Web-Traveler Policies for Content on Social Networks

Smitha Sundareswaran Dept. of Information Sciences and Technology

The Pennsylvania State University sus26@psu.edu

Advisor: Anna C. Squicciarini, PhD

DOCTORAL DISSERTATION EXTENDED ABSTRACT

Web 2.0 revolutionizes how people store and share personal data and contents today. Today, sharing of personal information and documents on the web is pervasive, from sites like flickr.com for photo sharing to myspace.com for profile sharing and blogger.com or twitter.com for opinion sharing [6]. These sites form a part of what are referred to as social networking sites (SNs) and provide individuals with the ability to host and share a variety of personal content. These sites have an overwhelming impact on the way information is shared. Not only do these sites allow a user to share information with thousands of people, but they allow for this information to be spread very quickly in way of messages, posts and comments. This change in how individuals share information is profound and has multi-faceted implications, among which privacy; i.e., how to ensure that the shared contents (e.g., pictures, videos, hypertexts.) are not used against the owner's will, is the most important aspect. End users are often unaware of the size or nature of the audience that could potentially access their data. The sense of intimacy generated by being amongst digital friends often leads to disclosures that potentially expose users of social networks to a number of privacy risks [1]. These risks arise at least in part because users do not have total control of their data once they are deployed on social networks [9]. When the information shared was of a physical nature or even when contents were on a user's desktop, the user had explicit control over whom the information was shared with. However there has been a huge gap in translating these controls into the access control mechanisms needed to maintain security and privacy of the information once it is deployed on the web. In this paper, we try to address this

gap in access control mechanism for the web. In order to this, we begin by exploring the state – of – the art of the security mechanisms afforded by Web 2.0 sites in general and SNs in particular. While there are rudimentary access control policies offered by the SN sites themselves, these often fall short in a few ways: First of all, they allow the user to only control the information flow within his profile. Here too, they do not offer any form of protection which prevents others from downloading the images. Often, users add unknown people as virtual friends [4] and the existing controls offered provide at best a tedious and ineffective method of controlling the flow of information. The existing controls may allow users to explicitly specify who amongst the friends are not allowed to view the files uploaded by the user. It is possible to imagine that a few people may be skipped in this process of setting negative policies. Secondly, the users who do have access to the information can download the same and upload it in their profiles with a more public setting thus overriding the owner's initial policies. Thirdly, many users may not set the policies for all of their information as they may find the process tedious. Therefore, this type of sharing control mechanisms do not effectively protect users' content, and have resulted in privacy breaches of shared data in Web 2.0 [8], [16]. User-provided content can be stolen, sold, used for blackmailing and lead to serious cyber crimes, such as identity theft and financial losses. We focus on one of the most popular types of contents shared on these sites, viz. images. Most of these networks offer some rudimentary forms of access controls such as allowing the users to choose who can view their profiles or the images uploaded by them. These controls however apply only in the perimeter of the users’ direct control such as desktops, profiles etc. Users have no control over

653978-1-4244-6622-1/10/$26.00 ©2010 IEEE

their content once it is downloaded by others. Further, often users do not set appropriate policies to protect their content as they often find the process cumbersome. In order to enable a user to truly maintain control over his content, new access control mechanisms must be designed so to enable users to control their content even when managed by others. In this paper, we introduce propose the concept of “web-traveler policies”. Web-traveler policies allow the user to specify who can view, upload or download a given image within a social network. The unique, innovative feature of web-traveler policies is that they travel with the image, as long as it is hosted on the given social networking site. We explore the effectiveness of web-traveler policies in fulfilling the gap in the access control mechanisms of SNs. We also study how these policies can be used to extending these controls across different sites, by using the concept of mashups [5] and the OpenSocial API [12]. In the paper we prove the feasibility of this approach, by implementing a working prototype of our approach on a real open source social network platform. We further examine the need for automated policies in order to protect special categories of images such as copyright-free images and adult images which require access control mechanisms based on different parameters such as age or need to be set such that image is accessible to the general public. Finally, we consider how these policies can be extended to protect other information types such as video files, audio files and text documents when they are hosted on the web. Currently, the prototype we have implemented supports a basic model of the Web-Traveler policies, including aspects of automated propagation for images and video files. We have shown that our approach is scalable and is strong against naïve attacks in [19], while also investigating the aspect of cross-site protection. We have built on the model presented in [19] to test the aspects of automated protection for images and video files, while strengthening the controls provided for download protection. We plan to extend this infrastructure to other file types including text and audio files. Text and audio files are not currently supported by us because we cannot effectively prevent their downloads due to the number of ways in which these files can be copied. For example, a human being can manually copy the contents of a text file while audio files can be played and re-recorded with analog devices with no significant degradation in their quality, such as the quality degradation occurring with video files. Precisely, we plan to explore other methods of strengthening the download controls for these files such as using information flow monitoring techniques. We also plan to extend our infrastructure beyond the realm of SNs.

