Exploiting Privacy Policy Conflicts in Online Social Networks

Exploiting Privacy Policy Conflicts in Online Social Networks
Akira Yamada, Tiffany Hyun-Jin Kim, Adrian Perrig

Citation
Akira Yamada, Tiffany Hyun-Jin Kim, Adrian Perrig. "Exploiting Privacy Policy Conflicts in Online Social Networks". Technical report, Carnegie Mellon University, CMU-CyLab-012-005, 2012.

Abstract
Online Social Networks (OSNs) offer access control mechanisms to protect users’ sensitive information from undesired accesses. Yet, their information is still vulnerable to disclosure when their friends assign conflicting privacy policies: a user prohibits everyone from accessing his own content or profile but his friends allow others to see it. OSNs tend to select Permit-Take-Precedence when resolving multiple conflicting policies so that the information is possibly exposed regardless of the information owner’s preference. In this paper, we confirm that specific types of information in real OSN services are under this circumstance. We then propose three attacking scenarios that reveal the hidden friend-lists, profiles, and posted messages on users’ OSN accounts, exploiting a target’s sensitive information. We finally discuss possible countermeasures in terms of both implementation and human behavior.

Electronic downloads

CMUCyLab12005.pdf · application/pdf · 159 kbytes

Citation formats

HTML

Akira Yamada, Tiffany Hyun-Jin Kim, Adrian Perrig. <a
href="http://www.truststc.org/pubs/841.html"
><i>Exploiting Privacy Policy Conflicts in Online
Social Networks</i></a>, Technical report, 
Carnegie Mellon University, CMU-CyLab-012-005, 2012.

Plain text

Akira Yamada, Tiffany Hyun-Jin Kim, Adrian Perrig.
"Exploiting Privacy Policy Conflicts in Online Social
Networks". Technical report,  Carnegie Mellon
University, CMU-CyLab-012-005, 2012.

BibTeX

@techreport{YamadaKimPerrig12_ExploitingPrivacyPolicyConflictsInOnlineSocialNetworks,
    author = {Akira Yamada and Tiffany Hyun-Jin Kim and Adrian
              Perrig},
    title = {Exploiting Privacy Policy Conflicts in Online
              Social Networks},
    institution = {Carnegie Mellon University},
    number = {CMU-CyLab-012-005},
    year = {2012},
    abstract = {Online Social Networks (OSNs) offer access control
              mechanisms to protect usersâ�� sensitive
              information from undesired accesses. Yet, their
              information is still vulnerable to disclosure when
              their friends assign conflicting privacy policies:
              a user prohibits everyone from accessing his own
              content or profile but his friends allow others to
              see it. OSNs tend to select Permit-Take-Precedence
              when resolving multiple conflicting policies so
              that the information is possibly exposed
              regardless of the information ownerâ��s
              preference. In this paper, we confirm that
              specific types of information in real OSN services
              are under this circumstance. We then propose three
              attacking scenarios that reveal the hidden
              friend-lists, profiles, and posted messages on
              usersâ�� OSN accounts, exploiting a targetâ��s
              sensitive information. We finally discuss possible
              countermeasures in terms of both implementation
              and human behavior. },
    URL = {http://www.truststc.org/pubs/841.html}
}

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.