Presentation is loading. Please wait.

Presentation is loading. Please wait.

Preserving User Privacy from Third-party Applications in Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security University.

Published byEustacia Barrett Modified over 9 years ago

Similar presentations

Presentation on theme: "Preserving User Privacy from Third-party Applications in Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security University."— Presentation transcript:

1 Preserving User Privacy from Third-party Applications in Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio Presentation at PSOSM13, Rio de Janeiro, Brazil May 14, 2013 1 Institute for Cyber Security World-Leading Research with Real-World Impact!

2 Agenda Privacy Issues of 3 rd -party Apps Countermeasures Access Control Framework Policy Model Conclusions 2 World-Leading Research with Real-World Impact!

3 Privacy Issues An all-or-nothing policy for application-to-user interactions – User has to grant the app full access, even if the app only needs partial data Users are not aware of the application’s real needs 3 World-Leading Research with Real-World Impact!

4 Privacy Issues (cont.) Coarse-grained opt-in/out privacy control does not let user specify policies for each piece of data Some permissions are given by user’s friend who installed the app, without user’s knowledge 4 World-Leading Research with Real-World Impact!

5 Countermeasures SummaryProsCons Data GeneralizationConvert private data to a privacy-nonsensitive form Have been widely accepted in recent solutions User-specified Privacy Preference Allow user to express their preference more flexibly Communication Interceptor Intercept requests, exert user preferences, and return sanitized or dummy data Lose functionality and integrity Information Flow Control Confine app execution and mediate information flow Enable post- authorization Need substantial modification to current architecture User-to-application Policy Model Provide a complete policy model for users to define, use and manage their own policies 5

6 Goal Protect inappropriate exposure of users’ private information to untrusted 3 rd party apps Propose an policy model for controlling application-to-user activities – More flexible further utilize the relationships and the social graph in OSN – Finer grained e.g., per resource vs. per resource type, distinction of different types of access 6 World-Leading Research with Real-World Impact!

7 Framework Overview Prevent applications from learning user’s private information while still maintaining the functionality Leave private information within OSN system and allow external servers of applications to retrieve non- private data 7 World-Leading Research with Real-World Impact!

8 Proposed Architecture 8 World-Leading Research with Real-World Impact!

9 Application Components Internal component – High trustworthy; can handle private data – Can be provided by OSN and 3 rd -party entities External component – Provided by 3 rd -party entities – Low trustworthy; cannot consume private data 9 World-Leading Research with Real-World Impact!

10 Communications OSN provided3 rd -party provided Communication w/ system calls M1M2 Communication w/ non- private data M3M4 10 World-Leading Research with Real-World Impact! Communication between components only through OSN- specified APIs Communication w/ system calls Communication w/ non-private data Communication w/ private data (not allowed)

11 Relationship-based Access Control w/ Apps 11 friend colleague follow install He didn’t install the app World-Leading Research with Real-World Impact!

12 Policy Specifications – action specifies the type of access – target indicates the resource to be accessed – start is the position where access evaluation begins, which can be either owner or requester – path rule represents the required pattern of relationship between the involved parties 12 e.g., “install”, “friend·install” World-Leading Research with Real-World Impact!

13 Policy Specifications – action specifies the type of access – target indicates the resource to be accessed – start is the position where access evaluation begins, which can be either owner or requester – path rule represents the required pattern of relationship between the involved parties – ModuleType = {M1, M2, M3, M4, external}, 2 ModuleType indicates the set of app module types allowed to access 13 World-Leading Research with Real-World Impact!

14 Example: App Request Notification – For apps she installed; Protect her data – For apps she installed ; Protect her friends’ data – For apps her friends installed; Protect her data 14 World-Leading Research with Real-World Impact!

15 Example: Accessing User’s Profile – DOB is private – Keystroke is non-private – Keystroke information is crucial for fulfilling functionality – Protect his friends’ data 15 World-Leading Research with Real-World Impact!

16 Conclusions Presented an access control framework – Split applications into different components with different privileges – Keep private data away from external components Provided a policy model for application-to- user policies – Specify different policies for different components of the same application 16 World-Leading Research with Real-World Impact!

17 Q&A Questions? ycheng@cs.utsa.edu http://my.cs.utsa.edu/~ycheng Twitter: @nbycheng 17 World-Leading Research with Real-World Impact!

Download ppt "Preserving User Privacy from Third-party Applications in Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security University."

Similar presentations

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
Trust Management of Services in Cloud Environments:

Trust Management of Services in Cloud Environments:
Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.

Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.
A Provenance-based Access Control Model (PBAC) July 18, 2012 PST’12, Paris, France Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.

A Provenance-based Access Control Model (PBAC) July 18, 2012 PST’12, Paris, France Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.
11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park.

11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
Privacy in Social Networks CSCE 201. Reading Dwyer, Hiltz, Passerini, Trust and privacy concern within social networking sites: A comparison of Facebook.

Privacy in Social Networks CSCE 201. Reading Dwyer, Hiltz, Passerini, Trust and privacy concern within social networking sites: A comparison of Facebook.
Named Data Networking for Social Network Content delivery P. Truong, B. Mathieu (Orange Labs), K. Satzke (Alu) E. Stephan (Orange Labs) draft-truong-icnrg-ndn-osn-00.txt.

Named Data Networking for Social Network Content delivery P. Truong, B. Mathieu (Orange Labs), K. Satzke (Alu) E. Stephan (Orange Labs) draft-truong-icnrg-ndn-osn-00.txt.
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.

1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)

Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.

11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

Similar presentations

Ads by Google