short-paper

Inferring Unknown Privacy Control Policies in a Social Networking System

Author:

Amirreza MasoumzadehAuthors Info & Claims

WPES '15: Proceedings of the 14th ACM Workshop on Privacy in the Electronic Society

Pages 21 - 25

https://doi.org/10.1145/2808138.2808151

Published: 12 October 2015 Publication History

Get Access

Abstract

Social networking systems (SNSs) such as Facebook allow users to control accesses to certain information belonging to them via a set of privacy settings. However, due to various potential system design considerations and usability restrictions such settings are never complete, i.e., not all the applicable policies to information related to a user are configurable. In fact, access to user information is governed by the collection of the privacy settings and a set of fixed policies specified by the SNS. We observe that an SNS such as Facebook is less than transparent about such fixed policies; although some might be communicated to users via help pages and nudges (e.g., profile picture is public on Facebook), they tend to be incomplete and inaccurate. In this paper, we propose an approach to infer the enforced privacy control policy by an SNS and consequently the unknown policies to the user given the explicit privacy settings and other policies communicated to the users by the SNS. Such an approach helps end users understand better the implicit policies imposed by the system and can be leveraged by an SNS operator to improve the transparency of their system.

References

[1]

L. Bauer, S. Garriss, and M. K. Reiter. Detecting and resolving policy misconfigurations in access-control systems. ACM Trans. Inf. Syst. Secur., 14, 2011.

Digital Library

Google Scholar

[2]

G. Danezis. Inferring privacy policies for social networking services. In Proceedings of the 2nd ACM workshop on Security and artificial intelligence - AISec '09, page 5, New York, New York, USA, Nov.2009. ACM Press.

Digital Library

Google Scholar

[3]

L. Fang and K. LeFevre. Privacy wizards for social networking sites. In Proc. 19th Int'l Conference on World Wide Web, WWW '10,pages 351--360, Raleigh, North Carolina, USA, 2010. ACM.

Digital Library

Google Scholar

[4]

M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten. The WEKA data mining software: an update. ACM SIGKDD Explorations Newsletter, 11(1):10, Nov. 2009.

Digital Library

Google Scholar

[5]

H. Hu and G. Ahn. Enabling verification and conformance testing for access control model. In Proceedings of the 13th ACM symposium on Access controlmodels and technologies - SACMAT '08, page 195, New York, New York, USA,June 2008. ACM Press.

Digital Library

Google Scholar

[6]

E. Martin and T. Xie. Inferring Access-Control Policy Properties via Machine Learning. In Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06), pages 235--238. IEEE, 2006.

Digital Library

Google Scholar

[7]

A. Masoumzadeh and J. Joshi. Privacy Settings in Social Networking Systems: What You Cannot Control. In Proc. 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), pages 149--154. ACM Press, May 2013.

Digital Library

Google Scholar

[8]

D. Xu, L. Thomas, M. Kent, T. Mouelhi, and Y. Le Traon. A model-based approach to automated testing of access controlpolicies. In Proceedings of the 17th ACM symposium on Access Control Models and Technologies - SACMAT '12, page 209, New York, New York, USA,June 2012. ACM Press.

Digital Library

Google Scholar

Cited By

View all

Lei XTripunitara MRanise SCarbone RTakabi D(2023)The Hardness of Learning Access Control PoliciesProceedings of the 28th ACM Symposium on Access Control Models and Technologies10.1145/3589608.3593840(133-144)Online publication date: 24-May-2023
https://dl.acm.org/doi/10.1145/3589608.3593840
Iyer PMasoumzadeh A(2022)Learning Relationship-Based Access Control Policies from Black-Box SystemsACM Transactions on Privacy and Security10.1145/351712125:3(1-36)Online publication date: 19-May-2022
https://dl.acm.org/doi/10.1145/3517121
Iyer PMasoumzadeh ALobo JStoller SLiu P(2020)Active Learning of Relationship-Based Access Control PoliciesProceedings of the 25th ACM Symposium on Access Control Models and Technologies10.1145/3381991.3395614(155-166)Online publication date: 10-Jun-2020
https://dl.acm.org/doi/10.1145/3381991.3395614
Show More Cited By

Index Terms

Inferring Unknown Privacy Control Policies in a Social Networking System
1. Security and privacy
  1. Human and societal aspects of security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Privacy policies

Recommendations

Privacy settings in social networking systems: what you cannot control
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

In this paper, we propose a framework to formally analyze what privacy-sensitive information is protected by the stated policies of a Social Networking System (SNS), based on an expression of ideal protection policies for a user. Our ontology-based ...
Branding with social media

The emergence of social media provides a new platform for developing brand-consumer relationships. The aim of the current study is to examine the differences in Chinese users' gratifications of different social media and the impact of brand content ...
Inferring privacy policies for social networking services
AISec '09: Proceedings of the 2nd ACM workshop on Security and artificial intelligence

Social networking sites have come under criticism for their poor privacy protection track record. Yet, there is an inherent difficulty in deciding which principals should have access to user's information or actions, without requiring them to constantly ...

Comments

Information & Contributors

Information

Published In

WPES '15: Proceedings of the 14th ACM Workshop on Privacy in the Electronic Society

October 2015

142 pages

ISBN:9781450338202

DOI:10.1145/2808138

General Chair:
Indrajit Ray
Colorado State University, USA
,
Program Chairs:
Nicholas Hopper
University of Minnesota, USA
,
Rob Jansen
Naval Research Laboratory, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

CCS'15

Sponsor:

SIGSAC

CCS'15: The 22nd ACM Conference on Computer and Communications Security

October 12, 2015

Colorado, Denver, USA

Acceptance Rates

WPES '15 Paper Acceptance Rate 11 of 32 submissions, 34%;

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
172
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lei XTripunitara MRanise SCarbone RTakabi D(2023)The Hardness of Learning Access Control PoliciesProceedings of the 28th ACM Symposium on Access Control Models and Technologies10.1145/3589608.3593840(133-144)Online publication date: 24-May-2023
https://dl.acm.org/doi/10.1145/3589608.3593840
Iyer PMasoumzadeh A(2022)Learning Relationship-Based Access Control Policies from Black-Box SystemsACM Transactions on Privacy and Security10.1145/351712125:3(1-36)Online publication date: 19-May-2022
https://dl.acm.org/doi/10.1145/3517121
Iyer PMasoumzadeh ALobo JStoller SLiu P(2020)Active Learning of Relationship-Based Access Control PoliciesProceedings of the 25th ACM Symposium on Access Control Models and Technologies10.1145/3381991.3395614(155-166)Online publication date: 10-Jun-2020
https://dl.acm.org/doi/10.1145/3381991.3395614
Iyer PMasoumzadeh AKerschbaum FMashatan ANiu JLee A(2019)Generalized Mining of Relationship-Based Access Control Policies in Evolving SystemsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3325419(135-140)Online publication date: 28-May-2019
https://dl.acm.org/doi/10.1145/3322431.3325419
Masoumzadeh ACortese A(2016)Towards Measuring Knowledge Exposure in Online Social Networks2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC)10.1109/CIC.2016.080(522-529)Online publication date: Nov-2016
https://doi.org/10.1109/CIC.2016.080

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Privacy settings in social networking systems: what you cannot control

Branding with social media

Inferring privacy policies for social networking services

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations