More Web Proxy on the site http://driver.im/

research-article

Policy-by-example for online social networks

Authors:

Gorrell P. Cheek,

Mohamed ShehabAuthors Info & Claims

SACMAT '12: Proceedings of the 17th ACM symposium on Access Control Models and Technologies

Pages 23 - 32

https://doi.org/10.1145/2295136.2295142

Published: 20 June 2012 Publication History

Abstract

We introduce two approaches for improving privacy policy management in online social networks. First, we introduce a mechanism using proven clustering techniques that assists users in grouping their friends for group based policy management approaches. Second, we introduce a policy management approach that leverages a user's memory and opinion of their friends to set policies for other similar friends. We refer to this new approach as Same-As Policy Management. To demonstrate the effectiveness of our policy management improvements, we implemented a prototype Facebook application and conducted an extensive user study. Leveraging proven clustering techniques, we demonstrated a 23% reduction in friend grouping time. In addition, we demonstrated considerable reductions in policy authoring time using Same-As Policy Management over traditional group based policy management approaches. Finally, we presented user perceptions of both improvements, which are very encouraging.

References

[1]

A. Acquisti and R. Gross. Imagined communities: Awareness, information sharing, and privacy on the facebook. In Privacy Enhancing Technologies, pages 36--58, 2006.

Digital Library

[2]

A. Acquisti and J. Grossklags. Privacy and rationality in individual decision making. IEEE Security and Privacy, 3(1):26--33, 2005.

Digital Library

[3]

A. Besmer, J. Watson, and H. R. Lipford. The impact of social navigation on privacy policy configuration. In SOUPS, 2010.

Digital Library

[4]

J. Bonneau and S. Preibusch. The privacy jungle: On the market for data protection in social networks. In The Eighth Workshop on the Economics of Information Security (WEIS 2009), 2009.

[5]

A. Clauset, M. E. J. Newman, and C. Moore. Finding community structure in very large networks. Physical Review E, pages 1--6, 2004.

[6]

E. Cutrell, M. Czerwinski, and E. Horvitz. Notification, disruption, and memory: Effects of messaging interruptions on memory and performance. pages 263--269. IOS Press, 2001.

[7]

R. Dhamija and A. Perrig. Deja vu: A user study using images for authentication. In Proceedings of the 9th conference on USENIX Security Symposium - Volume 9, pages 4--4, Berkeley, CA, USA, 2000. USENIX Association.

Digital Library

[8]

P. Dunphy, A. P. Heiner, and N. Asokan. A closer look at recognition-based graphical passwords on mobile devices. In Proceedings of the Sixth Symposium on Usable Privacy and Security, page 1. ACM, 2010.

Digital Library

[9]

C. Dwyer, S. R. Hiltz, and K. Passerini. Trust and privacy concern within social networking sites: A comparison of facebook and myspace. In Proceedings of the Thirteenth Americas Conference on Information Systems ( AMCIS 2007), 2007. Paper 339.

[10]

D. Ferraiolo and R. Kuhn. Role-based access control. In In 15th NIST-NCSC National Computer Security Conference, pages 554--563, 1992.

[11]

L. Hubert and P. Arabie. Comparing partitions. Journal of classification, 2(1):193--218, 1985.

[12]

S. T. Iqbal and B. P. Bailey. Investigating the effectiveness of mental workload as a predictor of opportune moments for interruption. In CHI '05 extended abstracts on Human factors in computing systems, CHI EA'05, pages 1489--1492, New York, NY, USA, 2005. ACM.

Digital Library

[13]

Q. Jones, S. A. Grandhi, S. Whittaker, K. Chivakula, and L. Terveen. Putting systems into place: a qualitative study of design requirements for location-aware community systems. In In Proceedings of CSCW, pages 202--211. ACM, 2004.

Digital Library

[14]

S. Jones and E. O'Neill. Feasibility of structural network clustering for group-based privacy control in social networks. In SOUPS, 2010.

Digital Library

[15]

H. Krasnova, O. Günther, S. Spiekermann, and K. Koroleva. Privacy concerns and identity in online social networks. Identity in the Information Society, 2:39--63, 2009.

[16]

P. Kumaraguru and L. F. Cranor. Privacy indexes: A survey of westin's studies. ISRI Tech. Report, 2005.

[17]

S. Lederer, J. I. Hong, A. K. Dey, and J. A. Landay. Personal privacy through understanding and action: five pitfalls for designers. Personal and Ubiquitous Computing, 8(6):440--454, 2004.

[18]

K. Lewis, J. Kaufman, and N. Christakis. The taste for privacy: An analysis of college student privacy settings in an online social network. Journal of Computer-Mediated Communication, 14(1), 2008.

[19]

H. R. Lipford, J. Watson, M. Whitney, K. Froiland, and R. W. Reeder. Visual vs. compact: a comparison of privacy policy interfaces. In CHI, 2010.

Digital Library

[20]

A. Mazzia, K. LeFevre, and E. Adar. The PViz Comprehension Tool for Social Network Privacy Settings. Technical Report CSE-TR-570-11, University of Michigan, April 2011.

[21]

P. A. Norberg, D. R. Horne, and D. A. Horne. The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors. Journal of Consumer Affairs, 2007.

[22]

J. S. Olson, J. Grudin, and E. Horvitz. A study of preferences for sharing and privacy. In CHI Extended Abstracts, pages 1985--1988, 2005.

Digital Library

[23]

PCWorld. Google buzz criticized for disclosing gmail contacts. http://www.pcworld.com/businesscenter/article/189081, February 2010.

[24]

R. Sandhu, D. Ferraiolo, and R. Kuhn. The nist model for role-based access control: Towards a unified standard. In In Proceedings of the fifth ACM workshop on Role-based access control, pages 47--63, 2000.

Digital Library

[25]

R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, 1996.

Digital Library

[26]

K. Strater and H. R. Lipford. Strategies and struggles with privacy in an online social networking community. In Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction - Volume 1, BCS-HCI '08, pages 111--119, Swinton, UK, UK, 2008. British Computer Society.

Digital Library

[27]

A. S. Yuksel, M. E. Yuksel, and A. H. Zaim. An approach for protecting privacy on social networks. In Proceedings of 5th International Conference on Systems and Networks Communications, Washington, DC, USA, 2010. IEEE Computer Society.

Digital Library

Cited By

Liu BZhang PShu YGuan ZLu TGu HGu N(2022)Building a Personalized Model for Social Media Textual Content CensorshipProceedings of the ACM on Human-Computer Interaction10.1145/35556576:CSCW2(1-31)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3555657
Luo HSun ZSun YLi AWang BCao JNiu B(2022)SmartCircles: A Benefit-Evaluation-Based Privacy Policy Recommender for Customized Photo Sharing2022 IEEE Smartworld, Ubiquitous Intelligence & Computing, Scalable Computing & Communications, Digital Twin, Privacy Computing, Metaverse, Autonomous & Trusted Vehicles (SmartWorld/UIC/ScalCom/DigitalTwin/PriComp/Meta)10.1109/SmartWorld-UIC-ATC-ScalCom-DigitalTwin-PriComp-Metaverse56740.2022.00331(2340-2347)Online publication date: Dec-2022
https://doi.org/10.1109/SmartWorld-UIC-ATC-ScalCom-DigitalTwin-PriComp-Metaverse56740.2022.00331
Ernala SYang SWu YChen RWells KDas S(2021)Exploring the Utility Versus Intrusiveness of Dynamic Audience Selection on FacebookProceedings of the ACM on Human-Computer Interaction10.1145/34760835:CSCW2(1-30)Online publication date: 18-Oct-2021
https://dl.acm.org/doi/10.1145/3476083
Show More Cited By

Recommendations

Android permissions: a perspective combining risks and benefits

SACMAT '12: Proceedings of the 17th ACM symposium on Access Control Models and Technologies

The phenomenal growth of the Android platform in the past few years has made it a lucrative target of malicious application (app) developers. There are numerous instances of malware apps that send premium rate SMS messages, track users' private data, or ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '12: Proceedings of the 17th ACM symposium on Access Control Models and Technologies

June 2012

242 pages

ISBN:9781450312950

DOI:10.1145/2295136

General Chairs:
Vijay Atluri
Rutgers University, USA
,
Jaideep Vaidya
Rutgers University, USA
,
Program Chairs:
Axel Kern
Beta Systems Software AG, Germany
,
Murat Kantarcioglu
University of Texas at Dallas, USA

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 June 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '12

Sponsor:

SIGSAC

SACMAT '12: 17th ACM Symposium on Access Control Models and Technologies

June 20 - 22, 2012

New Jersey, Newark, USA

Acceptance Rates

SACMAT '12 Paper Acceptance Rate 19 of 73 submissions, 26%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
327
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Liu BZhang PShu YGuan ZLu TGu HGu N(2022)Building a Personalized Model for Social Media Textual Content CensorshipProceedings of the ACM on Human-Computer Interaction10.1145/35556576:CSCW2(1-31)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3555657
Luo HSun ZSun YLi AWang BCao JNiu B(2022)SmartCircles: A Benefit-Evaluation-Based Privacy Policy Recommender for Customized Photo Sharing2022 IEEE Smartworld, Ubiquitous Intelligence & Computing, Scalable Computing & Communications, Digital Twin, Privacy Computing, Metaverse, Autonomous & Trusted Vehicles (SmartWorld/UIC/ScalCom/DigitalTwin/PriComp/Meta)10.1109/SmartWorld-UIC-ATC-ScalCom-DigitalTwin-PriComp-Metaverse56740.2022.00331(2340-2347)Online publication date: Dec-2022
https://doi.org/10.1109/SmartWorld-UIC-ATC-ScalCom-DigitalTwin-PriComp-Metaverse56740.2022.00331
Ernala SYang SWu YChen RWells KDas S(2021)Exploring the Utility Versus Intrusiveness of Dynamic Audience Selection on FacebookProceedings of the ACM on Human-Computer Interaction10.1145/34760835:CSCW2(1-30)Online publication date: 18-Oct-2021
https://dl.acm.org/doi/10.1145/3476083
L. Fogues RSuch JEspinosa AGarcia-Fornes A(2018)Tie and tag: A study of tie strength and tags for photo sharingPLOS ONE10.1371/journal.pone.020254013:8(e0202540)Online publication date: 29-Aug-2018
https://doi.org/10.1371/journal.pone.0202540
Thuraisingham BKantarcioglu MBertino EBakdash JFernandez MBertino ELin DLobo J(2018)Towards a Privacy-Aware Quantified Self Data Management FrameworkProceedings of the 23nd ACM on Symposium on Access Control Models and Technologies10.1145/3205977.3205997(173-184)Online publication date: 7-Jun-2018
https://dl.acm.org/doi/10.1145/3205977.3205997
Squicciarini ACaragea CBalakavi R(2017)Toward Automated Online Photo PrivacyACM Transactions on the Web10.1145/298364411:1(1-29)Online publication date: 3-Apr-2017
https://dl.acm.org/doi/10.1145/2983644
Torre IAdorni GKoceva FSanchez O(2016)Preventing Disclosure of Personal Data in IoT Networks2016 12th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS)10.1109/SITIS.2016.68(389-396)Online publication date: 2016
https://doi.org/10.1109/SITIS.2016.68
Michota AKatsikas SGeorge GStefanos GLazaros MPanagiotis TCleo S(2015)Designing a seamless privacy policy for social networksProceedings of the 19th Panhellenic Conference on Informatics10.1145/2801948.2801998(139-143)Online publication date: 1-Oct-2015
https://dl.acm.org/doi/10.1145/2801948.2801998
Fogues RSuch JEspinosa AGarcia-Fornes A(2015)Open Challenges in Relationship-Based Privacy Mechanisms for Social Network ServicesInternational Journal of Human-Computer Interaction10.1080/10447318.2014.100130031:5(350-370)Online publication date: 18-Feb-2015
https://doi.org/10.1080/10447318.2014.1001300
Li YLi YYan QDeng R(2015)Privacy leakage analysis in online social networksComputers and Security10.1016/j.cose.2014.10.01249:C(239-254)Online publication date: 1-Mar-2015
https://dl.acm.org/doi/10.1016/j.cose.2014.10.012
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten