Access control for online social networks third party applications

Mohamed Shehab, Anna Squicciarini, Gail-Joon Ahn, Irini Kokkinou

Research output: Contribution to journalArticle

30 Citations (Scopus)

Abstract

With the development of Web 2.0 technologies, online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications. At the same time, these open interfaces pose serious privacy concerns as third party applications are usually given access to the user profiles. Current related research has focused on mainly user-to-user interactions in social networks, and seems to ignore the third party applications. In this paper, we present an access control framework to manage third party applications. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services. We assess the feasibility of our approach by developing a proof-of-concept implementation and by conducting user studies on a widely-used social network platform.

Original languageEnglish (US)
Pages (from-to)897-911
Number of pages15
JournalComputers and Security
Volume31
Issue number8
DOIs
StatePublished - Nov 2012

Fingerprint

Access control
social network
privacy
Finite automata
interaction

Keywords

  • Access control
  • Applications
  • Attribute generalization
  • Finite state machine
  • Social networks

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Cite this

Access control for online social networks third party applications. / Shehab, Mohamed; Squicciarini, Anna; Ahn, Gail-Joon; Kokkinou, Irini.

In: Computers and Security, Vol. 31, No. 8, 11.2012, p. 897-911.

Research output: Contribution to journalArticle

Shehab, Mohamed ; Squicciarini, Anna ; Ahn, Gail-Joon ; Kokkinou, Irini. / Access control for online social networks third party applications. In: Computers and Security. 2012 ; Vol. 31, No. 8. pp. 897-911.
@article{c22bfb3b3c364580be4d4699f50fe7d4,
title = "Access control for online social networks third party applications",
abstract = "With the development of Web 2.0 technologies, online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications. At the same time, these open interfaces pose serious privacy concerns as third party applications are usually given access to the user profiles. Current related research has focused on mainly user-to-user interactions in social networks, and seems to ignore the third party applications. In this paper, we present an access control framework to manage third party applications. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services. We assess the feasibility of our approach by developing a proof-of-concept implementation and by conducting user studies on a widely-used social network platform.",
keywords = "Access control, Applications, Attribute generalization, Finite state machine, Social networks",
author = "Mohamed Shehab and Anna Squicciarini and Gail-Joon Ahn and Irini Kokkinou",
year = "2012",
month = "11",
doi = "10.1016/j.cose.2012.07.008",
language = "English (US)",
volume = "31",
pages = "897--911",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",
number = "8",

}

TY - JOUR

T1 - Access control for online social networks third party applications

AU - Shehab, Mohamed

AU - Squicciarini, Anna

AU - Ahn, Gail-Joon

AU - Kokkinou, Irini

PY - 2012/11

Y1 - 2012/11

N2 - With the development of Web 2.0 technologies, online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications. At the same time, these open interfaces pose serious privacy concerns as third party applications are usually given access to the user profiles. Current related research has focused on mainly user-to-user interactions in social networks, and seems to ignore the third party applications. In this paper, we present an access control framework to manage third party applications. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services. We assess the feasibility of our approach by developing a proof-of-concept implementation and by conducting user studies on a widely-used social network platform.

AB - With the development of Web 2.0 technologies, online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications. At the same time, these open interfaces pose serious privacy concerns as third party applications are usually given access to the user profiles. Current related research has focused on mainly user-to-user interactions in social networks, and seems to ignore the third party applications. In this paper, we present an access control framework to manage third party applications. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services. We assess the feasibility of our approach by developing a proof-of-concept implementation and by conducting user studies on a widely-used social network platform.

KW - Access control

KW - Applications

KW - Attribute generalization

KW - Finite state machine

KW - Social networks

UR - http://www.scopus.com/inward/record.url?scp=84870302029&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84870302029&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2012.07.008

DO - 10.1016/j.cose.2012.07.008

M3 - Article

VL - 31

SP - 897

EP - 911

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

IS - 8

ER -