Skip to main content

An Automata-Based Approach to Evolving Privacy Policies for Social Networks

Part of the Lecture Notes in Computer Science book series (LNPSE,volume 10012)

Abstract

Online Social Networks (OSNs) are ubiquitous, with more than 70 % of Internet users being active users of such networking services. This widespread use of OSNs brings with it big threats and challenges, privacy being one of them. Most OSNs today offer a limited set of (static) privacy settings and do not allow for the definition, even less enforcement, of more dynamic privacy policies. In this paper we are concerned with the specification and enforcement of dynamic (and recurrent) privacy policies that are activated or deactivated by context (events). In particular, we present a novel formalism of policy automata, transition systems where privacy policies may be defined per state. We further propose an approach based on runtime verification techniques to define and enforce such policies. We provide a proof-of-concept implementation for the distributed social network Diaspora, using the runtime verification tool Larva to synthesise enforcement monitors.

Keywords

  • Static Policy
  • Privacy Policy
  • Policy Language
  • Online Social Network
  • Epistemic Logic

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-46982-9_18
  • Chapter length: 17 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   79.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-46982-9
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   99.99
Price excludes VAT (USA)
Fig. 1.

Notes

  1. 1.

    In the rest of the paper we take SPL to be the set of well-formed policy formulae of the static policy language.

  2. 2.

    When we draw a policy automaton, transitions for events that are not explicitly drawn are assumed to be reflexive.

  3. 3.

    We present these semantics in terms of general configurations, rather than the automata states, since we envisage the extension of the automata to handle local symbolic state, requiring a richer configuration but still in line with the definitions given in this paper.

  4. 4.

    The supra-index over events represent the number of occurrences of the event, so \(\textit{my-location}^3\) represent the sequence of events \(\textit{my-location}; \textit{my-location}; \textit{my-location}\).

  5. 5.

    Diaspora* does not support tagging users in pictures.

References

  1. Alexa-ranking. http://www.alexa.com/topsites. Accessed 11 May 2016

  2. Ben-Zvi, I., Moses, Y.: Agent-time epistemics and coordination. In: Lodaya, K. (ed.) Logic and Its Applications. LNCS, vol. 7750, pp. 97–108. Springer, Heidelberg (2013)

    CrossRef  Google Scholar 

  3. Harvard student loses Facebook internship after pointing out privacy flaws. http://www.boston.com/news/nation/2015/08/12/harvard-student-loses-facebook-internship-after-pointing-out-privacy-flaws/. Accessed 11 May 2016

  4. Colombo, C., Pace, G.J., Schneider, G.: Dynamic event-based runtime monitoring of real-time and contextual properties. In: Cofer, D., Fantechi, A. (eds.) FMICS 2008. LNCS, vol. 5596, pp. 135–149. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  5. Colombo, C., Pace, G.J., Schneider, G.: LARVA -a tool for runtime monitoring of Java programs. In: 7th IEEE International Conference on Software Engineering and Formal Methods (SEFM 2009), pp. 33–37. IEEE Computer Society (2009)

    Google Scholar 

  6. Diaspora*. https://diasporafoundation.org/. Accessed 11 May 2016

  7. Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.Y.: Reasoning about Knowledge, vol. 4. MIT Press, Cambridge (2003)

    MATH  Google Scholar 

  8. Diaspora*. Test pod: https://ppf-diaspora.raulpardo.org, Code: https://github.com/raulpardo/ppf-diaspora (2016)

  9. Guernic, G.L.: Automaton-based confidentiality monitoring of concurrent programs. In: 20th IEEE Computer Security Foundations Symposium (CSF 2007), pp. 218–232 (2007)

    Google Scholar 

  10. Johnson, M., Egelman, S., Bellovin, S.M.: Facebook and privacy: it’s complicated. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS 2012, pp. 9:1–9:15. ACM, New York (2012)

    Google Scholar 

  11. Guernic, G., Banerjee, A., Jensen, T., Schmidt, D.A.: Automata-based confidentiality monitoring. In: Okada, M., Satoh, I. (eds.) ASIAN 2006. LNCS, vol. 4435, pp. 75–89. Springer, Heidelberg (2007). doi:10.1007/978-3-540-77505-8_7

    CrossRef  Google Scholar 

  12. Lenhart, A., Purcell, K., Smith, A., Zickuhr, K.: Social media & mobile internet use among teens and young adults. Pew Internet & American Life Project (2010)

    Google Scholar 

  13. Ligatti, J., Bauer, L., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Secur. 4, 2–16 (2005)

    CrossRef  Google Scholar 

  14. Liu, Y., Gummadi, K.P., Krishnamurthy, B., Mislove, A.: Analyzing Facebook privacy settings: user expectations vs. reality. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, IMC 2011, pp. 61–70. ACM (2011)

    Google Scholar 

  15. Madejski, M., Johnson, M., Bellovin, S.: A study of privacy settings errors in an online social network. In: IEEE International Conference on Pervasive Computing and Communication Workshops (PERCOM Workshops 2012), pp. 340–345 (2012)

    Google Scholar 

  16. Madejski, M., Johnson, M.L., Bellovin, S.M.: The failure of online social network privacy settings. Columbia University Computer Science Technical Reports (2011)

    Google Scholar 

  17. Pardo, R.: Formalising privacy policies for social networks. Licentiate thesis, Department of Computer Science and Engineering, Chalmers University of Technology, p. 102 (2015)

    Google Scholar 

  18. Pardo, R., Schneider, G.: A formal privacy policy framework for social networks. In: Giannakopoulou, D., Salaün, G. (eds.) SEFM 2014. LNCS, vol. 8702, pp. 378–392. Springer, Heidelberg (2014)

    Google Scholar 

  19. Riesner, M., Netter, M., Pernul, G.: An analysis of implemented and desirable settings for identity management on social networking sites. In: 2012 Seventh International Conference on Availability, Reliability and Security (ARES), pp. 103–112, August 2012

    Google Scholar 

  20. Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)

    CrossRef  Google Scholar 

  21. Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J.A., Sussman, G.J.: Information accountability. Commun. ACM 51(6), 82–87 (2008)

    CrossRef  Google Scholar 

  22. Woźna, B., Lomuscio, A.: A logic for knowledge, correctness, and real time. In: Leite, J., Torroni, P. (eds.) CLIMA 2004. LNCS (LNAI), vol. 3487, pp. 1–15. Springer, Heidelberg (2005). doi:10.1007/11533092_1

    CrossRef  Google Scholar 

Download references

Acknowledgements

This research has been supported by: the Swedish funding agency SSF under the grant Data Driven Secure Business Intelligence, the Swedish Research Council (Vetenskapsrådet) under grant Nr. 2015-04154 (PolUser: Rich User-Controlled Privacy Policies), the European ICT COST Action IC1402 (Runtime Verification beyond Monitoring (ARVI)), and the University of Malta Research Fund CPSRP07-16.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Raúl Pardo .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Pardo, R., Colombo, C., Pace, G.J., Schneider, G. (2016). An Automata-Based Approach to Evolving Privacy Policies for Social Networks. In: Falcone, Y., Sánchez, C. (eds) Runtime Verification. RV 2016. Lecture Notes in Computer Science(), vol 10012. Springer, Cham. https://doi.org/10.1007/978-3-319-46982-9_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-46982-9_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-46981-2

  • Online ISBN: 978-3-319-46982-9

  • eBook Packages: Computer ScienceComputer Science (R0)