An Automata-Based Approach to Evolving Privacy Policies for Social Networks

  • Raúl Pardo
  • Christian Colombo
  • Gordon J. Pace
  • Gerardo Schneider
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10012)

Abstract

Online Social Networks (OSNs) are ubiquitous, with more than 70 % of Internet users being active users of such networking services. This widespread use of OSNs brings with it big threats and challenges, privacy being one of them. Most OSNs today offer a limited set of (static) privacy settings and do not allow for the definition, even less enforcement, of more dynamic privacy policies. In this paper we are concerned with the specification and enforcement of dynamic (and recurrent) privacy policies that are activated or deactivated by context (events). In particular, we present a novel formalism of policy automata, transition systems where privacy policies may be defined per state. We further propose an approach based on runtime verification techniques to define and enforce such policies. We provide a proof-of-concept implementation for the distributed social network Diaspora, using the runtime verification tool Larva to synthesise enforcement monitors.

Keywords

Static Policy Privacy Policy Policy Language Online Social Network Epistemic Logic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

This research has been supported by: the Swedish funding agency SSF under the grant Data Driven Secure Business Intelligence, the Swedish Research Council (Vetenskapsrådet) under grant Nr. 2015-04154 (PolUser: Rich User-Controlled Privacy Policies), the European ICT COST Action IC1402 (Runtime Verification beyond Monitoring (ARVI)), and the University of Malta Research Fund CPSRP07-16.

References

  1. 1.
    Alexa-ranking. http://www.alexa.com/topsites. Accessed 11 May 2016
  2. 2.
    Ben-Zvi, I., Moses, Y.: Agent-time epistemics and coordination. In: Lodaya, K. (ed.) Logic and Its Applications. LNCS, vol. 7750, pp. 97–108. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  3. 3.
    Harvard student loses Facebook internship after pointing out privacy flaws. http://www.boston.com/news/nation/2015/08/12/harvard-student-loses-facebook-internship-after-pointing-out-privacy-flaws/. Accessed 11 May 2016
  4. 4.
    Colombo, C., Pace, G.J., Schneider, G.: Dynamic event-based runtime monitoring of real-time and contextual properties. In: Cofer, D., Fantechi, A. (eds.) FMICS 2008. LNCS, vol. 5596, pp. 135–149. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Colombo, C., Pace, G.J., Schneider, G.: LARVA -a tool for runtime monitoring of Java programs. In: 7th IEEE International Conference on Software Engineering and Formal Methods (SEFM 2009), pp. 33–37. IEEE Computer Society (2009)Google Scholar
  6. 6.
    Diaspora*. https://diasporafoundation.org/. Accessed 11 May 2016
  7. 7.
    Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.Y.: Reasoning about Knowledge, vol. 4. MIT Press, Cambridge (2003)MATHGoogle Scholar
  8. 8.
  9. 9.
    Guernic, G.L.: Automaton-based confidentiality monitoring of concurrent programs. In: 20th IEEE Computer Security Foundations Symposium (CSF 2007), pp. 218–232 (2007)Google Scholar
  10. 10.
    Johnson, M., Egelman, S., Bellovin, S.M.: Facebook and privacy: it’s complicated. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS 2012, pp. 9:1–9:15. ACM, New York (2012)Google Scholar
  11. 11.
    Guernic, G., Banerjee, A., Jensen, T., Schmidt, D.A.: Automata-based confidentiality monitoring. In: Okada, M., Satoh, I. (eds.) ASIAN 2006. LNCS, vol. 4435, pp. 75–89. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-77505-8_7 CrossRefGoogle Scholar
  12. 12.
    Lenhart, A., Purcell, K., Smith, A., Zickuhr, K.: Social media & mobile internet use among teens and young adults. Pew Internet & American Life Project (2010)Google Scholar
  13. 13.
    Ligatti, J., Bauer, L., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Secur. 4, 2–16 (2005)CrossRefGoogle Scholar
  14. 14.
    Liu, Y., Gummadi, K.P., Krishnamurthy, B., Mislove, A.: Analyzing Facebook privacy settings: user expectations vs. reality. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, IMC 2011, pp. 61–70. ACM (2011)Google Scholar
  15. 15.
    Madejski, M., Johnson, M., Bellovin, S.: A study of privacy settings errors in an online social network. In: IEEE International Conference on Pervasive Computing and Communication Workshops (PERCOM Workshops 2012), pp. 340–345 (2012)Google Scholar
  16. 16.
    Madejski, M., Johnson, M.L., Bellovin, S.M.: The failure of online social network privacy settings. Columbia University Computer Science Technical Reports (2011)Google Scholar
  17. 17.
    Pardo, R.: Formalising privacy policies for social networks. Licentiate thesis, Department of Computer Science and Engineering, Chalmers University of Technology, p. 102 (2015)Google Scholar
  18. 18.
    Pardo, R., Schneider, G.: A formal privacy policy framework for social networks. In: Giannakopoulou, D., Salaün, G. (eds.) SEFM 2014. LNCS, vol. 8702, pp. 378–392. Springer, Heidelberg (2014)Google Scholar
  19. 19.
    Riesner, M., Netter, M., Pernul, G.: An analysis of implemented and desirable settings for identity management on social networking sites. In: 2012 Seventh International Conference on Availability, Reliability and Security (ARES), pp. 103–112, August 2012Google Scholar
  20. 20.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)CrossRefGoogle Scholar
  21. 21.
    Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J.A., Sussman, G.J.: Information accountability. Commun. ACM 51(6), 82–87 (2008)CrossRefGoogle Scholar
  22. 22.
    Woźna, B., Lomuscio, A.: A logic for knowledge, correctness, and real time. In: Leite, J., Torroni, P. (eds.) CLIMA 2004. LNCS (LNAI), vol. 3487, pp. 1–15. Springer, Heidelberg (2005). doi: 10.1007/11533092_1 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Raúl Pardo
    • 1
  • Christian Colombo
    • 3
  • Gordon J. Pace
    • 3
  • Gerardo Schneider
    • 2
  1. 1.Department of Computer Science and EngineeringChalmers University of TechnologyGothenburgSweden
  2. 2.Department of Computer Science and EngineeringUniversity of GothenburgGothenburgSweden
  3. 3.Department of Computer ScienceUniversity of MaltaMsidaMalta

Personalised recommendations