TY - JOUR
T1 - Access control for online social networks third party applications
AU - Shehab, Mohamed
AU - Squicciarini, Anna
AU - Ahn, Gail Joon
AU - Kokkinou, Irini
PY - 2012/11
Y1 - 2012/11
N2 - With the development of Web 2.0 technologies, online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications. At the same time, these open interfaces pose serious privacy concerns as third party applications are usually given access to the user profiles. Current related research has focused on mainly user-to-user interactions in social networks, and seems to ignore the third party applications. In this paper, we present an access control framework to manage third party applications. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services. We assess the feasibility of our approach by developing a proof-of-concept implementation and by conducting user studies on a widely-used social network platform.
AB - With the development of Web 2.0 technologies, online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications. At the same time, these open interfaces pose serious privacy concerns as third party applications are usually given access to the user profiles. Current related research has focused on mainly user-to-user interactions in social networks, and seems to ignore the third party applications. In this paper, we present an access control framework to manage third party applications. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services. We assess the feasibility of our approach by developing a proof-of-concept implementation and by conducting user studies on a widely-used social network platform.
UR - http://www.scopus.com/inward/record.url?scp=84870302029&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84870302029&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2012.07.008
DO - 10.1016/j.cose.2012.07.008
M3 - Article
AN - SCOPUS:84870302029
SN - 0167-4048
VL - 31
SP - 897
EP - 911
JO - Computers and Security
JF - Computers and Security
IS - 8
ER -