SlideShare une entreprise Scribd logo

549 458-465

I
idescitation

Social Networking Sites have become the means of the communication and have experienced growth in the recent years. As these sites offer services for free of costs are attracting the people all around the world. Some technologies are emerging in the field of Internet but still the users are facing the security leakages by unauthorized users. Many of the Social Sites are managed by the Third Party Domains which keep track of all the user information along with the access details. Most Online Social Networking (OSN) Sites provide an “accept all or nothing” mechanism for managing permission from Third Party Access (TPA) to access user’s private data [3]. The Social Media sites do not provide any mechanism for privacy on the shared data among the multiple users. Many users share their personal information without knowing about the cyber thefts and risks associated with it. From the survey it has been found that the teenagers are least concerned about the navigating privacy. Privacy associated with the Social media is the very crucial thing. Different methods are discussed regarding sharing of the personal information and leakage of this information through different mediums. Different models are also proposed in this paper regarding the privacy control of third party access of the personal information. An approach is proposed which allows users to share their access control configuration for TPA s with their friends who can reuse and rate such configurations [3]

1  sur  8
Télécharger pour lire hors ligne
Privacy for Multiparty Access in Social Networking Sites: A Survey Ami Intwala1 and Mahesh Maurya2 1 Mukesh Patel School of Technology Management and Engineering (MPSTME), Computer Engineering, Mumbai, India Email: intwalaami@gmail.com 2 Professor, MPSTME-NMIMS, Mumbai, India Email: maheshkmaurya@yahoo.co.in Abstract— Social Networking Sites have become the means of the communication and have experienced growth in the recent years. As these sites offer services for free of costs are attracting the people all around the world. Some technologies are emerging in the field of Internet but still the users are facing the security leakages by unauthorized users. Many of the Social Sites are managed by the Third Party Domains which keep track of all the user information along with the access details. Most Online Social Networking (OSN) Sites provide an “accept all or nothing” mechanism for managing permission from Third Party Access (TPA) to access user’s private data [3]. The Social Media sites do not provide any mechanism for privacy on the shared data among the multiple users. Many users share their personal information without knowing about the cyber thefts and risks associated with it. From the survey it has been found that the teenagers are least concerned about the navigating privacy. Privacy associated with the Social media is the very crucial thing. Different methods are discussed regarding sharing of the personal information and leakage of this information through different mediums. Different models are also proposed in this paper regarding the privacy control of third party access of the personal information. An approach is proposed which allows users to share their access control configuration for TPA s with their friends who can reuse and rate such configurations [3]. Index Terms— Social Networking, Multiparty Access Control, Multiparty Access Control (MPAC) specification, Personally Identifiable Information (PII), Collaborative Privacy Management (CPM) I. INTRODUCTION Social networking sites are gaining the attraction of the people all around the world. The number is increasing every year of the Internet users who are also using Social networking sites, as these sites help the users to communicate easily in any part of the word. Microsoft made computers easy for everyone to use. Google helps us search out data. YouTube keeps everyone entertained. But Facebook has a huge advantage over those other sites: the emotional investment of its users [7]. So, as the size of the Social Media users are increasing due to its reliable usage, the management of the privacy of the personal data is also increased. These sites also help people to share photos and videos, make new friends and be in contact with the old friends. Most of the times the services provided by these sites are free of cost [2]. So hackers consider it as an advantage to get more and more information of the user. Kirkpatrick’s explained that today’s youth do not care about privacy and will not take any steps to protect it [5]. It was also found that youths (age 18-29 years) DOI: 02.ITC.2014.5.549 © Association of Computer Electronics and Electrical Engineers, 2014 Proc. of Int. Conf. on Recent Trends in Information, Telecommunication and Computing, ITC
459 are now becoming conscious about the privacy and they manage which parts of their profiles are accessible to others. Facebook has changed the social DNA, making users more accustomed to openness [7]. There are some drawbacks of using the social sites. Many times the users are unaware of the thefts related to social sites, so they share their personal information and pictures easily on the social medium. As access has become easier it became the centre of attraction for the users which also results in the security issues. All the users are provided with their individual space on the social sites where they can share their information and sometimes it may also contain their personal information like name, gender, DOB, education etc. which is actually known as the user profile. It is also possible for the user to comment or like on the other user space and can tag users from his/her own space which is actually giving the hyperlink to tagged user profile. This all requires security of the information which is shared by the user. Users have control over their own space but have no control over the other’s space. There are some of the basics security provided to all the users, like if the user wants to remove the tag on his/her photo, then it is possible to restrict other users to watch that photo publicly but the photo still remains in that space. On reporting to the social networking sites, the sites only allow us to keep or delete the content which result in too loose or too restrictive decision making [1]. Users should have control over their personal data which is shared with the social networking sites. The OSN sometimes, manage the user’s data with the help of the TPAs. Many of the social sites are managing the user’s details database using the Third-Party Domain Management. Even if a user is explicitly informed that a TPA would access certain pieces of information, she/he has no control over sharing only a subset of that information, the only alternative being not installing and using the application [3]. There are many issues regarding the privacy and security on the social sites. As the users are becoming aware of the thefts on social media they are now expecting different social sites company to clarify the privacy settings attached to each piece of information they post as well as what happens to the data after they share it [7]. Web application and web specification are deployed on the internet so policy based approach for the security requirements have achieved the great attention of the users. Policy-based computing handles complex system properties by separating policies from system implementation and enabling dynamic adaptability of system behaviours by changing policy configurations without reprogramming the systems [4]. XACML (eXtensible Access Control Markup Language) is used to specify access control policy for web applications. XACML profile for role-based access control (RBAC) provides a mapping between the RBAC and XACML [4]. To systematically represent the XACML policies, the method proposed is Answer Set Programming (ASP). Another model which is provided is MPAC (Multi-Party Access Control) model for the multiparty authorization requirements. II. ISSUES RELATED TO SOCIAL SITES As we all know that the cyber treat are increasing in the society. So here we will discuss some of the issues which became the centre of attraction for all people using the social networking sites. A. Privacy Privacy is the main issue in the social networking sites as users share their personal information without being aware of the cyber thefts. Sometimes it is possible that the users are unaware that their information are used and shared by the strangers. It is also possible that the users are least concerned about their information shared by some fake. Basic privacy is given to the users by the social sites but later user should be careful while making friends and accessing sites. For example, a user account has a privacy applied to it and only the friends in the list can view the information provided by user. Now a friend of his has no such privacy settings. So anyone can access user account from his friend’s account. B. User Authentication The user control over his/her space should be more specific. The user should get the highest priority of authentication when it is related to their personal information. For example, a user shares the information with a group of friends. Among them a friend again shares the information to their friends. In this manner the information is transferred to stranger and the chances of the misuse of the information increases. Thus, to share the shared information again, the authentication is to be provided by the owner of that information. C. Authorization vs. Social Network Growth It is the fact that if authentication is given to the user about their account then the growth of the sites will affect. So the company related to the sites give less preference to the authentication rather than the growth of the sites. So the authentication given to the users are limited which results in the security issues. The
460 company always provides the highest priority to the growth of the network than to the personal information provided by the user. Company provides ease of access of the application but the security provided is limited. D. Friends It has been found that user’s so-called “friends” could be the bigger threat to their privacy. For example, ‘If you are friends with someone on Facebook, and you trust them with your data. That’s the big privacy problem that most Facebook users have. They have too many friends that they don’t really know’ Kirkpatrick said [8]. Users share their any information with the friends, without knowing that sometimes they are sharing the information with some of the strangers. E. Permission Authentication Some permission of the resources is not assigned to the authenticated users, so some of permissions should be assigned to the users in the form of individual roles. This might reduce the leakage of the information to some extent as the user will be authenticating the strangers in his/her way. For example, a user (A) comments and tags a friend (B) with it on some of the other friend space (C) then the tagged friend has no authentication on that comment. F. Potential for Exploitation Actually there are two kinds of users: i. Creators: The actual users which share their information to the sites. They are also called the owner of the account. ii. Curators: The one who found the photo on the site, download it and paste it on the other sites. Generally, they try to access any account and get the information from it. That information thy uses and create another account with which the actual user is unaware. So, there is a big issue regarding the misuse of the information provided or shared. G. Child Safety Teenagers are attracted to the sites more as they are not aware of the risks associated with it. Sometimes parents also help their child to use sites without making aware of the risks. Teenagers share the information, photos and comments or write the status which attracts the spammer to know the users habits and try to evaluate their personal life. It is found that many of the children have experienced the harassment of social media [2]. According to Emily Bazelon a journalist, Facebook is trying to hit the kids from the neurological weak spot. According to her kids don’t have the same kind of impulse control that adults do [6]. H. Social Network Fatigue As we all know, the users cannot connect to another user unless they are on the same network platform. So the information required is same to create account on different sites, which may lead to the leakage of the information through any sites. For example, if the user has the account on Facebook and tries to connect to a friend who is using Google+, then it is not possible. Both the user should have the similar platform. I. Third-Party Access Third Party domains keep track of the information accessed by the user. Some sites hire the Third Party Access to keep track of the information accesses by the user. So it is even possible that the information tracked is leaked by the third-party through some servers. Even if the user is informed that some part of the information is accessed by the TPA, but the user have no control over the sharing of the information. The user should be careful before accessing such applications. Fig. 1: A Disseminator share user’s profile Fig. 2: User share a relationship
