Security and Privacy Aspects of Social Networks

Ehud Gudes

Ben-Gurion University of the Negev (Beer-Sheva, Israel)

A social network is a social structure made up of a set of individuals or organizations, and a set of connections between them which describe the interactions and relationships between the social network entities. The Internet-based social media has made it easy for one person to communicate with numerous other people and facilitates the information flow between them using various mechanisms such as ”like” or ”share” (facebook), ”follow” (twitter), etc.. The combination of sensitive private information managed by users who are not security-aware, in an environment that is not hermetically sealed, is a recipe for frequent leaks of sensitive information and identity thefts. The ubiquitousness of online social networks and their many uses increase their appeal for attackers even further. Security and privacy in social networks can be viewed from different aspects, such as: enforcement of information sharing policy, control over the flow of information shared in a social network; Access control to private information and identification and prevention of information leakage. In this presentation we focus on the following major topics: 1. Control of information sharing and information flow to ensure maximum sharing of information with ”friends” while minimizing information flow to ”adversaries”. 2. Enforcing authorized use of information in social networks by combining access control with trust and reputation models. An access control model specifies the policies to control information sharing or disclosure (confidentiality and privacy) and also to control update of information in the network (security and integrity). Reputation models have an important role in identifying malicious peers and preventing flow of information from and to them. The integration of these models to tackle both security and privacy problems in social networks is new.