research-article

Public Access

Towards PII-based Multiparty Access Control for Photo Sharing in Online Social Networks

Authors:

Nishant Vishwamitra,

Gail-Joon AhnAuthors Info & Claims

SACMAT '17 Abstracts: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies

Pages 155 - 166

https://doi.org/10.1145/3078861.3078875

Published: 07 June 2017 Publication History

Abstract

The privacy control models of current Online Social Networks (OSNs) are biased towards the content owners' policy settings. Additionally, those privacy policy settings are too coarse-grained to allow users to control access to individual portions of information that is related to them. Especially, in a shared photo in OSNs, there can exist multiple Personally Identifiable Information (PII) items belonging to a user appearing in the photo, which can compromise the privacy of the user if viewed by others. However, current OSNs do not provide users any means to control access to their individual PII items. As a result, there exists a gap between the level of control that current OSNs can provide to their users and the privacy expectations of the users. In this paper, we propose an approach to facilitate collaborative control of individual PII items for photo sharing over OSNs, where we shift our focus from entire photo level control to the control of individual PII items within shared photos. We formulate a PII-based multiparty access control model to fulfill the need for collaborative access control of PII items, along with a policy specification scheme and a policy enforcement mechanism. We also discuss a proof-of-concept prototype of our approach as part of an application in Facebook and provide system evaluation and usability study of our methodology.

References

[1]

2011. The State of Social Media 2011: Social is the new normal. (2011). http://www.briansolis.com/2011/10/state-of-social-media-2011/.

[2]

2017. Facebook Privacy Policy. (2017). http://www.facebook.com/policy.php/.

[3]

2017. Facebook Sharing Settings. (2017). www.facebook.com/help/459934584025324/.

[4]

F. Adu-Oppong, C. K. Gardiner, A. Kapadia, and P. P. Tsang. 2008. Social circles: Tackling privacy in social networks. In Symposium on Usable Privacy and Security (SOUPS). Citeseer.

[5]

A. Besmer and H. Richter Lipford. 2010. Moving beyond untagging: Photo privacy in a tagged world. In Proceedings of the 28th international conference on Human factors in computing systems. ACM, 1563--1572.

Digital Library

[6]

J. Y. Choi, W. De Neve, K. N. Plataniotis, Y. M. Ro, S. Lee, H. Sohn, H. Yoo, W. D. Neve, C. S. Kim, Y. M. Ro, and others. 2010. Collaborative Face Recognition for Improved Face Annotation in Personal Photo Collections Shared on Online Social Networks. IEEE Transactions on Multimedia (2010), 1--14.

Digital Library

[7]

L. Fang and K. LeFevre. 2010. Privacy wizards for social networking sites. In Proceedings of the 19th international conference on World wide web. ACM, 351--360.

Digital Library

[8]

Lorena González-Manzano, Ana I. González-Tablas, José M. de Fuentes, and Arturo Ribagorda. 2014. Cooped: Co-owned personal data management. Computers & Security 47 (2014), 41--65.

Digital Library

[9]

Hongxin Hu, Gail-Joon Ahn, and Jan Jorgensen. 2011. Detecting and Resolving Privacy Conflicts for Collaborative Data Sharing in Online Social Networks. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC'11). ACM.

Digital Library

[10]

Hongxin Hu, Gail-Joon Ahn, and Jan Jorgensen. 2013. Multiparty access control for online social networks: model and mechanisms. IEEE Transactions on Knowledge and Data Engineering 25, 7 (2013), 1614--1627.

Digital Library

[11]

Hongxin Hu, Gail-Joon Ahn, Ziming Zhao, and Dejun Yang. 2014. Game theoretic analysis of multiparty access control in online social networks. In Proceedings of the 19th ACM symposium on Access control models and technologies. ACM, 93--102.

Digital Library

[12]

Panagiotis Ilia, Iasonas Polakis, Elias Athanasopoulos, Federico Maggi, and Sotiris Ioannidis. 2015. Face/off: Preventing privacy leakage from photos in social networks. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 781--792.

Digital Library

[13]

B. Krishnamurthy and C. E. Wills. 2010. On the leakage of personally identifiable information via online social networks. ACM SIGCOMM Computer Communication Review 40, 1 (2010), 112--117.

Digital Library

[14]

Balachander Krishnamurthy and Craig E. Wills. 2009. On the leakage of personally identifiable information via online social networks. In Proceedings of the 2nd ACM workshop on Online social networks. ACM, 7--12.

Digital Library

[15]

A. Lampinen, V. Lehtinen, A. Lehmuskallio, and S. Tamminen. 2011. We're in it together: interpersonal management of disclosure in social network services. In Proceedings of the 2011 annual conference on Human factors in computing systems. ACM, 3217--3226.