461 III. METHODS A. MPAC for Social Sites Multiple users have the different authorization requirements to a single resource [1]. The way to handle the account and provide privacy to the account differs from user to user. Thus the site is unable to provide privacy to users according to their requirements. The below scenarios show the authorization of the user provided by the sites: a. Profile Sharing: The users are authenticated to show their basic information name, gender, DOB, education, working status etc. to their friends which are authorized. It is completely based on the owner that what kind of information they want to share with the public which can be known or unknown to the user. Sometimes it may also be possible that the information is leaked through their friend’s profile attribute. Consider Fig.1, here the third party accessor (Accessor) is trying to access the user (Disseminator) account through the friend’s (owner) profile. So it can be judged that if the friends profile has weak privacy setting then also the information can be leaked. When any data is shared from the any user space to his/her own space is known as the disseminator. For example, if the user friend has uploaded a photo and user share the photo to his/her space then the user is the disseminator. b. Relationship Sharing: Any user can share their relationship with the other user member of the friend’s list. A user can only regulate and control the one direction of the relationship. If the user is in relationship with other members then he/she can access their friends list also. In Fig. 2, a user (Owner) has a relationship with another user (Stakeholder) shares a relationship with the Accessor. This means that if the accessor is in relationship with the user can he/ she can easily access the information of the stakeholder from the user account. In general, stakeholders are known as the tagged users. The tagged users are actually nothing but giving the hyperlink to that users account. For example, if the user has uploaded a photograph consisting of three friends and has tagged his both friends along with the photo, then both the friends are called the stakeholders of the photo and also have the control over that photo. c. Content Sharing: Sharing any content is nothing but sharing the information such as content, upload the photo, share comment and tag the other users. It also includes the status content which has been viewed by all in the friend’s list. Fig. 3 indicates that if a photo containing multiple users is shared on the network, then the user itself is the owner who uploaded the photo and the other in the photo are stakeholders. It is possible that for content there can be multiple stakeholders. Fig. 3: Shared content has multiple stakeholders Fig. 4: Shared content published by a contributor Fig. 4 shows that if the user comment on the friend’s profile by tagging another friend to it, then user is the contributor, tagged friend is the stakeholder and the friends profile is the owner of the space. Contributor is actually the user who is sharing the content to some friend’s space. It means user is actually contributing to someone else’s space from his/her space. For example, if a user’s friend has uploaded a photograph in his space and the user comments on it, then the user is known as the contributor and the user’s friend is known as the owner of that photograph. In Fig. 5, it is possible for the disseminator to share the information shared by some other friend to his/her friends group. B. Personally Identifiable Information (PII) Personally Identifiable Information can be defined as, the information which can be used to distinguish or to trace an individual’s identity either alone or when combined with other information which is linkable to the
462 specific individual [2]. Table 1 show some of the level of the PII Availability based on the attribute of the PII and the count is based on the different Social Networking Sites. From the information provided the malicious user’s tries to access the habit and behaviour of the user. Sometimes this information is used to make another account on the same site or the different sites. For example, a user is having the account on Facebook but not on LinkedIn. So the information is used to create the malicious account on LinkedIn outside the awareness of the owner. C. Third Party Domains used by SNSs Some of the networking sites use the third party domains to keep track of all the users related to those sites. So the Third Party domains are constantly tracking users visit to the sites and record it, which can create a greater issue of the privacy in SNSs [2]. In the survey, it was found that Orkut doesn’t use any third party domain to track users visit, Twitter uses “google-analysis.com” and Facebook uses “advertising.com” and “atdmt.com” [2]. The information transferred to the third-party can be in three ways: The referrer header, the Uniform Resource Locator (URL), or the Cookie. So there are chances of the leakage through these mediums also. Fig. 5: Disseminator sharing the information TABLE I: PII AVAILABILITY COUNT [2] Attributes of PII Levels of the PII Availability Always Available Available by default Unavailable by default Always Unavailable Personal Photo 9 2 1 0 Location 5 7 0 0 Name 5 6 1 0 Gender 4 6 0 2 DOB 2 5 4 1 Friends 1 10 1 0 IV. TECHNOLOGIES USED A. MPAC Policy Specification To enable a collaborative authorization management of data sharing in OSNs, it is essential for MPAC policies to be in place to regulate access over shared data, representing authorization requirements from multiple associated users [1]. a. Accessor Specification: Accessors are the users who are authorized to use the shared data. Accessors may also be the set of user’s names, set of relationship name and the set of group name in the Social networking site. b. Data Specification: Data are composed of the information from user profile, user relationship and the user content. The sensitivity levels (SL) are assigned for the data by the controllers for the shared data items. c. MPAC Policy is given by the combination of both the specifications i.e. Accessor Specification and Data Specification. B. eXtensible Access Control Markup Language Based on the program written in the XACML (eXtensible Access Control Markup Language) and different constraints defined in the program, it becomes easy for the system to decide whether the user who is trying to access the information should be permitted or not at some particular time. Policy and policy sets is the root of
463 the XACML policies. Policy set is composed of a policies or policies sets, policy combining algorithm and a target. A target defines as the subject, resources and actions the policy or policy set applies to [4]. If for a policy or a policy set, the target is true then the decision is taken on the request otherwise no decision is taken. A rule set is the set of rules which consists of a target, condition and its effect. A target is defined as the subject, resource or the action the rules or rules set applies to. The conditions are the Boolean Expressions which restrict the target and the effect can be any among ‘permit’, ‘deny’, or ‘intermediate’. There are four different rule combining algorithms: 1. Permit Overrides: If there is any applicable rule that evaluates to permit, then the decision is permit. If there is no applicable rule that evaluates to permit but there is an applicable rule that evaluates to deny, then the decision is deny. Otherwise, the decision is Not Applicable. 2. Deny Overrides: If there is any applicable rule that evaluates to deny, then the decision is deny. If there is no applicable rule that evaluates to deny but there is an applicable rule that evaluates to permit, then the decision is permit. Otherwise, the decision is Not Applicable. 3. First Applicable: The decision is the effect of the first applicable rule in the listed order. If there is no applicable rule, then the decision is Not Applicable. 4. Only-One-Applicable: If more than one rule is applicable, then the decision is indeterminate. If there is only one applicable rule, then the decision is true for that rule. If no rule is applicable, then the decision is not applicable. C. Role-based Access Control RBAC is based on the role of the subjects and can specify the security policy in a way that maps to an organizational structure [4]. Roles are organized in a partial order ≥, so that if x ≥ y then a role x inherits the permissions of a role y. Therefore members of a role x are also implicitly members of a role y. With the help of role based access control (RBAC) it is possible for the user to identify the incompatible roles of the user and prevent it based on different constraints specified. Identifying the conflicts and preventing it can be achieved by the Separation of Duty (SoD) principle. SoD constraints in RBAC can be divided into: 1. Static SoD constraints: The constraint requires that no user should be assigned to any conflicting roles. For example, a single user cannot work as an Engineer and as a developer simultaneously. 2. Dynamic SoD constraints: The constraint requires that no user can activate conflicting roles simultaneously. For example, a user can be an engineer and developer but at a particular time the user should perform only a single role, i.e. either engineer or a developer. 3. Historical SoD constraints: The constraints restrict the assignment and activation of conflicting roles over the course of time. For example, the according to time the user can be assigned different roles. Or it shows that at a particular time the user is having which role. a. Answer Set Programming: The idea of Answer Set Programming (ASP) is to represent the search problem user is interested in as a logic program whose intended models, called “stable models” (answer sets), correspond to the solutions of the problem, and then find these models using an answer set solver-a system for computing stable models [4]. The language used by the ASP is effective non-monotonic language. The mathematical foundation of Answer Set Programming was originated from understanding the meaning of negation as failure in Prolog, which has the rules of the form a1 a2, a3,…., am, not am+1,….,not an (1) where all ai are atoms and ‘not’ is the symbol for negation as the failure is also known as default negation. The above equation indicates that, if you have generated a2, ..., am and it is impossible to generate any of am+1, …, an then you may generate a1. D. Collaborative Privacy Management (CPM) Framework a. Overview The framework provides the interceptor mechanism which acts as the membrane between the TPAs and the OSNs. All the information requested has to pass to this membrane and is intercepted. During installation, the framework make use of the personal information of the user, for which the user have the option whether to allow permission or send some dummy data for his/her privacy. The user can also change the privacy permission for the specific application.
464 Fig. 6: Interceptor mechanism on the CPM Framework b. Interceptor Implementation The prototype implementation of the CPM was done on the Facebook Platform Application. The framework is presented exactly as any other application inside an IFrame but in reality is it sits between TPAs and Facebook servers. Fig. 6 illustrates the interception mechanism which operates as follows. 1. Interceptor prevent applications from interacting directly with Facebook's Graph API (Graph API is the primary way to communicate to the Facebook); the CPM Interceptor exports an identical API through which it captures all outgoing application data requests, noting the access token of each one. 2. Using this access token CPM extracts the application ID and the user information from whom the request was initiated. 3. The Interceptor then forwards each such request to Facebook's Graph API using the same access token and retrieves the corresponding data items. 4. Having retrieved the data, CPM Framework evaluates and filters it according to the user's access control rules before returning this filtered data to the original TPA. V. CONCLUSIONS The user should not share the personal information until a proper privacy settings are applied on the user account. Due to information leakage, threats occur which can harm user’s privacy. Collaborative privacy management approach is used to raise awareness about data privacy issues arising from the third party access. MPAC model was formulated along with the multiparty policy specification scheme. A framework was designed to analyze the XACML-Based RBAC Policy which efficiently supports the larger access control policies. All the different kinds of methods and technologies discussed are basically set on the user system so that the user can gain more privacy from the Internet. For the future scope, we would like to investigate more comprehensive conflict resolution approach. The Collaborative management approach should be applied on large amount of the data sets. The Mapping approach of the XACML should handle the complicated conditions. The main thing is the making the model which gives the highest authentication and priority to the user whose information is being leaked and misused. ACKNOWLEDGMENT With immense pleasure we would also like to thank Dr. Dhirendra Mishra, Assistant Professor and Head of Department, Computer Engineering for his constant support and guidance throughout my project work. We would also like to thank everyone who participated in this project. REFERENCES [1] Hongxin Hu, Gail-JoonAhn, and Jan Jorgensen, “Multiparty Access Control for Online Social Networks: Models and mechanisms”, IEEE Transactions on Knowledge and Data Engineering, July 2013 [2] Pallavi I. Powale, and Ganesh D. Bhutkar, “Overview of Privacy in Social Networking Sites (SNS)”, International Journal of Computer Application, July 2013 [3] Pauline Anthonysamy, Awais Rashid, James Walkerdine, Phil Greenwood, GeorgiosLarkou, “Collaborative Privacy Management for Third-Party Applications in Online Social Networks”, Lancaster University, 2012
465 [4] Gail-JoonAhn, Hongxin Hu, Joohyung Lee and YunsongMeng, “Representing and Reasoning about Web Access Control Policies”, Arizona State University, 2011. [5] Danah Boyd and Ezster Hargittai “Facebook Privacy Settings: Who Cares?”, First-Monday Peer-Revied Journal on the Internet, Vol. 15, August 2010 [6] The New York Times, “Facebook Shifts Its Rules on Privacy for Teenagers”, 17th October 2013. [7] Dan Fletcher, “How Facebook is Redefining Privacy”, Time Magazine, May 2010. [8] Ann Babe, “Krikpatrick: Privacy Lawsuit won’t Slow Facebook’s Momentum”, January 2014.

Recommandé

YOURPRIVACYPROTECTOR: A RECOMMENDER SYSTEM FOR PRIVACY SETTINGS IN SOCIAL NET...
YOURPRIVACYPROTECTOR: A RECOMMENDER SYSTEM FOR PRIVACY SETTINGS IN SOCIAL NET...YOURPRIVACYPROTECTOR: A RECOMMENDER SYSTEM FOR PRIVACY SETTINGS IN SOCIAL NET...
YOURPRIVACYPROTECTOR: A RECOMMENDER SYSTEM FOR PRIVACY SETTINGS IN SOCIAL NET...ijsptm
 
A Survey On Privacy Policy Inference for Social Images
A Survey On Privacy Policy Inference for Social ImagesA Survey On Privacy Policy Inference for Social Images
A Survey On Privacy Policy Inference for Social ImagesIRJET Journal
 
Authorization mechanism for multiparty data sharing in social network
Authorization mechanism for multiparty data sharing in social networkAuthorization mechanism for multiparty data sharing in social network
Authorization mechanism for multiparty data sharing in social networkeSAT Publishing House
 
Social Networking Websites and Image Privacy
Social Networking Websites and Image PrivacySocial Networking Websites and Image Privacy
Social Networking Websites and Image PrivacyIOSR Journals
 
June Documentation
June DocumentationJune Documentation
June DocumentationThimothy Ratshivhadelo
 
My Privacy My decision: Control of Photo Sharing on Online Social Networks
My Privacy My decision: Control of Photo Sharing on Online Social NetworksMy Privacy My decision: Control of Photo Sharing on Online Social Networks
My Privacy My decision: Control of Photo Sharing on Online Social NetworksIRJET Journal
 
Security in social network araceli&arlethe
Security in social network araceli&arletheSecurity in social network araceli&arlethe
Security in social network araceli&arlethetecnologico de tuxtepec
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 

Recommandé

YOURPRIVACYPROTECTOR: A RECOMMENDER SYSTEM FOR PRIVACY SETTINGS IN SOCIAL NET...
YOURPRIVACYPROTECTOR: A RECOMMENDER SYSTEM FOR PRIVACY SETTINGS IN SOCIAL NET...YOURPRIVACYPROTECTOR: A RECOMMENDER SYSTEM FOR PRIVACY SETTINGS IN SOCIAL NET...
YOURPRIVACYPROTECTOR: A RECOMMENDER SYSTEM FOR PRIVACY SETTINGS IN SOCIAL NET...ijsptm
 
A Survey On Privacy Policy Inference for Social Images
A Survey On Privacy Policy Inference for Social ImagesA Survey On Privacy Policy Inference for Social Images
A Survey On Privacy Policy Inference for Social ImagesIRJET Journal
 
Authorization mechanism for multiparty data sharing in social network
Authorization mechanism for multiparty data sharing in social networkAuthorization mechanism for multiparty data sharing in social network
Authorization mechanism for multiparty data sharing in social networkeSAT Publishing House
 
Social Networking Websites and Image Privacy
Social Networking Websites and Image PrivacySocial Networking Websites and Image Privacy
Social Networking Websites and Image PrivacyIOSR Journals
 
June Documentation
June DocumentationJune Documentation
June DocumentationThimothy Ratshivhadelo
 
My Privacy My decision: Control of Photo Sharing on Online Social Networks
My Privacy My decision: Control of Photo Sharing on Online Social NetworksMy Privacy My decision: Control of Photo Sharing on Online Social Networks
My Privacy My decision: Control of Photo Sharing on Online Social NetworksIRJET Journal
 
Security in social network araceli&arlethe
Security in social network araceli&arletheSecurity in social network araceli&arlethe
Security in social network araceli&arlethetecnologico de tuxtepec
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Social network privacy guide
Social network privacy guideSocial network privacy guide
Social network privacy guideYury Chemerkin
 
PERSONAL INFORMATION PRIVACY SETTINGS OF ONLINE SOCIAL NETWORKS AND THEIR S...
PERSONAL INFORMATION PRIVACY SETTINGS OF ONLINE SOCIAL NETWORKS AND THEIR S...PERSONAL INFORMATION PRIVACY SETTINGS OF ONLINE SOCIAL NETWORKS AND THEIR S...
PERSONAL INFORMATION PRIVACY SETTINGS OF ONLINE SOCIAL NETWORKS AND THEIR S...ijsptm
 
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...IOSR Journals
 
Social network privacy & security
Social network privacy & securitySocial network privacy & security
Social network privacy & securitynadikari123
 
Implementation of Privacy Policy Specification System for User Uploaded Image...
Implementation of Privacy Policy Specification System for User Uploaded Image...Implementation of Privacy Policy Specification System for User Uploaded Image...
Implementation of Privacy Policy Specification System for User Uploaded Image...rahulmonikasharma
 
Final presentation future of personal relationships
Final presentation future of personal relationshipsFinal presentation future of personal relationships
Final presentation future of personal relationshipsJaya1gy
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
Cfadw Presentation
Cfadw PresentationCfadw Presentation
Cfadw Presentationguest09025b
 
Cfadw presentation
Cfadw presentationCfadw presentation
Cfadw presentationguestf8d4d6f
 
Internet
InternetInternet
InternetSlideegg
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
Security Dangers of Social Networking
Security Dangers of Social NetworkingSecurity Dangers of Social Networking
Security Dangers of Social NetworkingBillBrenner70
 
Social media privacy issues
Social media privacy issuesSocial media privacy issues
Social media privacy issuesNousheen Arshad
 
Social media and security essentials.pptx
Social media and security essentials.pptxSocial media and security essentials.pptx
Social media and security essentials.pptxPink Elephant
 
Faculty presentation 21 st december 2015
Faculty presentation 21 st december 2015Faculty presentation 21 st december 2015
Faculty presentation 21 st december 2015Kamoru Abiodun Balogun(Bsc,MIT,CCNA,OCA,PhD inview UPM)
 
The Power of Media Communication and Social Networks (Stand-alone PowerPoint ...
The Power of Media Communication and Social Networks (Stand-alone PowerPoint ...The Power of Media Communication and Social Networks (Stand-alone PowerPoint ...
The Power of Media Communication and Social Networks (Stand-alone PowerPoint ...Clarisse Anne Jose
 
Semantic web approach towards interoperability and privacy issues in social n...
Semantic web approach towards interoperability and privacy issues in social n...Semantic web approach towards interoperability and privacy issues in social n...
Semantic web approach towards interoperability and privacy issues in social n...ijwscjournal
 
Privacy issues in social networking
Privacy issues in social networkingPrivacy issues in social networking
Privacy issues in social networkingBryan Tran
 
Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.STO STRATEGY
 
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKS
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKSSECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKS
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKSZac Darcy
 
Social network privacy
Social network privacySocial network privacy
Social network privacySTO STRATEGY
 
A SMART WIZARD SYSTEM SUITABLE FOR USE WITH INTERNET MOBILE DEVICES TO ADJUST...
A SMART WIZARD SYSTEM SUITABLE FOR USE WITH INTERNET MOBILE DEVICES TO ADJUST...A SMART WIZARD SYSTEM SUITABLE FOR USE WITH INTERNET MOBILE DEVICES TO ADJUST...
A SMART WIZARD SYSTEM SUITABLE FOR USE WITH INTERNET MOBILE DEVICES TO ADJUST...ijsptm
 

Contenu connexe

Tendances

Social network privacy guide
Social network privacy guideSocial network privacy guide
Social network privacy guideYury Chemerkin
 
PERSONAL INFORMATION PRIVACY SETTINGS OF ONLINE SOCIAL NETWORKS AND THEIR S...
PERSONAL INFORMATION PRIVACY SETTINGS OF ONLINE SOCIAL NETWORKS AND THEIR S...PERSONAL INFORMATION PRIVACY SETTINGS OF ONLINE SOCIAL NETWORKS AND THEIR S...
PERSONAL INFORMATION PRIVACY SETTINGS OF ONLINE SOCIAL NETWORKS AND THEIR S...ijsptm
 
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...IOSR Journals
 
Social network privacy & security
Social network privacy & securitySocial network privacy & security
Social network privacy & securitynadikari123
 
Implementation of Privacy Policy Specification System for User Uploaded Image...
Implementation of Privacy Policy Specification System for User Uploaded Image...Implementation of Privacy Policy Specification System for User Uploaded Image...
Implementation of Privacy Policy Specification System for User Uploaded Image...rahulmonikasharma
 
Final presentation future of personal relationships
Final presentation future of personal relationshipsFinal presentation future of personal relationships
Final presentation future of personal relationshipsJaya1gy
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
Cfadw Presentation
Cfadw PresentationCfadw Presentation
Cfadw Presentationguest09025b
 
Cfadw presentation
Cfadw presentationCfadw presentation
Cfadw presentationguestf8d4d6f
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
Security Dangers of Social Networking
Security Dangers of Social NetworkingSecurity Dangers of Social Networking
Security Dangers of Social NetworkingBillBrenner70
 
Social media privacy issues
Social media privacy issuesSocial media privacy issues
Social media privacy issuesNousheen Arshad
 
Social media and security essentials.pptx
Social media and security essentials.pptxSocial media and security essentials.pptx
Social media and security essentials.pptxPink Elephant
 
The Power of Media Communication and Social Networks (Stand-alone PowerPoint ...
The Power of Media Communication and Social Networks (Stand-alone PowerPoint ...The Power of Media Communication and Social Networks (Stand-alone PowerPoint ...
The Power of Media Communication and Social Networks (Stand-alone PowerPoint ...Clarisse Anne Jose
 
Semantic web approach towards interoperability and privacy issues in social n...
Semantic web approach towards interoperability and privacy issues in social n...Semantic web approach towards interoperability and privacy issues in social n...
Semantic web approach towards interoperability and privacy issues in social n...ijwscjournal
 
Privacy issues in social networking
Privacy issues in social networkingPrivacy issues in social networking
Privacy issues in social networkingBryan Tran
 

Tendances (18)

Social network privacy guide
Social network privacy guideSocial network privacy guide
Social network privacy guide
 
PERSONAL INFORMATION PRIVACY SETTINGS OF ONLINE SOCIAL NETWORKS AND THEIR S...
PERSONAL INFORMATION PRIVACY SETTINGS OF ONLINE SOCIAL NETWORKS AND THEIR S...PERSONAL INFORMATION PRIVACY SETTINGS OF ONLINE SOCIAL NETWORKS AND THEIR S...
PERSONAL INFORMATION PRIVACY SETTINGS OF ONLINE SOCIAL NETWORKS AND THEIR S...
 
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
 
Social network privacy & security
Social network privacy & securitySocial network privacy & security
Social network privacy & security
 
Implementation of Privacy Policy Specification System for User Uploaded Image...
Implementation of Privacy Policy Specification System for User Uploaded Image...Implementation of Privacy Policy Specification System for User Uploaded Image...
Implementation of Privacy Policy Specification System for User Uploaded Image...
 
Final presentation future of personal relationships
Final presentation future of personal relationshipsFinal presentation future of personal relationships
Final presentation future of personal relationships
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risks
 
Cfadw Presentation
Cfadw PresentationCfadw Presentation
Cfadw Presentation
 
Cfadw presentation
Cfadw presentationCfadw presentation
Cfadw presentation
 
Internet
InternetInternet
Internet
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networks
 
Security Dangers of Social Networking
Security Dangers of Social NetworkingSecurity Dangers of Social Networking
Security Dangers of Social Networking
 
Social media privacy issues
Social media privacy issuesSocial media privacy issues
Social media privacy issues
 
Social media and security essentials.pptx
Social media and security essentials.pptxSocial media and security essentials.pptx
Social media and security essentials.pptx
 
Faculty presentation 21 st december 2015
Faculty presentation 21 st december 2015Faculty presentation 21 st december 2015
Faculty presentation 21 st december 2015
 
The Power of Media Communication and Social Networks (Stand-alone PowerPoint ...
The Power of Media Communication and Social Networks (Stand-alone PowerPoint ...The Power of Media Communication and Social Networks (Stand-alone PowerPoint ...
The Power of Media Communication and Social Networks (Stand-alone PowerPoint ...
 
Semantic web approach towards interoperability and privacy issues in social n...
Semantic web approach towards interoperability and privacy issues in social n...Semantic web approach towards interoperability and privacy issues in social n...
Semantic web approach towards interoperability and privacy issues in social n...
 
Privacy issues in social networking
Privacy issues in social networkingPrivacy issues in social networking
Privacy issues in social networking
 

Similaire à 549 458-465

Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.STO STRATEGY
 
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKS
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKSSECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKS
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKSZac Darcy
 
Social network privacy
Social network privacySocial network privacy
Social network privacySTO STRATEGY
 
A SMART WIZARD SYSTEM SUITABLE FOR USE WITH INTERNET MOBILE DEVICES TO ADJUST...
A SMART WIZARD SYSTEM SUITABLE FOR USE WITH INTERNET MOBILE DEVICES TO ADJUST...A SMART WIZARD SYSTEM SUITABLE FOR USE WITH INTERNET MOBILE DEVICES TO ADJUST...
A SMART WIZARD SYSTEM SUITABLE FOR USE WITH INTERNET MOBILE DEVICES TO ADJUST...ijsptm
 
IRJET- Secure Social Network using Text Mining
IRJET- Secure Social Network using Text MiningIRJET- Secure Social Network using Text Mining
IRJET- Secure Social Network using Text MiningIRJET Journal
 
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docxjoyjonna282
 
Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.Yury Chemerkin
 
An Access Control Model for Collaborative Management of Shared Data in OSNS
An Access Control Model for Collaborative Management of Shared Data in OSNSAn Access Control Model for Collaborative Management of Shared Data in OSNS
An Access Control Model for Collaborative Management of Shared Data in OSNSIJMER
 
Running Head SOCIAL NETWORKS DATA PRIVACY POLICIES1.docx
Running Head SOCIAL NETWORKS DATA PRIVACY POLICIES1.docxRunning Head SOCIAL NETWORKS DATA PRIVACY POLICIES1.docx
Running Head SOCIAL NETWORKS DATA PRIVACY POLICIES1.docxtodd521
 
Research on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data EnvironmentResearch on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data EnvironmentIJERA Editor
 
Research on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data EnvironmentResearch on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data EnvironmentIJERA Editor
 
Privacy Codes of Practice for the Social Web:
Privacy Codes of Practice for the Social Web:Privacy Codes of Practice for the Social Web:
Privacy Codes of Practice for the Social Web:girmaenideg
 
Impact of trust, security and privacy concerns in social networking: An explo...
Impact of trust, security and privacy concerns in social networking: An explo...Impact of trust, security and privacy concerns in social networking: An explo...
Impact of trust, security and privacy concerns in social networking: An explo...Anil Dhami
 
Social Network: Good or Bad
Social Network: Good or BadSocial Network: Good or Bad
Social Network: Good or Badmanesh Makheja
 
Brandon + Eddie users guide phi 235
Brandon + Eddie users guide phi 235Brandon + Eddie users guide phi 235
Brandon + Eddie users guide phi 235brendaylo
 
IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...
IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...
IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...IRJET Journal
 

Similaire à 549 458-465 (20)

Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.
 
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKS
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKSSECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKS
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKS
 
Social network privacy
Social network privacySocial network privacy
Social network privacy
 
A SMART WIZARD SYSTEM SUITABLE FOR USE WITH INTERNET MOBILE DEVICES TO ADJUST...
A SMART WIZARD SYSTEM SUITABLE FOR USE WITH INTERNET MOBILE DEVICES TO ADJUST...A SMART WIZARD SYSTEM SUITABLE FOR USE WITH INTERNET MOBILE DEVICES TO ADJUST...
A SMART WIZARD SYSTEM SUITABLE FOR USE WITH INTERNET MOBILE DEVICES TO ADJUST...
 
IRJET- Secure Social Network using Text Mining
IRJET- Secure Social Network using Text MiningIRJET- Secure Social Network using Text Mining
IRJET- Secure Social Network using Text Mining
 
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
 
Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.
 
An Access Control Model for Collaborative Management of Shared Data in OSNS
An Access Control Model for Collaborative Management of Shared Data in OSNSAn Access Control Model for Collaborative Management of Shared Data in OSNS
An Access Control Model for Collaborative Management of Shared Data in OSNS
 
Running Head SOCIAL NETWORKS DATA PRIVACY POLICIES1.docx
Running Head SOCIAL NETWORKS DATA PRIVACY POLICIES1.docxRunning Head SOCIAL NETWORKS DATA PRIVACY POLICIES1.docx
Running Head SOCIAL NETWORKS DATA PRIVACY POLICIES1.docx
 
Research on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data EnvironmentResearch on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data Environment
 
Research on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data EnvironmentResearch on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data Environment
 
Kt3518501858
Kt3518501858Kt3518501858
Kt3518501858
 
Privacy Codes of Practice for the Social Web:
Privacy Codes of Practice for the Social Web:Privacy Codes of Practice for the Social Web:
Privacy Codes of Practice for the Social Web:
 
Impact of trust, security and privacy concerns in social networking: An explo...
Impact of trust, security and privacy concerns in social networking: An explo...Impact of trust, security and privacy concerns in social networking: An explo...
Impact of trust, security and privacy concerns in social networking: An explo...
 
Ijcatr04041017
Ijcatr04041017Ijcatr04041017
Ijcatr04041017
 
L017146571
L017146571L017146571
L017146571
 
Social Network: Good or Bad
Social Network: Good or BadSocial Network: Good or Bad
Social Network: Good or Bad
 
Brandon + Eddie users guide phi 235
Brandon + Eddie users guide phi 235Brandon + Eddie users guide phi 235
Brandon + Eddie users guide phi 235
 
IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...
IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...
IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...
 
Social Networking Sites Essay
Social Networking Sites EssaySocial Networking Sites Essay
Social Networking Sites Essay
 

Plus de idescitation

Plus de idescitation (20)

65 113-121
65 113-12165 113-121
65 113-121
 
69 122-128
69 122-12869 122-128
69 122-128
 
71 338-347
71 338-34771 338-347
71 338-347
 
72 129-135
72 129-13572 129-135
72 129-135
 
74 136-143
74 136-14374 136-143
74 136-143
 
80 152-157
80 152-15780 152-157
80 152-157
 
82 348-355
82 348-35582 348-355
82 348-355
 
84 11-21
84 11-2184 11-21
84 11-21
 
62 328-337
62 328-33762 328-337
62 328-337
 
46 102-112
46 102-11246 102-112
46 102-112
 
47 292-298
47 292-29847 292-298
47 292-298
 
49 299-305
49 299-30549 299-305
49 299-305
 
57 306-311
57 306-31157 306-311
57 306-311
 
60 312-318
60 312-31860 312-318
60 312-318
 
5 1-10
5 1-105 1-10
5 1-10
 
11 69-81
11 69-8111 69-81
11 69-81
 
14 284-291
14 284-29114 284-291
14 284-291
 
15 82-87
15 82-8715 82-87
15 82-87
 
29 88-96
29 88-9629 88-96
29 88-96
 
43 97-101
43 97-10143 97-101
43 97-101
 

549 458-465

  • 1. Privacy for Multiparty Access in Social Networking Sites: A Survey Ami Intwala1 and Mahesh Maurya2 1 Mukesh Patel School of Technology Management and Engineering (MPSTME), Computer Engineering, Mumbai, India Email: intwalaami@gmail.com 2 Professor, MPSTME-NMIMS, Mumbai, India Email: maheshkmaurya@yahoo.co.in Abstract— Social Networking Sites have become the means of the communication and have experienced growth in the recent years. As these sites offer services for free of costs are attracting the people all around the world. Some technologies are emerging in the field of Internet but still the users are facing the security leakages by unauthorized users. Many of the Social Sites are managed by the Third Party Domains which keep track of all the user information along with the access details. Most Online Social Networking (OSN) Sites provide an “accept all or nothing” mechanism for managing permission from Third Party Access (TPA) to access user’s private data [3]. The Social Media sites do not provide any mechanism for privacy on the shared data among the multiple users. Many users share their personal information without knowing about the cyber thefts and risks associated with it. From the survey it has been found that the teenagers are least concerned about the navigating privacy. Privacy associated with the Social media is the very crucial thing. Different methods are discussed regarding sharing of the personal information and leakage of this information through different mediums. Different models are also proposed in this paper regarding the privacy control of third party access of the personal information. An approach is proposed which allows users to share their access control configuration for TPA s with their friends who can reuse and rate such configurations [3]. Index Terms— Social Networking, Multiparty Access Control, Multiparty Access Control (MPAC) specification, Personally Identifiable Information (PII), Collaborative Privacy Management (CPM) I. INTRODUCTION Social networking sites are gaining the attraction of the people all around the world. The number is increasing every year of the Internet users who are also using Social networking sites, as these sites help the users to communicate easily in any part of the word. Microsoft made computers easy for everyone to use. Google helps us search out data. YouTube keeps everyone entertained. But Facebook has a huge advantage over those other sites: the emotional investment of its users [7]. So, as the size of the Social Media users are increasing due to its reliable usage, the management of the privacy of the personal data is also increased. These sites also help people to share photos and videos, make new friends and be in contact with the old friends. Most of the times the services provided by these sites are free of cost [2]. So hackers consider it as an advantage to get more and more information of the user. Kirkpatrick’s explained that today’s youth do not care about privacy and will not take any steps to protect it [5]. It was also found that youths (age 18-29 years) DOI: 02.ITC.2014.5.549 © Association of Computer Electronics and Electrical Engineers, 2014 Proc. of Int. Conf. on Recent Trends in Information, Telecommunication and Computing, ITC
  • 2. 459 are now becoming conscious about the privacy and they manage which parts of their profiles are accessible to others. Facebook has changed the social DNA, making users more accustomed to openness [7]. There are some drawbacks of using the social sites. Many times the users are unaware of the thefts related to social sites, so they share their personal information and pictures easily on the social medium. As access has become easier it became the centre of attraction for the users which also results in the security issues. All the users are provided with their individual space on the social sites where they can share their information and sometimes it may also contain their personal information like name, gender, DOB, education etc. which is actually known as the user profile. It is also possible for the user to comment or like on the other user space and can tag users from his/her own space which is actually giving the hyperlink to tagged user profile. This all requires security of the information which is shared by the user. Users have control over their own space but have no control over the other’s space. There are some of the basics security provided to all the users, like if the user wants to remove the tag on his/her photo, then it is possible to restrict other users to watch that photo publicly but the photo still remains in that space. On reporting to the social networking sites, the sites only allow us to keep or delete the content which result in too loose or too restrictive decision making [1]. Users should have control over their personal data which is shared with the social networking sites. The OSN sometimes, manage the user’s data with the help of the TPAs. Many of the social sites are managing the user’s details database using the Third-Party Domain Management. Even if a user is explicitly informed that a TPA would access certain pieces of information, she/he has no control over sharing only a subset of that information, the only alternative being not installing and using the application [3]. There are many issues regarding the privacy and security on the social sites. As the users are becoming aware of the thefts on social media they are now expecting different social sites company to clarify the privacy settings attached to each piece of information they post as well as what happens to the data after they share it [7]. Web application and web specification are deployed on the internet so policy based approach for the security requirements have achieved the great attention of the users. Policy-based computing handles complex system properties by separating policies from system implementation and enabling dynamic adaptability of system behaviours by changing policy configurations without reprogramming the systems [4]. XACML (eXtensible Access Control Markup Language) is used to specify access control policy for web applications. XACML profile for role-based access control (RBAC) provides a mapping between the RBAC and XACML [4]. To systematically represent the XACML policies, the method proposed is Answer Set Programming (ASP). Another model which is provided is MPAC (Multi-Party Access Control) model for the multiparty authorization requirements. II. ISSUES RELATED TO SOCIAL SITES As we all know that the cyber treat are increasing in the society. So here we will discuss some of the issues which became the centre of attraction for all people using the social networking sites. A. Privacy Privacy is the main issue in the social networking sites as users share their personal information without being aware of the cyber thefts. Sometimes it is possible that the users are unaware that their information are used and shared by the strangers. It is also possible that the users are least concerned about their information shared by some fake. Basic privacy is given to the users by the social sites but later user should be careful while making friends and accessing sites. For example, a user account has a privacy applied to it and only the friends in the list can view the information provided by user. Now a friend of his has no such privacy settings. So anyone can access user account from his friend’s account. B. User Authentication The user control over his/her space should be more specific. The user should get the highest priority of authentication when it is related to their personal information. For example, a user shares the information with a group of friends. Among them a friend again shares the information to their friends. In this manner the information is transferred to stranger and the chances of the misuse of the information increases. Thus, to share the shared information again, the authentication is to be provided by the owner of that information. C. Authorization vs. Social Network Growth It is the fact that if authentication is given to the user about their account then the growth of the sites will affect. So the company related to the sites give less preference to the authentication rather than the growth of the sites. So the authentication given to the users are limited which results in the security issues. The
  • 3. 460 company always provides the highest priority to the growth of the network than to the personal information provided by the user. Company provides ease of access of the application but the security provided is limited. D. Friends It has been found that user’s so-called “friends” could be the bigger threat to their privacy. For example, ‘If you are friends with someone on Facebook, and you trust them with your data. That’s the big privacy problem that most Facebook users have. They have too many friends that they don’t really know’ Kirkpatrick said [8]. Users share their any information with the friends, without knowing that sometimes they are sharing the information with some of the strangers. E. Permission Authentication Some permission of the resources is not assigned to the authenticated users, so some of permissions should be assigned to the users in the form of individual roles. This might reduce the leakage of the information to some extent as the user will be authenticating the strangers in his/her way. For example, a user (A) comments and tags a friend (B) with it on some of the other friend space (C) then the tagged friend has no authentication on that comment. F. Potential for Exploitation Actually there are two kinds of users: i. Creators: The actual users which share their information to the sites. They are also called the owner of the account. ii. Curators: The one who found the photo on the site, download it and paste it on the other sites. Generally, they try to access any account and get the information from it. That information thy uses and create another account with which the actual user is unaware. So, there is a big issue regarding the misuse of the information provided or shared. G. Child Safety Teenagers are attracted to the sites more as they are not aware of the risks associated with it. Sometimes parents also help their child to use sites without making aware of the risks. Teenagers share the information, photos and comments or write the status which attracts the spammer to know the users habits and try to evaluate their personal life. It is found that many of the children have experienced the harassment of social media [2]. According to Emily Bazelon a journalist, Facebook is trying to hit the kids from the neurological weak spot. According to her kids don’t have the same kind of impulse control that adults do [6]. H. Social Network Fatigue As we all know, the users cannot connect to another user unless they are on the same network platform. So the information required is same to create account on different sites, which may lead to the leakage of the information through any sites. For example, if the user has the account on Facebook and tries to connect to a friend who is using Google+, then it is not possible. Both the user should have the similar platform. I. Third-Party Access Third Party domains keep track of the information accessed by the user. Some sites hire the Third Party Access to keep track of the information accesses by the user. So it is even possible that the information tracked is leaked by the third-party through some servers. Even if the user is informed that some part of the information is accessed by the TPA, but the user have no control over the sharing of the information. The user should be careful before accessing such applications. Fig. 1: A Disseminator share user’s profile Fig. 2: User share a relationship
  • 4. 461 III. METHODS A. MPAC for Social Sites Multiple users have the different authorization requirements to a single resource [1]. The way to handle the account and provide privacy to the account differs from user to user. Thus the site is unable to provide privacy to users according to their requirements. The below scenarios show the authorization of the user provided by the sites: a. Profile Sharing: The users are authenticated to show their basic information name, gender, DOB, education, working status etc. to their friends which are authorized. It is completely based on the owner that what kind of information they want to share with the public which can be known or unknown to the user. Sometimes it may also be possible that the information is leaked through their friend’s profile attribute. Consider Fig.1, here the third party accessor (Accessor) is trying to access the user (Disseminator) account through the friend’s (owner) profile. So it can be judged that if the friends profile has weak privacy setting then also the information can be leaked. When any data is shared from the any user space to his/her own space is known as the disseminator. For example, if the user friend has uploaded a photo and user share the photo to his/her space then the user is the disseminator. b. Relationship Sharing: Any user can share their relationship with the other user member of the friend’s list. A user can only regulate and control the one direction of the relationship. If the user is in relationship with other members then he/she can access their friends list also. In Fig. 2, a user (Owner) has a relationship with another user (Stakeholder) shares a relationship with the Accessor. This means that if the accessor is in relationship with the user can he/ she can easily access the information of the stakeholder from the user account. In general, stakeholders are known as the tagged users. The tagged users are actually nothing but giving the hyperlink to that users account. For example, if the user has uploaded a photograph consisting of three friends and has tagged his both friends along with the photo, then both the friends are called the stakeholders of the photo and also have the control over that photo. c. Content Sharing: Sharing any content is nothing but sharing the information such as content, upload the photo, share comment and tag the other users. It also includes the status content which has been viewed by all in the friend’s list. Fig. 3 indicates that if a photo containing multiple users is shared on the network, then the user itself is the owner who uploaded the photo and the other in the photo are stakeholders. It is possible that for content there can be multiple stakeholders. Fig. 3: Shared content has multiple stakeholders Fig. 4: Shared content published by a contributor Fig. 4 shows that if the user comment on the friend’s profile by tagging another friend to it, then user is the contributor, tagged friend is the stakeholder and the friends profile is the owner of the space. Contributor is actually the user who is sharing the content to some friend’s space. It means user is actually contributing to someone else’s space from his/her space. For example, if a user’s friend has uploaded a photograph in his space and the user comments on it, then the user is known as the contributor and the user’s friend is known as the owner of that photograph. In Fig. 5, it is possible for the disseminator to share the information shared by some other friend to his/her friends group. B. Personally Identifiable Information (PII) Personally Identifiable Information can be defined as, the information which can be used to distinguish or to trace an individual’s identity either alone or when combined with other information which is linkable to the
  • 5. 462 specific individual [2]. Table 1 show some of the level of the PII Availability based on the attribute of the PII and the count is based on the different Social Networking Sites. From the information provided the malicious user’s tries to access the habit and behaviour of the user. Sometimes this information is used to make another account on the same site or the different sites. For example, a user is having the account on Facebook but not on LinkedIn. So the information is used to create the malicious account on LinkedIn outside the awareness of the owner. C. Third Party Domains used by SNSs Some of the networking sites use the third party domains to keep track of all the users related to those sites. So the Third Party domains are constantly tracking users visit to the sites and record it, which can create a greater issue of the privacy in SNSs [2]. In the survey, it was found that Orkut doesn’t use any third party domain to track users visit, Twitter uses “google-analysis.com” and Facebook uses “advertising.com” and “atdmt.com” [2]. The information transferred to the third-party can be in three ways: The referrer header, the Uniform Resource Locator (URL), or the Cookie. So there are chances of the leakage through these mediums also. Fig. 5: Disseminator sharing the information TABLE I: PII AVAILABILITY COUNT [2] Attributes of PII Levels of the PII Availability Always Available Available by default Unavailable by default Always Unavailable Personal Photo 9 2 1 0 Location 5 7 0 0 Name 5 6 1 0 Gender 4 6 0 2 DOB 2 5 4 1 Friends 1 10 1 0 IV. TECHNOLOGIES USED A. MPAC Policy Specification To enable a collaborative authorization management of data sharing in OSNs, it is essential for MPAC policies to be in place to regulate access over shared data, representing authorization requirements from multiple associated users [1]. a. Accessor Specification: Accessors are the users who are authorized to use the shared data. Accessors may also be the set of user’s names, set of relationship name and the set of group name in the Social networking site. b. Data Specification: Data are composed of the information from user profile, user relationship and the user content. The sensitivity levels (SL) are assigned for the data by the controllers for the shared data items. c. MPAC Policy is given by the combination of both the specifications i.e. Accessor Specification and Data Specification. B. eXtensible Access Control Markup Language Based on the program written in the XACML (eXtensible Access Control Markup Language) and different constraints defined in the program, it becomes easy for the system to decide whether the user who is trying to access the information should be permitted or not at some particular time. Policy and policy sets is the root of
  • 6. 463 the XACML policies. Policy set is composed of a policies or policies sets, policy combining algorithm and a target. A target defines as the subject, resources and actions the policy or policy set applies to [4]. If for a policy or a policy set, the target is true then the decision is taken on the request otherwise no decision is taken. A rule set is the set of rules which consists of a target, condition and its effect. A target is defined as the subject, resource or the action the rules or rules set applies to. The conditions are the Boolean Expressions which restrict the target and the effect can be any among ‘permit’, ‘deny’, or ‘intermediate’. There are four different rule combining algorithms: 1. Permit Overrides: If there is any applicable rule that evaluates to permit, then the decision is permit. If there is no applicable rule that evaluates to permit but there is an applicable rule that evaluates to deny, then the decision is deny. Otherwise, the decision is Not Applicable. 2. Deny Overrides: If there is any applicable rule that evaluates to deny, then the decision is deny. If there is no applicable rule that evaluates to deny but there is an applicable rule that evaluates to permit, then the decision is permit. Otherwise, the decision is Not Applicable. 3. First Applicable: The decision is the effect of the first applicable rule in the listed order. If there is no applicable rule, then the decision is Not Applicable. 4. Only-One-Applicable: If more than one rule is applicable, then the decision is indeterminate. If there is only one applicable rule, then the decision is true for that rule. If no rule is applicable, then the decision is not applicable. C. Role-based Access Control RBAC is based on the role of the subjects and can specify the security policy in a way that maps to an organizational structure [4]. Roles are organized in a partial order ≥, so that if x ≥ y then a role x inherits the permissions of a role y. Therefore members of a role x are also implicitly members of a role y. With the help of role based access control (RBAC) it is possible for the user to identify the incompatible roles of the user and prevent it based on different constraints specified. Identifying the conflicts and preventing it can be achieved by the Separation of Duty (SoD) principle. SoD constraints in RBAC can be divided into: 1. Static SoD constraints: The constraint requires that no user should be assigned to any conflicting roles. For example, a single user cannot work as an Engineer and as a developer simultaneously. 2. Dynamic SoD constraints: The constraint requires that no user can activate conflicting roles simultaneously. For example, a user can be an engineer and developer but at a particular time the user should perform only a single role, i.e. either engineer or a developer. 3. Historical SoD constraints: The constraints restrict the assignment and activation of conflicting roles over the course of time. For example, the according to time the user can be assigned different roles. Or it shows that at a particular time the user is having which role. a. Answer Set Programming: The idea of Answer Set Programming (ASP) is to represent the search problem user is interested in as a logic program whose intended models, called “stable models” (answer sets), correspond to the solutions of the problem, and then find these models using an answer set solver-a system for computing stable models [4]. The language used by the ASP is effective non-monotonic language. The mathematical foundation of Answer Set Programming was originated from understanding the meaning of negation as failure in Prolog, which has the rules of the form a1 a2, a3,…., am, not am+1,….,not an (1) where all ai are atoms and ‘not’ is the symbol for negation as the failure is also known as default negation. The above equation indicates that, if you have generated a2, ..., am and it is impossible to generate any of am+1, …, an then you may generate a1. D. Collaborative Privacy Management (CPM) Framework a. Overview The framework provides the interceptor mechanism which acts as the membrane between the TPAs and the OSNs. All the information requested has to pass to this membrane and is intercepted. During installation, the framework make use of the personal information of the user, for which the user have the option whether to allow permission or send some dummy data for his/her privacy. The user can also change the privacy permission for the specific application.
  • 7. 464 Fig. 6: Interceptor mechanism on the CPM Framework b. Interceptor Implementation The prototype implementation of the CPM was done on the Facebook Platform Application. The framework is presented exactly as any other application inside an IFrame but in reality is it sits between TPAs and Facebook servers. Fig. 6 illustrates the interception mechanism which operates as follows. 1. Interceptor prevent applications from interacting directly with Facebook's Graph API (Graph API is the primary way to communicate to the Facebook); the CPM Interceptor exports an identical API through which it captures all outgoing application data requests, noting the access token of each one. 2. Using this access token CPM extracts the application ID and the user information from whom the request was initiated. 3. The Interceptor then forwards each such request to Facebook's Graph API using the same access token and retrieves the corresponding data items. 4. Having retrieved the data, CPM Framework evaluates and filters it according to the user's access control rules before returning this filtered data to the original TPA. V. CONCLUSIONS The user should not share the personal information until a proper privacy settings are applied on the user account. Due to information leakage, threats occur which can harm user’s privacy. Collaborative privacy management approach is used to raise awareness about data privacy issues arising from the third party access. MPAC model was formulated along with the multiparty policy specification scheme. A framework was designed to analyze the XACML-Based RBAC Policy which efficiently supports the larger access control policies. All the different kinds of methods and technologies discussed are basically set on the user system so that the user can gain more privacy from the Internet. For the future scope, we would like to investigate more comprehensive conflict resolution approach. The Collaborative management approach should be applied on large amount of the data sets. The Mapping approach of the XACML should handle the complicated conditions. The main thing is the making the model which gives the highest authentication and priority to the user whose information is being leaked and misused. ACKNOWLEDGMENT With immense pleasure we would also like to thank Dr. Dhirendra Mishra, Assistant Professor and Head of Department, Computer Engineering for his constant support and guidance throughout my project work. We would also like to thank everyone who participated in this project. REFERENCES [1] Hongxin Hu, Gail-JoonAhn, and Jan Jorgensen, “Multiparty Access Control for Online Social Networks: Models and mechanisms”, IEEE Transactions on Knowledge and Data Engineering, July 2013 [2] Pallavi I. Powale, and Ganesh D. Bhutkar, “Overview of Privacy in Social Networking Sites (SNS)”, International Journal of Computer Application, July 2013 [3] Pauline Anthonysamy, Awais Rashid, James Walkerdine, Phil Greenwood, GeorgiosLarkou, “Collaborative Privacy Management for Third-Party Applications in Online Social Networks”, Lancaster University, 2012
  • 8. 465 [4] Gail-JoonAhn, Hongxin Hu, Joohyung Lee and YunsongMeng, “Representing and Reasoning about Web Access Control Policies”, Arizona State University, 2011. [5] Danah Boyd and Ezster Hargittai “Facebook Privacy Settings: Who Cares?”, First-Monday Peer-Revied Journal on the Internet, Vol. 15, August 2010 [6] The New York Times, “Facebook Shifts Its Rules on Privacy for Teenagers”, 17th October 2013. [7] Dan Fletcher, “How Facebook is Redefining Privacy”, Time Magazine, May 2010. [8] Ann Babe, “Krikpatrick: Privacy Lawsuit won’t Slow Facebook’s Momentum”, January 2014.