Team for Research in
Ubiquitous Secure Technology

Exploiting Privacy Policy Conflicts in Online Social Networks
Akira Yamada, Tiffany Hyun-Jin Kim, Adrian Perrig

Citation
Akira Yamada, Tiffany Hyun-Jin Kim, Adrian Perrig. "Exploiting Privacy Policy Conflicts in Online Social Networks". Technical report, Carnegie Mellon University, CMU-CyLab-012-005, 2012.

Abstract
Online Social Networks (OSNs) offer access control mechanisms to protect users’ sensitive information from undesired accesses. Yet, their information is still vulnerable to disclosure when their friends assign conflicting privacy policies: a user prohibits everyone from accessing his own content or profile but his friends allow others to see it. OSNs tend to select Permit-Take-Precedence when resolving multiple conflicting policies so that the information is possibly exposed regardless of the information owner’s preference. In this paper, we confirm that specific types of information in real OSN services are under this circumstance. We then propose three attacking scenarios that reveal the hidden friend-lists, profiles, and posted messages on users’ OSN accounts, exploiting a target’s sensitive information. We finally discuss possible countermeasures in terms of both implementation and human behavior.

Electronic downloads

Citation formats  
  • HTML
    Akira Yamada, Tiffany Hyun-Jin Kim, Adrian Perrig. <a
    href="http://www.truststc.org/pubs/841.html"
    ><i>Exploiting Privacy Policy Conflicts in Online
    Social Networks</i></a>, Technical report, 
    Carnegie Mellon University, CMU-CyLab-012-005, 2012.
  • Plain text
    Akira Yamada, Tiffany Hyun-Jin Kim, Adrian Perrig.
    "Exploiting Privacy Policy Conflicts in Online Social
    Networks". Technical report,  Carnegie Mellon
    University, CMU-CyLab-012-005, 2012.
  • BibTeX
    @techreport{YamadaKimPerrig12_ExploitingPrivacyPolicyConflictsInOnlineSocialNetworks,
        author = {Akira Yamada and Tiffany Hyun-Jin Kim and Adrian
                  Perrig},
        title = {Exploiting Privacy Policy Conflicts in Online
                  Social Networks},
        institution = {Carnegie Mellon University},
        number = {CMU-CyLab-012-005},
        year = {2012},
        abstract = {Online Social Networks (OSNs) offer access control
                  mechanisms to protect users’ sensitive
                  information from undesired accesses. Yet, their
                  information is still vulnerable to disclosure when
                  their friends assign conflicting privacy policies:
                  a user prohibits everyone from accessing his own
                  content or profile but his friends allow others to
                  see it. OSNs tend to select Permit-Take-Precedence
                  when resolving multiple conflicting policies so
                  that the information is possibly exposed
                  regardless of the information owner’s
                  preference. In this paper, we confirm that
                  specific types of information in real OSN services
                  are under this circumstance. We then propose three
                  attacking scenarios that reveal the hidden
                  friend-lists, profiles, and posted messages on
                  users’ OSN accounts, exploiting a target’s
                  sensitive information. We finally discuss possible
                  countermeasures in terms of both implementation
                  and human behavior. },
        URL = {http://www.truststc.org/pubs/841.html}
    }
    

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.