STATE OF THE ART The security and privacy of Web 2.0 sites, especially SNs have been widely studied in the recent past [3], [4], [6], [13]. These sites have been covered by researchers in a wide range of disciplines varying from sociologists to computers scientists and economists. The basis of our current work is formed by studies which examine the attitudes of users on SNs. An interesting analysis is provided by Gross et al. [13] with insights of users' privacy attitudes across SNs. This study is further strengthened by the authors in [6], who have highlighted that on-line friendships can result in a higher level of disclosure due to lack of real world contact. In this paper, the authors posit that there are benefits in social capital as a result of sharing information in a SN which is counterintuitive to extensive privacy controls on content. In light of this, our approach does not block users' accessibility to data. Instead, it ensures that sharing occurs according to requirements which are explicitly indicated by the object owner. A work which parallels ours at least in spirit is that by Gollu et al. [11], where the authors present a social-networking based access control scheme suitable for online sharing. In this paper, the authors consider identities as key pairs, and social relationship on the basis of social attestations with access control lists being employed to define the access lists of users. In [4], the authors present a rule-based access control mechanism for SNs. The approach presented is based on enforcement of complex policies which consist of constraints based on the type, depth, and trust level of existing relationships. To grant relationships authenticity, certificates are used and the enforcement of access control takes place on the client-side according to a rule-based approach, where a subject requesting to access an object must demonstrate that it has the rights of doing that. This work has been extended by the same group of authors in [3] to make access control decisions completely decentralized and collaborative. Mannan et al propose another interesting approach for privacy-enabled content sharing on the web in [17]. The authors leverage the existing circle of trust in popular Instant Messaging (IM) networks, in order to propose a scheme called IM-based Privacy-Enhanced Content Sharing (IMPECS) for personal web content sharing. The authors posit that the controls offered by social networks allow the users to administer their content only in the realm of that SN.

654

Yet another content protection scheme is presented by Felt et al. [7]. The authors focus on protecting the content in the SNs from third party applications. The authors posit that the way third party applications in SNs such as Facebook are designed today is such that the applications have access to all the information of the user’s profile in which they are installed. The users have no control over this information flow and often do not even know to whom their information is being revealed. The authors propose a mechanism which they refer to as “privacy-by-proxy”. This solution consists of abstracting the user IDs and data using tags and application specific IDs for the user, such that each application has its own ID for the user and cannot collude with any other application. One might also draw parallel between our work and that of Gates in [10]. Gates describes relationship-based access control as one of the new security paradigms that addresses the requirements of the Web 2.0. Another work on the same lines is [14], which proposes a content-based access control model that makes use of relationship information available in SNs for denoting authorized subjects. These works are different from ours in that none of them address the privacy issues faced for controlling the distribution of images. As far as privacy is concerned, the current research primarily focuses on privacy preserving data mining techniques that allow SN analysis without disclosing possible sensitive information [2], [15]. Images form a special category due to the number of ways these can be downloaded once they are accessed. Our work shares some similarities with work conducted on digital right management and intellectual property [18]. Digital Right Management refers to access control technologies used by hardware manufacturers, publishers and copyright holders to limit usage of digital media or devices. Copy protection, instead, only attempts to prohibit unauthorized copies of media or files, digital rights management allows the issuer of the media or file to control in detail what can and cannot be done with a single instance. While we strive to achieve a similar goal, e.g., controlling the distribution of protected content, our goal is to provide a SN enabled with image protection techniques, based on a flexible and user-friendly privacy setting interface. As opposed to what happens in a traditional DRM system, the users do not have to have access to any specific device or software, to enforce our policies. KEYWORDS: Social Networks, Content Protection, Access Control, Privacy BIOGRAPHIES

SMITHA SUNDARESWARAN Smitha Sundareswaran is a first year Ph.D student in Penn State's IST Department. She works with Dr. Anna C. Squicciarini. Her research interests include Web Security and Privacy, Web 2.0 privacy, Content Protection and Digital Identity Management. REFERENCES [1] C Acquisti, A., & Gross, R. (June 28-30.). Imagined

Communities: Awareness, Information Sharing, and Privacy on the Facebook. Cambridge, U.K: Robinson College: Proceedings of 6th Workshop on Privacy Enhancing Technologies (pp. 36-58).

[2] Cai, D., Shao, Z., He, X., Yan, X., & Han, J. (2005). Mining Hidden Community in Heterogeneous Social Networks. LinkDD, 2005.

[3] Carminati, B., & Ferrari, E. (2008). Privacy-aware collaborative access control in web-based social networks. 81-96.

[4] Carminati, B., Ferrari, E., & Perego, A. (2007). Private Relationships in Social Networks. (pp. 165-17). ICDE Workshops.

[5] Chen, H., Ikeuchi, N., & Jin, Q. (2008). Implementation of Ubiquitous Personal Study Using Web 2.0 Mash-up and OSS Technologies. Proceedings of the 22nd International Conference on Advanced Information Networking and Applications - Workshops , 1573-1578.

[6] Ellison, N. B., Steinfield, C., & Lampe, C. (2007). The Benefits of Facebook "Friends:" Social Capital and College Students' Use of Online Social Network Sites. Journal of Computer-Mediated Communication .

[7] Felt, A., & Evans, D. (2008). Privacy Protection for Social Networking APIs. In Web 2.0 Security and Privacy 2008.

[8] Filleting Facebook. (2007, October 29). (Austrailain Boradcasting Corporation) Retrieved October 2008, from ABC Media Watch: http://www.abc.net.au/mediawatch/ transcripts/s2074079.htm

[9] Ganesan, A. B., Aggarwal, G., Bawa, M., Ganesan, P., Garcia-molina, H., Kenthapadi, K., et al. (2004). Vision Paper: Enabling Privacy for the Paranoids. Proceedings of VLDB 2004, (p. 708 = 719).

[10] Gates, C. (2007). Access Control requirements for Web 2.0 Security and Privacy. Oakland: Workshop on Web 2.0 Security and Privacy, IEEE Oakland .

[11] Gollu, K., Saroiu, S., & Wolman, A. (2007). A Social Networking-Based Access Control Scheme for Personal Content. 21st ACM Symposium on Operating Systems Principles (SOSP '07)'.

655

[12] Greenburg, A. (2007). The web is better when it's social. (Google) Retrieved March 11, 2010, from Google Code - OpenSocial : http://code.google.com/apis/opensocial/

[13] Gross, R., Acquisti, A., & Heinz, I. J. (2005). Information revelation and privacy in online social networks. Workshop On Privacy In The Electronic Society. Proceedings of the 2005 ACM workshop on Privacy in the electronic society (pp. 71-80). Alexandria, VA, USA: ACM.

[14] Johnson, R., Hart, M., & Stent, A. (May, 2007). Content-based access control. Oakland, CA: IEEE Web 2.0 Privacy and Security Workshop.

[15] Kleinberg, J. (2007). Challenges in mining social network data: processes, privacy, and paradoxes. San Jose, CA: Proceedings of 13th ACM SIGKDD,.

[16] Levy, C. (2003, February 3). Making Money with Streaming Media. Retrieved August 28, 2006, from www.streamingmedia.com

[17] Mannan, M., & van Oorschot, P. (2008). Privacy-enhanced sharing of personal content on the web. ACM World Wide Web Conference.

[18] Network World. (n.d.). DRM vs. ERM: Battle to Control Data. Retrieved April 02, 2008, from Network World.

[19] Squicciarini, A., & Sundareswaran, S. (2009). Web-Traveler Policies for Images on Social Networks. World Wide Web 12(4) , 461-484.

656