Social applications

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Social applications: exploring a more secure framework

Full text

Pdf (170 KB)

Source

ACM International Conference Proceeding Series archive
Proceedings of the 5th Symposium on Usable Privacy and Security table of contents

Mountain View, California

SESSION: Mental models table of contents

Article No. 2

Year of Publication: 2009

ISBN:978-1-60558-736-3

Authors

Andrew Besmer	University of North Carolina at Charlotte, Charlotte, NC
Heather Richter Lipford	University of North Carolina at Charlotte, Charlotte, NC
Mohamed Shehab	University of North Carolina at Charlotte, Charlotte, NC
Gorrell Cheek	University of North Carolina at Charlotte, Charlotte, NC

Sponsors

: Carnegie Mellon CyLab
: Google

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 85, Downloads (12 Months): 150, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1572532.1572535 What is a DOI?

ABSTRACT

Online social network sites, such as MySpace, Facebook and others have grown rapidly, with hundreds of millions of active users. A new feature on many sites is social applications -- applications and services written by third party developers that provide additional functionality linked to a user's profile. However, current application platforms put users at risk by permitting the disclosure of large amounts of personal information to these applications and their developers. This paper formally abstracts and defines the current access control model applied to these applications, and builds on it to create a more secure framework. We do so in the interest of preserving as much of the current architecture as possible, while seeking to provide a practical balance between security and privacy needs of the users, and the needs of the applications to access users' information. We present a user study of our interface design for setting a user-to-application policy. Our results indicate that the model and interface work for users who are more concerned with their privacy, but we still need to explore alternate means of creating policies for those who are less concerned.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	BBC News http://news.bbc.co.uk/2/hi/programmes/click_online/7375772.stm, accessed September 29, 2008.
	2	danah michele boyd, Friendster and publicly articulated social networking, CHI '04 extended abstracts on Human factors in computing systems, April 24-29, 2004, Vienna, Austria [doi>10.1145/985921.986043]
	3	CNet News, http://news.cnet.com/8301-10784_3-9977762-7.html, Accessed September 29, 2008.
	4	Rachna Dhamija , J. D. Tygar , Marti Hearst, Why phishing works, Proceedings of the SIGCHI conference on Human Factors in computing systems, April 22-27, 2006, Montréal, Québec, Canada [doi>10.1145/1124772.1124861]
	5	J. Donath , D. Boyd, Public Displays of Connection, BT Technology Journal, v.22 n.4, p.71-82, October 2004 [doi>10.1023/B:BTTJ.0000047585.06264.cc]
	6	Facebook http://www.facebook.com/press/info.php?statistics, accessed September 29, 2008.
	7	Felt A. and Evans D., Privacy Protection for Social Networking Platforms. In Web 2.0 Security and Privacy 2008, May 2008.
	8	Ralph Gross , Alessandro Acquisti , H. John Heinz, III, Information revelation and privacy in online social networks, Proceedings of the 2005 ACM workshop on Privacy in the electronic society, November 07-07, 2005, Alexandria, VA, USA [doi>10.1145/1102199.1102214]
	9	Jones H., Soltren J., Facebook: Threats to Privacy. MIT, December 14, 2005. Retrieved from http://www-swiss.ai.mit.edu/6805/student-papers/fall05-papers/facebook.pdf.
	10	Kumaraguru P. and Cranor L. 2005, Privacy Indexes: A Survey of Westin's Studies, ISRI Technical Report, CMU-ISRI-05-138, 2005.
	11	Heather Richter Lipford , Andrew Besmer , Jason Watson, Understanding privacy settings in facebook with an audience view, Proceedings of the 1st Conference on Usability, Psychology, and Security, p.1-8, April 14-14, 2008, San Francisco, California
	12	OpenSocial http://code.google.com/apis/opensocial/, accessed September 29, 2008.
	13	Ariel Rabkin, Personal knowledge questions for fallback authentication: security questions in the era of Facebook, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania [doi>10.1145/1408664.1408667]
	14	Saltzer J., Schroeder M., The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9), 1278--1308 1975.
	15	Mohamed Shehab , Anna Cinzia Squicciarini , Gail-Joon Ahn, Beyond User-to-User Access Control for Online Social Networks, Proceedings of the 10th International Conference on Information and Communications Security, October 20-22, 2008, Birmingham, UK [doi>10.1007/978-3-540-88625-9_12]
	16	Sophos.com (2007). Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves. Accessed August 8, 2007.
	17	Stutzman F., An evaluation of identity-sharing behavior in social network communities. In the Proceedings of iDMAa and IMS Code Conference, 2005.