Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security/Privacy Model for Social Computing By Chi Ben Department of Computer and Information Sciences, Florida A&M University 1333 Wahnish Way 308-A Banneker.

Published byJasper Williams Modified over 9 years ago

Similar presentations

Presentation on theme: "Security/Privacy Model for Social Computing By Chi Ben Department of Computer and Information Sciences, Florida A&M University 1333 Wahnish Way 308-A Banneker."— Presentation transcript:

1 Security/Privacy Model for Social Computing By Chi Ben Department of Computer and Information Sciences, Florida A&M University 1333 Wahnish Way 308-A Banneker Technical Bldg. Tallahassee, Florida 32307

2 Table of Contents  Definition of social networking sites  Potential threats  Real life examples  Related work  A proposed model

3 Social Network  Nodes Individuals or organizations 1  Ties Connections  Friendship, kinship, financial exchange, knowledge or prestige 1

4 Social Networking Sites/Services (SNS)  Definition: Online communities formed for people who share common interests/activities.  Well-known services: NameAreaAlexa Raning FacebookInternational2 MySpaceInternational11 hi5 India, Portugal, etc38 LinkedInInternational59 Skyrock French speaking world85 MixiJapan90 FriendsterSoutheast Asia93 Kaixin001China102 Table 1: a list of most popular SNS

5 Fig. 1 Fast growing number of patent applications in social network

6  Mimicking in-person interactions  Storing large amount of personal information Violating the principle of least privilege 5 Users inclined to reveal private info/activities to someone they know 2  Bringing security issues Social Network Sites/Services (SNS) continued

7 Security issues from SNS  Accidental data release  Intentional use of private data for marketing purposes  Identity theft  Worms and Adwares  Phishing attacks  And many more

8 A recent famous case:  M16 chief’s wife blows his cover on Facebook 3  Details on where they live and work, their friends’ identities 3 Sir John Sawer on the beach in one of the family photos

9 Another case  US Marines Ban Twitter, MySpace, Facebook. Effective immediately. (As of Aug 03, 2009 )  Will last a year.  A waiver is possible.

10 Facebook’s new features Facebook: change in geography networks and new privacy features.

11 Work that is being done  Matthew M. Lucas, and et al, designed a Facebook application, flyByNight. 4  Encrypts private information, separates sensitive data from Facebook servers and public access.  Users must install a javascript client.  The vulnerability of the flyByNight server is unknown.

12  Andrew Besmer, and et al, designed a user-to-application policy, in addition to existing user-to-user policy and default application policy. Which effectively limits the applications’ access to users private information. 6  Complex, time-consuming settings for applications may impel users to skip applying proper policies. Work that is being done, cont’d

13 A User-Server-Agent Model USERSERVER INDEPENDENT INVESTIGATOR (AGENT) View Audition Log Report Suspicious Activities Report Investigation Investigation

14  Server audits users’ activities Log in time, duration, IP addresses, access information  Users can view activities related to their own accounts  Agents can view all activities of specified accounts A User-Server-Agent Model SERVER Provides log upon request Audits all access information

15 USER INDEPENDENT INVESTIGATOR (AGENT) A User-Server-Agent Model Kevin’s visit Bella’s visit Sara’s visit Mike’s visit Dave’s visit...... Kevin visits Sara Kevin visits Mike Kevin visits Dave Kevin visits Alice...... What a user sees What an agent sees

16 INDEPENDENT INVESTGATOR (AGENT) Provides Results to User Accepts Investigation Requests Analyze Information On server Step I Step II Step III A User-Server-Agent Model

17  Agent receives decrypted request from user Alice sends request for concern about Kevin’s activities Agent will see “03tn90a” and “01ad53h” in stead of “Alice” and “Kevin”, in the request  Agent connects to server, asks for information on account 01ad53h  After decryption server recognizes account name is Kevin A User-Server-Agent Model

18  What action can an agent perform? Use combined policies to detect unusual activities: IP address, multiple profiles access in a short term, inactive socializing activities.  How can an agent help a user? Simplest: suggest revoking “friend” label of malicious users Suggest server take action on malicious accounts Report to authorities when necessary A User-Server-Agent Model

