Social networks (SNs), including Facebook, Twitter and LinkedIn have developed on the Internet to become a leading paradigm of online interaction. SNs have been successful in attracting users, and providing a medium where users can easily share and distribute content. Such open availability of data exposes SN users to a number of security and privacy risks. Current SN architectures adopt a simple user centric policy management approach, where a security aware user is able to specify a policy that manages access to their posted content. However, the majority of users lack appropriate information to make informed privacy decisions.
The goal of this project is to develop a comprehensive and compelling framework that leverages data mining approaches and policies composed by other community members to provide the user with appropriate information required when making policy decisions. The wisdom of the community is aggregated and summarized to assist users when making policy decisions related to user-to-user interactions, and third party applications. The principal intellectual products resulting from this project will be the development of novel policy management frameworks that focuses on both usability, and leverages data mining, recommendations and policy sharing techniques to consult the SN community to aid in enhancing users? privacy policies.
This project has a broad societal impact on new business and community models for sharing on SNs, providing mechanisms that enable users to make more informed access decisions. In addition this project will support graduate and undergraduate students, and will engage K-12 students and enhance their understanding of privacy in SNs.
Mohamed Shehab and his research team at the University of North Carolina at Charlotte have investigated mechanisms to enhance the user's privacy policy management in online social networks. The project focuses on the user-to-user and user-to-3rd party application policies. For the user-to-user policy management we intoduced an approach that leverages the user's memory and opinion of their friends to set policies for other similar friends. We refer to this new approach as Same-As Policy Management. To demonstrate the effectiveness of our policy management improvements, we implemented a prototype Facebook application and conducted extensive user studies which included more than 600 participants from Facebook. In addition we investigated extending the same-as approach to include user posted objects such as video and photo albums. In addition, we developed Semi-Supervised Learning (SSL) approach to enable fine grain user centric policy management in online social networks. Our approach enabled users to build policy models that leverage the social network structure to propagate policy labels based on SSL and active learning. We implemented and tested our approach using real Facebook dataset. Our proposed approaches provided high accuracy and precision when compared to the other approaches. In addition our approach enabled users to compose policies for a large number of subjects while reducing the required effort. For the user-to-3rd party application policy management we investigated several approaches to enable the user to contorl access granted to third party applications. In the context of social networks, we proposed an extension to the open authorization protocol (OAuth 2.0) that enables the provisioning of fine-grained authorization recommendations to users when granting permissions to third party applications. We proposed a multicriteria recommendation model that utilizes application-based, user-based, and category-based collaborative filtering mechanisms. Our collaborative filtering mechanisms are based on previous user decisions, and application permission requests to enhance the privacy of the overall site’s user population. We implemented our proposed OAuth extension as a browser extension that allows users to easily configure their privacy settings at application installation time, provides recommendations on requested privacy permissions, and collects data regarding user decisions. The plugin was made available on the Mozilla Add-Ons website and the Google Chrome web store, the plugin was installed and used by 3,528 users. Our experiments on the collected data show that the proposed framework efficiently enhanced the user awareness and privacy related to third-party application authorizations. In the context of browser 3rd party applicaitons, we implemented a runtime framework as a browser extension called REM. REM monitors the accesses made by 3rd party Chrome extensions, informs users of the accesses, and allows them to customize the permissions given to extensions. The custom permission settings are enforced by the framework at runtime. We evaluated our framework on popular Chrome extensions & were successful in monitoring and controlling their accesses with little overhead. We also conducted a user study to evaluate the effectiveness of REM compared to current standard methods.
