Abstract
Social networking services are having a major impact on people’s daily lives. Ordinary users have taken these social networking facilities as basis for their businesses and for keeping track of their families and friends. In doing so, they add personal information, videos, pictures, and other data that is fundamentally unprotected due to the user’s unawareness and the rigidity of the privacy policies of these facilities. Since users usually sign the privacy policy, granting their ownership of data to the site’s owners, privacy concerns surface. In this paper, we present a privacy policy model—UPP+—for enhancing privacy and security for ordinary users. We use the Alloy language to formalize the model and the Alloy Analyzer to check for any inconsistencies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Danah, B.M., Ellison, N.: Social network sites: definition, history, and scholarship. J. Comput. Mediat. Commun. 13(1), 210–230 (2007)
Jackson, D.: Alloy: a lightweight object modeling notation. Technical report 797. MIT Laboratory for Computer Science, Cambridge (2000)
Jackson, D., Schechter, I., Shlyakhter, I.: Alcoa: the alloy constraint analyzer. In: Proceedings of the International Conference on Software Engineering, Limerick, 2000
Wallace, C.: Using alloy in process modelling. Inf. Softw. Technol. J. 45, 1031–1043 (2003). ISSN 0950-5849
Jackson, D.: Alloy 3.0 Reference Manual. Retrieved on April 18, 2013 from: http://alloy.mit.edu/reference-manual.pdf (2012)
Seater, R., Dennis, G.: Tutorial for Alloy Analyzer 4.0. Retrieved on April 18, 2013 from: http://alloy.mit.edu/tutorial4 (2012)
McLean, J.: In: Marciniak, J. (ed.) Encyclopedia of Software Engineering. Wiley, New York (1994)
Fong, P.W.L., Anwat, M., Zhao, Z.: A privacy preservation model for Facebook - style social network systems. In: Proceedings of the 14th European Symposium on Research in Computer Security (ESORICS’09), Saint Malo. Lecture Notes in Computer Science, vol. 5789, pp. 303–320 (2009)
Danezis, G.: Inferring Privacy Policies for Social Networking Services. CCS Computer and Communications Security, pp. 5–10. ACM, New York (2009)
Dania, C.: Modeling social networking privacy. In: Doctoral Symposium of the International Symposium on Engineering Secure Software and Systems (ESSoS), pp. 49–54. CEUR, The Netherlands (2012)
Haraty, R.A.: C2 secure database management systems – a comparative study. In: Proceedings of the ACM Symposium on Applied Computing, San Antonio, 1999
Haraty, R.A., Bekaii, N.: Towards a temporal multilevel secure database. J. Comput. Sci. 2(1) (2006). ISSN 1549-3636
Hassan, W., Logrippo, L.: Detecting inconsistencies of mixed secrecy models and business policies. Technical report. University of Ottawa, Ottawa (2009)
Ferraiolo, D.F., Kuhn, D.R.: Role-based access control. In: Proceedings of the 15th National Computer Security Conference, Baltimore, pp. 554–563, 1992
Shaffer, A., Auguston, M., Irvine, C., Levin, T.: A security domain model to assess software for exploitable covert channels. In: Proceedings of the ACM SIGPLAN Third Workshop on Programming Languages and Analysis for Security, pp. 45–56. ACM, Tucson (2008)
Misic, J., Misic, V.: Implementation of security policy for clinical information systems over wireless sensor networks. Ad Hoc Netw. J. 5, 134–144 (2007). ISSN 1570-8705
Haraty, R.A., Naous, M.: Modeling and validating the clinical information systems policy using alloy. In: Proceedings of the Second International Conference on Health Information Science. Lecture Notes in Computer Science, pp. 1–17. Springer, London (2013)
Hassan, W., Logrippo, L.: Detecting inconsistencies of mixed secrecy models and business policies. Technical report. University of Ottawa, Ottawa (2009)
Haraty, R.A., Naous, M.: Role-based access control modeling and validation. In: Proceedings of the Fifth IEEE International Workshop on Performance Evaluation of Communications in Distributed Systems and Web based Service Architectures (PEDISWESA’2013), Split, 2013
Aïmeur, E., Gambs, S., Ho, A.: UPP: user privacy policy for social networking sites. In: Proceedings of the Fourth International Conference on Internet and Web Applications and Services, pp. 267–272, 2009
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Wien
About this chapter
Cite this chapter
Haraty, R.A., Massalkhy, S. (2013). UPP+: A Flexible User Privacy Policy for Social Networking Services. In: Chbeir, R., Al Bouna, B. (eds) Security and Privacy Preserving in Social Networks. Lecture Notes in Social Networks. Springer, Vienna. https://doi.org/10.1007/978-3-7091-0894-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-7091-0894-9_5
Published:
Publisher Name: Springer, Vienna
Print ISBN: 978-3-7091-0893-2
Online ISBN: 978-3-7091-0894-9
eBook Packages: Computer ScienceComputer Science (R0)