19 Conclusion  Increasing use of SNS  Security/privacy is a big issue  User-Server-Agent model

20 Future work  Investigate/watch privacy frequently  Other functions will be added

21 References  1 http://en.wikipedia.org/wiki/Social_networkhttp://en.wikipedia.org/wiki/Social_network  2 Gross, Ralph, Alessandro Acquisti, and H. John Heinz III. (2005). Information Revelation and Privacy in Online SocialNetworks. Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, p. 71-80.  3 http://www.timesonline.co.uk/tol/news/uk/article6639521.ecehttp://www.timesonline.co.uk/tol/news/uk/article6639521.ece  4 Matthew M. Lucas, Nikita Borisov. (2008). FlyByNight: mitigating the privacy risks of social networking. WPES '08.  5 Saltzer J., Schroeder M., (1975). The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9), 1278–1308.  6 Andrew Besmer, Heather Richter Lipford, Mohamed Shehab, Gorrell Cheek. (2009). Social applications: exploring a more secure framework. SOUPS '09.  7 Doug Gross, CNN. Facebook to lose geography networks, add privacy features. http://www.cnn.com/2009/TECH/12/02/facebook.networks.changes/index.html

22 Thank you!

Download ppt "Security/Privacy Model for Social Computing By Chi Ben Department of Computer and Information Sciences, Florida A&M University 1333 Wahnish Way 308-A Banneker."

Similar presentations

CS5038 The Electronic Society Lecture: Social Networking Lecture Outline Social Networking Service Social Networking Sites –Bebo –Friendster –MySpace Social.

CS5038 The Electronic Society Lecture: Social Networking Lecture Outline Social Networking Service Social Networking Sites –Bebo –Friendster –MySpace Social.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.

Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.
The Internet.

The Internet.
Breaking Trust On The Internet

Breaking Trust On The Internet
Acceptable Use Policy –The Acceptable Use Policy defines the rules of the machine and internet connection you are on. –Specific policies differ by machine.

Acceptable Use Policy –The Acceptable Use Policy defines the rules of the machine and internet connection you are on. –Specific policies differ by machine.
Social media threats. Warning! May contain mild peril.

Social media threats. Warning! May contain mild peril.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Privacy in Social Networks CSCE 201. Reading Dwyer, Hiltz, Passerini, Trust and privacy concern within social networking sites: A comparison of Facebook.

Privacy in Social Networks CSCE 201. Reading Dwyer, Hiltz, Passerini, Trust and privacy concern within social networking sites: A comparison of Facebook.
Social Network Priyanka Agrawal. Introduction Social Network is a social structure made of nodes that are tied by one or more specific types of relations.

Social Network Priyanka Agrawal. Introduction Social Network is a social structure made of nodes that are tied by one or more specific types of relations.
Privacy Issues with Social Networking Sites Ai Ho, Abdou Maiga, Esma Aïmeur Département d'informatique et de recherche opérationnelle Université de Montréal.

Privacy Issues with Social Networking Sites Ai Ho, Abdou Maiga, Esma Aïmeur Département d'informatique et de recherche opérationnelle Université de Montréal.
Computer and Ethics. Ethical Problems Proliferation of computers and their networks have created new ethical problems The ACM has issued a Code of Ethics.

Computer and Ethics. Ethical Problems Proliferation of computers and their networks have created new ethical problems The ACM has issued a Code of Ethics.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
How To Protect Your Privacy and Avoid Identity Theft Online.

How To Protect Your Privacy and Avoid Identity Theft Online.
Online Social Networks and Security and Privacy Risks DCS860A-2008 Team 2 Andrew Boyd, Kaven Williams, and Sridevi Puramsetti.

Online Social Networks and Security and Privacy Risks DCS860A-2008 Team 2 Andrew Boyd, Kaven Williams, and Sridevi Puramsetti.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Social Networks Abhimanyu DhamijaAbhishek Kumar Munish MiniaPriyank Sharma.

Social Networks Abhimanyu DhamijaAbhishek Kumar Munish MiniaPriyank Sharma.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Similar presentations

Ads by Google