollaborateCom Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.
SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.
Database Administration COMSATS INSTITUTE OF INFORMATION TECHNOLOGY, VEHARI.
A User-to-User Relationship-based Access Control Model for Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security.
D IRECTIONS FOR R AISING P RIVACY A WARENESS IN SNS P LATFORMS Konstantina Vemou, Maria Karyda, Spyros Kokolakis 18th Panhellenic Conference on Informatics.
1 Attribute-Aware Relationship-Based Access Control for Online Social Networks World-Leading Research with Real-World Impact! Yuan Cheng, Jaehong Park.
1 RABAC : Role-Centric Attribute-Based Access Control MMM-ACNS 2012 Xin Jin, Ravi Sandhu, Ram Krishnan University of Texas at San Antonio San Antonio,
Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.
POP-SNAQ: Privacy-preserving Open Platform for Social Network Application Queries Brian Thompson Huijun Xiong.
Relationship-based Access Control for Online Social Networks: Beyond User-to-User Relationships Sep. 3, 2012 PASSAT 2012, Amsterdam, The Netherlands Yuan.
INSTITUTE FOR CYBER SECURITY A Hybrid Enforcement Model for Group-Centric Secure Information Sharing (g-SIS) Co-authored with Ram Krishnan, PhD Candidate,
Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Multiparty Access Control for Online Social Networks : Model and Mechanisms.
Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.
M2M Service Layer – DM Server Security Group Name: OMA-BBF-oneM2M Adhoc Source: Timothy Carey, Meeting Date:
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
INFSO-RI Enabling Grids for E-sciencE NPM Security Alistair K Phipps (NeSC) JRA4 Face To Face, CERN, Geneva.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
INTRODUCTION About Project: About Project: Our project is based of the technology of cloud computing which is offering many pro’s to the world of computers.
ReBAC in ABAC Tahmina Ahmed Department of Computer Science University of Texas at San Antonio 4/29/ Institute for Cyber Security World-Leading Research.
Extended ReBAC Administrative Models with Cascading Revocation and Provenance Support Yuan Cheng 1 , 2, Khalid Bijon 2, and Ravi Sandhu 1 Institute for.
Object-to-Object Relationship Based Access Control: Model and Multi-Cloud Demonstration Tahmina Ahmed, Farhan Patwa and Ravi Sandhu Department of Computer.
Institute for Cyber Security
Understanding Android Security
Institute for Cyber Security
World-Leading Research with Real-World Impact!
EMV® 3-D Secure - High Level Overview
Chapter 18 MobileApp Design
Chapter 27 Security Engineering
How to Mitigate the Consequences What are the Countermeasures?
SharePoint Online Authentication Patterns
Understanding Android Security
NSA Security-Enhanced Linux (SELinux)
Access Control What’s New?
Data Portability It’s Mine, Mine, Mine!
World-Leading Research with Real-World Impact!
Presentation transcript:

Preserving User Privacy from Third-party Applications in Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio Presentation at PSOSM13, Rio de Janeiro, Brazil May 14, Institute for Cyber Security World-Leading Research with Real-World Impact!

Agenda Privacy Issues of 3 rd -party Apps Countermeasures Access Control Framework Policy Model Conclusions 2 World-Leading Research with Real-World Impact!

Privacy Issues An all-or-nothing policy for application-to-user interactions – User has to grant the app full access, even if the app only needs partial data Users are not aware of the application’s real needs 3 World-Leading Research with Real-World Impact!

Privacy Issues (cont.) Coarse-grained opt-in/out privacy control does not let user specify policies for each piece of data Some permissions are given by user’s friend who installed the app, without user’s knowledge 4 World-Leading Research with Real-World Impact!

Countermeasures SummaryProsCons Data GeneralizationConvert private data to a privacy-nonsensitive form Have been widely accepted in recent solutions User-specified Privacy Preference Allow user to express their preference more flexibly Communication Interceptor Intercept requests, exert user preferences, and return sanitized or dummy data Lose functionality and integrity Information Flow Control Confine app execution and mediate information flow Enable post- authorization Need substantial modification to current architecture User-to-application Policy Model Provide a complete policy model for users to define, use and manage their own policies 5

Goal Protect inappropriate exposure of users’ private information to untrusted 3 rd party apps Propose an policy model for controlling application-to-user activities – More flexible further utilize the relationships and the social graph in OSN – Finer grained e.g., per resource vs. per resource type, distinction of different types of access 6 World-Leading Research with Real-World Impact!

Framework Overview Prevent applications from learning user’s private information while still maintaining the functionality Leave private information within OSN system and allow external servers of applications to retrieve non- private data 7 World-Leading Research with Real-World Impact!

Proposed Architecture 8 World-Leading Research with Real-World Impact!

Application Components Internal component – High trustworthy; can handle private data – Can be provided by OSN and 3 rd -party entities External component – Provided by 3 rd -party entities – Low trustworthy; cannot consume private data 9 World-Leading Research with Real-World Impact!

Communications OSN provided3 rd -party provided Communication w/ system calls M1M2 Communication w/ non- private data M3M4 10 World-Leading Research with Real-World Impact! Communication between components only through OSN- specified APIs Communication w/ system calls Communication w/ non-private data Communication w/ private data (not allowed)

Relationship-based Access Control w/ Apps 11 friend colleague follow install He didn’t install the app World-Leading Research with Real-World Impact!

Policy Specifications – action specifies the type of access – target indicates the resource to be accessed – start is the position where access evaluation begins, which can be either owner or requester – path rule represents the required pattern of relationship between the involved parties 12 e.g., “install”, “friend·install” World-Leading Research with Real-World Impact!

Policy Specifications – action specifies the type of access – target indicates the resource to be accessed – start is the position where access evaluation begins, which can be either owner or requester – path rule represents the required pattern of relationship between the involved parties – ModuleType = {M1, M2, M3, M4, external}, 2 ModuleType indicates the set of app module types allowed to access 13 World-Leading Research with Real-World Impact!

Example: App Request Notification – For apps she installed; Protect her data – For apps she installed ; Protect her friends’ data – For apps her friends installed; Protect her data 14 World-Leading Research with Real-World Impact!

Example: Accessing User’s Profile – DOB is private – Keystroke is non-private – Keystroke information is crucial for fulfilling functionality – Protect his friends’ data 15 World-Leading Research with Real-World Impact!

Conclusions Presented an access control framework – Split applications into different components with different privileges – Keep private data away from external components Provided a policy model for application-to- user policies – Specify different policies for different components of the same application 16 World-Leading Research with Real-World Impact!

Q&A Questions? 17 World-Leading Research with Real-World Impact!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.