Digital Library

[16]

Yair Levy and Michelle M. Ramim. 2016. Towards an Evaluation of Cyber Risks and Identity Information Sharing Practices in e-Learning, Social Networking, and Mobile Texting Apps. (2016).

[17]

H. R. Lipford, A. Besmer, and J. Watson. 2008. Understanding privacy settings in facebook with an audience view. In Proceedings of the 1st Conference on Usability, Psychology, and Security. USENIX Association Berkeley, CA, USA, 1--8.

Digital Library

[18]

Eden Litt and Eszter Hargittai. 2014. Smile, snap, and share? A nuanced approach to privacy and online photo-sharing. Poetics 42 (2014), 1--21.

[19]

Y. Liu, K. P. Gummadi, B. Krishnamurthy, and A. Mislove. 2011. Analyzing Facebook Privacy Settings: User Expectations vs. Reality. In Proceedings of the 2011 annual conference on Internet measurement (IMC'11). ACM.

Digital Library

[20]

M. Madejski, M. Johnson, and S. M. Bellovin. 2011. The Failure of Online Social Network Privacy Settings. Technical Report CUCS-010-11, Columbia University, NY, USA. (2011).

[21]

Erika McCallister, Timothy Grance, and Karen A. Scarfone. 2010. Sp 800-122. guide to protecting the confidentiality of personally identifiable information (pii). (2010).

[22]

Mainack Mondal, Yabing Liu, Bimal Viswanath, Krishna P. Gummadi, and Alan Mislove. 2014. Understanding and specifying social access control lists. In Symposium on Usable Privacy and Security (SOUPS). 11.

[23]

Kyle B. Murray and Gerald Häubl. 2010. Freedom of choice, ease of use, and the formation of interface preferences. (2010).

[24]

Yuta Nakashima, Noboru Babaguchi, and FAN Jianping. 2016. Privacy Protection for Social Video via Background Estimation and CRF-Based Videographer's Intention Modeling. IEICE Transactions on Information and Systems 99, 4 (2016), 1221--1233.

[25]

F. K. Ozenc and S. D. Farnham. 2011. Life "Modes" in Social Media. In Proceedings of the 2011 annual conference on Human factors in computing systems. ACM, 561--570.

Digital Library

[26]

Jingjing Ren, Ashwin Rao, Martina Lindorfer, Arnaud Legout, and David Choffnes. 2016. Recon: Revealing and controlling pii leaks in mobile network traffic. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 361--374.

Digital Library

[27]

Cooper Smith. 2013. Facebook users are uploading 350 million new photos each day. Business insider 18 (2013).

[28]

Craig Smith. 2016. By the Numbers: 200+ Amazing Facebook Statistics. (2016).

[29]

A. C. Squicciarini, M. Shehab, and F. Paci. 2009. Collective privacy management in social networks. In Proceedings of the 18th international conference on World wide web. ACM, 521--530.

Digital Library

[30]

K. Strater and H. R. Lipford. 2008. Strategies and struggles with privacy in an online social networking community. In Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, InteractionVolume 1. British Computer Society, 111--119.

Digital Library

[31]

K. Thomas, C. Grier, and D. Nicol. 2010. unFriendly: Multi-party Privacy Risks in Social Networks. In Privacy Enhancing Technologies. Springer, 236--252.

Digital Library

[32]

Y. Wang, S. Komanduri, P. Leon, G. Norcie, A. Acquisti, and L. Cranor. 2011. "I regretted the minute I pressed share": A qualitative study of regrets on Facebook. In Symposium on Usable Privacy and Security.

Digital Library

[33]

R. Wishart, D. Corapi, S. Marinovic, and M. Sloman. 2010. Collaborative Privacy Policy Authoring in a Social Networking Context. In 2010 IEEE International Symposium on Policies for Distributed Systems and Networks. IEEE, 1--8.

Digital Library

[34]

Li Yifang, Vishwamitra Nishant, Knijnenburg Bart, Hu Hongxin, and Caine Kelly. (2017). Blur vs. Block: Investigating the Effectiveness of Privacy-Enhancing Obfuscation for Images. In The First International Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS 2017).

[35]

Li Yifang, Vishwamitra Nishant, Hu Hongxin, Knijnenburg Bart, and Caine Kelly. 2017. Effectiveness and Users' Experience of Face Blurring as a Privacy Protection for Sharing Photos via Online Social Networks. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting, Vol. 61. SAGE Publications.

[36]

Y. Zhu, Z. Hu, H. Wang, H. Hu, and G. J. Ahn. 2010. A Collaborative Framework for Privacy Protection in Online Social Networks. In Proceedings of the 6th International Conference on Collaborative Computing (CollaborateCom).

Cited By

Zhang LStangl ASharma TTseng YXu IGurari DWang YFindlater L(2024)Designing Accessible Obfuscation Support for Blind Individuals’ Visual Privacy ManagementProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642713(1-19)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642713
Salehzadeh Niksirat KKorka DHarkous HHuguenin KCherubini M(2023)On the Potential of Mediation Chatbots for Mitigating Multiparty Privacy Conflicts - A Wizard-of-Oz StudyProceedings of the ACM on Human-Computer Interaction10.1145/35796187:CSCW1(1-33)Online publication date: 16-Apr-2023
https://dl.acm.org/doi/10.1145/3579618
Alhelali ERamokapane KSuch J(2023)Multiuser Privacy and Security Conflicts in the CloudProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581307(1-16)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581307
Show More Cited By

Index Terms

Towards PII-based Multiparty Access Control for Photo Sharing in Online Social Networks
1. Security and privacy
  1. Software and application security
    1. Social network security and privacy

Recommendations

SP 800-122. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
Multiparty Access Control for Online Social Networks: Model and Mechanisms

Online social networks (OSNs) have experienced tremendous growth in recent years and become a de facto portal for hundreds of millions of Internet users. These OSNs offer attractive means for digital social interactions and information sharing, but also ...
Multiparty authorization framework for data sharing in online social networks
DBSec'11: Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy

Online social networks (OSNs) have experienced tremendous growth in recent years and become a de facto portal for hundreds of millions of Internet users. These OSNs offer attractive means for digital social interactions and information sharing, but also ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '17 Abstracts: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies

June 2017

276 pages

ISBN:9781450347020

DOI:10.1145/3078861

General Chair:
Elisa Bertino
Purdue University, USA
,
Program Chairs:
Ravi Sandhu
University of Texas at San Antonio, USA
,
Edgar Weippl
SBA Research, Austria

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 June 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

SACMAT'17

Sponsor:

SIGSAC

SACMAT'17: The 22nd ACM Symposium on Access Control Models and Technologies

June 21 - 23, 2017

Indiana, Indianapolis, USA

Acceptance Rates

SACMAT '17 Abstracts Paper Acceptance Rate 14 of 50 submissions, 28%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

35
Total Citations
View Citations
694
Total Downloads

Downloads (Last 12 months)94
Downloads (Last 6 weeks)9

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhang LStangl ASharma TTseng YXu IGurari DWang YFindlater L(2024)Designing Accessible Obfuscation Support for Blind Individuals’ Visual Privacy ManagementProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642713(1-19)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642713
Salehzadeh Niksirat KKorka DHarkous HHuguenin KCherubini M(2023)On the Potential of Mediation Chatbots for Mitigating Multiparty Privacy Conflicts - A Wizard-of-Oz StudyProceedings of the ACM on Human-Computer Interaction10.1145/35796187:CSCW1(1-33)Online publication date: 16-Apr-2023
https://dl.acm.org/doi/10.1145/3579618
Alhelali ERamokapane KSuch J(2023)Multiuser Privacy and Security Conflicts in the CloudProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581307(1-16)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581307
Liu DYan ZDing WCai YChen YWan Z(2023)ESMAC: Efficient and Secure Multi-Owner Access Control With TEE in Multi-Level Data ProcessingIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321597720:5(4052-4069)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3215977
Zhang MSun ZLi HNiu BLi FZhang ZXie YZheng C(2023)Go-Sharing: A Blockchain-Based Privacy-Preserving Framework for Cross-Social Network Photo SharingIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.320893420:5(3572-3587)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3208934
Morris JNewman SPalaniappan KFan JLin D(2023)“Do You Know You Are Tracked by Photos That You Didn’t Take”: Large-Scale Location-Aware Multi-Party Image Privacy ProtectionIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.313223020:1(301-312)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TDSC.2021.3132230
Lamberti GLopez-Sintas JSukphan J(2023)Explaining the digital divide in the European Union: the complementary role of information security concerns in the social process of internet appropriationInformation Technology for Development10.1080/02681102.2023.220264029:4(665-691)Online publication date: 10-May-2023
https://doi.org/10.1080/02681102.2023.2202640
Carvalho MEnnaffi OChateau SBachir S(2023)On the Design of Privacy-Aware Cameras: A Study on Deep Neural NetworksComputer Vision – ECCV 2022 Workshops10.1007/978-3-031-25075-0_17(223-237)Online publication date: 19-Feb-2023
https://doi.org/10.1007/978-3-031-25075-0_17
Alwabel AAlsuhibany S(2022)Evaluating Secure Methodology for Photo Sharing in Online Social NetworksApplied Sciences10.3390/app12231188912:23(11889)Online publication date: 22-Nov-2022
https://doi.org/10.3390/app122311889
Zheng TZhou TLiu QWu KCai ZYin HStavrou ACremers CShi E(2022)Characterizing and Detecting Non-Consensual Photo Sharing on Social NetworksProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560571(3209-3222)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560571
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents