Skip to main content
SpringerLink
Log in
Book cover

International Conference on Mobile, Secure, and Programmable Networking

MSPN 2016: Mobile, Secure, and Programmable Networking pp 168–182Cite as

A Middleware to Allow Fine-Grained Access Control of Twitter Applications

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 10026))

Abstract

Mobile applications security is nowadays one of the most important topics in the field of information security, due to their pervasivity in the people’s life. Among mobile applications, those that interact with social network profiles, have a great potential for development, as they intercept another powerful asset of the today cyberspace. However, one of the problems that can limit the diffusion of social network applications is the lack of fine-grained control when an application use the APIs of a social network to access a profile. For instance, in Twitter, the supported access control policy is basically on/off, so that if a (third party) application needs the right to write in a user profile, the user is enforced to grant this right with no restriction in the entire profile. This enables a large set of security threats and can make (even inexpert) users reluctant to run these applications. To overcome this problem, we propose an effective solution working for Android Twitter applications based on a middleware approach. The proposed solution enables other possible benefits, as anomaly-based malware detection leveraging API-call patterns, and it can be extended to a multiple social network scenario.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Security SSL. http://developer.android.com/training/articles/security-ssl.html#Concepts

  2. Android Developers (2015). https://developer.android.com/index.html

  3. bitShark (2016). https://play.google.com/store/apps/details?id=blake.hamilton.bitshark

  4. DroidWall (2016). https://code.google.com/p/droidwall/

  5. Dumpster image and video restore (2016). https://play.google.com/store/apps/details?id=com.baloota.dumpster

  6. Firewall analyzer (2016). https://www.manageengine.com/products/firewall/employee-internet-monitoring.html

  7. Firewall pk+ (2016). https://play.google.com/store/apps/details?id=com.ikramshah.firewallpk

  8. Gravitybox unlocker (2016). https://play.google.com/store/apps/details?id=com.ceco.gravitybox.unlocker

  9. iptables (2016). http://www.netfilter.org/projects/iptables/

  10. Mobile security and antivirus (2016). https://play.google.com/store/apps/details?id=com.avast.android.mobilesecurity

  11. Network Log (2016). https://play.google.com/store/apps/details?id=com.googlecode.networklog

  12. Setcpu for root users (2016). https://play.google.com/store/apps/details?id=com.mhuang.overclocking

  13. SniffDroid (2016). https://play.google.com/store/apps/details?id=com.serious.sniffdroid

  14. Buccafurri, F., Lax, G., Nicolazzo, S., Nocera, A.: A privacy-preserving solution for tracking people in critical environments. In: Proceedings of International Workshop on Computers, Software & Applications (COMPSAC 2014), pp. 146–151. IEEE Computer Society, V\(\ddot{a}\)ster\(\dot{a}\)s (2014)

    Google Scholar 

  15. Buccafurri, F., Lax, G., Nicolazzo, S., Nocera, A.: Comparing Twitter and Facebook user behavior: privacy and other aspects. Comput. Hum. Behav. 52, 87–95 (2015)

    Article  Google Scholar 

  16. Buccafurri, F., Lax, G., Nicolazzo, S., Nocera, A.: A model to support design and development of multiple-social-network applications. Inf. Sci. 331, 99–119 (2016)

    Article  MathSciNet  Google Scholar 

  17. Buccafurri, F., Lax, G., Nicolazzo, S., Nocera, A., Ursino, D.: Measuring betweenness centrality in social internetworking scenarios. In: Demey, Y.T., Panetto, H. (eds.) OTM 2013. LNCS, vol. 8186, pp. 666–673. Springer, Heidelberg (2013). doi:10.1007/978-3-642-41033-8_84

    Chapter  Google Scholar 

  18. Buccafurri, F., Lax, G., Nicolazzo, S., Nocera, A., Ursino, D.: Driving global team formation in social networks to obtain diversity. In: Casteleyn, S., Rossi, G., Winckler, M. (eds.) ICWE 2014. LNCS, vol. 8541, pp. 410–419. Springer, Heidelberg (2014). doi:10.1007/978-3-319-08245-5_26

    Google Scholar 

  19. Burt, C.C., Bryant, B.R., Raje, R.R., Olson, A., Auguston, M.: Model driven security: unification of authorization models for fine-grain access control. In: Proceedings of 7th IEEE International Enterprise Distributed Object Computing Conference, pp. 159–171. IEEE (2003)

    Google Scholar 

  20. Butt, A.R., Adabala, S., Kapadia, N.H., Figueiredo, R., Fortes, J., et al.: Fine-grain access control for securing shared resources in computational grids. In: Proceedings of IEEE-IEE Vehicle Navigation and Information Systems Conference, 8-p. IEEE (1993)

    Google Scholar 

  21. Caviglione, L., Lalande, J.-F., Mazurczyk, W., Wendzel, S.: Analysis of human awareness of security, privacy threats in smart environments (2015). arXiv preprint arXiv:1502.00868

    Google Scholar 

  22. Cirani, S., Picone, M., Gonizzi, P., Veltri, L., Ferrari, G.: IoT-OAS: an OAuth-based authorization service architecture for secure services in IoT scenarios. IEEE Sens. J. 15(2), 1224–1234 (2015)

    Article  Google Scholar 

  23. Conti, M., Nguyen, V.T.N., Crispo, B.: CRePE: context-related policy enforcement for android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 331–345. Springer, Heidelberg (2011). doi:10.1007/978-3-642-18178-8_29

    Chapter  Google Scholar 

  24. Czajkowski, K., Foster, I., Karonis, N., Kesselman, C., Martin, S., Smith, W., Tuecke, S.: A resource management architecture for metacomputing systems. In: Feitelson, D.G., Rudolph, L. (eds.) JSSPP 1998. LNCS, vol. 1459, pp. 62–82. Springer, Heidelberg (1998). doi:10.1007/BFb0053981

    Chapter  Google Scholar 

  25. Denning, P.J.: Fault tolerant operating systems. ACM Comput. Surv. (CSUR) 8(4), 359–389 (1976)

    Article  MATH  Google Scholar 

  26. Domingo-Pascual, J., Shavitt, Y., Uhlig, S.: Traffic Monitoring and Analysis, vol. 6613. Springer Science & Business Media, Heidelberg (2011)

    Book  Google Scholar 

  27. Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of 16th ACM Conference on Computer and Communications Security, pp. 235–245. ACM (2009)

    Google Scholar 

  28. Ferrara, P., Tripp, O., Pistoia, M.: Morphdroid: fine-grained privacy verification. In: Proceedings of 31st Annual Computer Security Applications Conference, pp. 371–380. ACM (2015)

    Google Scholar 

  29. Ferreira, D., Kostakos, V., Beresford, A.R., Lindqvist, J., Dey, A.K.: Securacy: an empirical investigation of android applications network usage, privacy and security. In: Proceedings of 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) (2015)

    Google Scholar 

  30. Fuchs, A.P., Chaudhuri, A., Foster, J.S.: Scandroid: automated security certification of android applications. Manuscript, University of Maryland, 2(3), (2009). http://www.cs.umd.edu/avik/projects/scandroidascaa

  31. Hammer-Lahav, E.: The OAuth 1.0 protocol (2010)

    Google Scholar 

  32. Hardt, D.: The OAuth 2.0 authorization framework (2012)

    Google Scholar 

  33. Jeon, W., Kim, J., Lee, Y., Won, D.: A practical analysis of smartphone security. In: Smith, M.J., Salvendy, G. (eds.) Human Interface 2011. LNCS, vol. 6771, pp. 311–320. Springer, Heidelberg (2011). doi:10.1007/978-3-642-21793-7_35

    Chapter  Google Scholar 

  34. Keahey, K., Von, W.: Fine-grain authorization for resource management in the grid environment. In: Parashar, M. (ed.) GRID 2002. LNCS, vol. 2536, pp. 199–206. Springer, Heidelberg (2002). doi:10.1007/3-540-36133-2_18

    Chapter  Google Scholar 

  35. La Polla, M., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Commun. Surv. Tutor. 15(1), 446–471 (2013)

    Article  Google Scholar 

  36. Lax, G., Buccafurri, F., Nicolazzo, S., Nocera, A., Fotia, L.: A new approach for electronic signature. In: Proceedings of International Conference on Information Systems Security and Privacy (ICISSP 2016), Rome, IT (2016)

    Google Scholar 

  37. Maxion, R., Tan, K., et al.: Benchmarking anomaly-based detection systems. In: Proceedings of International Conference on Dependable Systems and Networks, DSN 2000, pp. 623–630. IEEE (2000)

    Google Scholar 

  38. Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013)

    Article  Google Scholar 

  39. Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of 5th ACM Symposium on Information, Computer and Communications Security, pp. 328–332. ACM (2010)

    Google Scholar 

  40. Nikou, S., Bouwman, H.: Ubiquitous use of mobile social network services. Telematics Inform. 31(3), 422–433 (2014)

    Article  Google Scholar 

  41. Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in android. Secur. Commun. Netw. 5(6), 658–673 (2012)

    Article  Google Scholar 

  42. Schiffman, J., Zhang, X., Gibbs, S.: Dauth: fine-grained authorization delegation for distributed web application consumers. In: IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), pp. 95–102. IEEE (2010)

    Google Scholar 

  43. Shehab, M., Marouf, S., Hudel, C.: RoAuth: recommendation based open authorization. In: Proceedings of 7th Symposium on Usable Privacy and Security, p. 11. ACM (2011)

    Google Scholar 

Download references

Acknowledgment

This work has been partially supported by the Program “Programma Operativo Nazionale Ricerca e Competitività” 2007–2013, Distretto Tecnologico CyberSecurity funded by the Italian Ministry of Education, University and Research.

Author information

Authors and Affiliations

  1. DIIES, University Mediterranea of Reggio Calabria, Via Graziella, Località Feo di Vito, 89122, Reggio Calabria, Italy

    Francesco Buccafurri, Gianluca Lax, Serena Nicolazzo & Antonino Nocera

Authors
  1. Francesco Buccafurri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gianluca Lax
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Serena Nicolazzo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Antonino Nocera
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Francesco Buccafurri .

Editor information

Editors and Affiliations

  1. CNAM/CEDRIC, Paris, France

    Selma Boumerdassi

  2. Institut Mines-Télécom – Télécom SudParis, Évry, France

    Éric Renault

  3. CNAM/CEDRIC , Paris, France

    Samia Bouzefrane

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Buccafurri, F., Lax, G., Nicolazzo, S., Nocera, A. (2016). A Middleware to Allow Fine-Grained Access Control of Twitter Applications. In: Boumerdassi, S., Renault, É., Bouzefrane, S. (eds) Mobile, Secure, and Programmable Networking. MSPN 2016. Lecture Notes in Computer Science(), vol 10026. Springer, Cham. https://doi.org/10.1007/978-3-319-50463-6_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-50463-6_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-50462-9

  • Online ISBN: 978-3-319-50463-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation