research-article

PTMOL: a suitable approach for modeling privacy threats in online social networks

Authors:
Andrey Rodrigues

Federal University of Amazonas, Manaus, Brazil

Federal University of Amazonas, Manaus, Brazil
View Profile

,
Maria Lúcia Villela

Federal University of Viçosa, Viçosa, Brazil

Federal University of Viçosa, Viçosa, Brazil
View Profile

,
Eduardo Feitosa

Federal University of Amazonas, Manaus, Brazil

Federal University of Amazonas, Manaus, Brazil
View Profile

IHC '22: Proceedings of the 21st Brazilian Symposium on Human Factors in Computing SystemsOctober 2022Article No.: 25Pages 1–12https://doi.org/10.1145/3554364.3559115

Published:19 October 2022Publication History

IHC '22: Proceedings of the 21st Brazilian Symposium on Human Factors in Computing Systems

Pages 1–12

ABSTRACT

Online Social Networks (OSNs) have become one of the principal technological phenomena of the Web, gaining an eminent popularity among its users. With the growing worldwide expansion of OSN services, people have devoted time and effort to maintaining and manipulating their online identity on these systems. However, the processing of personal data through these networks has exposed users to various privacy threats. Consequently, new solutions need to be developed for addressing the threat scenarios to which a user is potentially exposed. In this sense, this paper proposes PTMOL (Privacy Threat MOdeling Language), an approach for modeling privacy threats in OSN domain. The proposed language aims to support the capture, organization and analysis of specific privacy threats that a user is exposed to when sharing assets in a social application, also enabling the definition of countermeasures to prevent or mitigate the effects of threat scenarios. The first language version has undergone a preliminary empirical study that identified its validity as a modeling language. The results indicate that the use of the language is potentially useful for identifying real privacy threats due to its exploratory and reflexive nature. We expect to contribute to support designers in making more preemptive decisions about user privacy risk, helping them to introduce privacy early in the development cycle of social applications.

References

Jemal H Abawajy, Mohd Izuan Hafez Ninggal, and Tutut Herawan. 2016. Privacy preserving social network data publication. IEEE communications surveys & tutorials 18, 3 (2016), 1974--1997.Google Scholar
Younes Abid, Abdessamad Imine, and Michael Rusinowitch. 2018. Online testing of user profile resilience against inference attacks in social networks. In European Conference on Advances in Databases and Information Systems. Springer, 105--117.Google ScholarCross Ref
A. Aktypi, J.R.C. Nurse, and M. Goldsmith. 2017. Unwinding Ariadne's identity thread: Privacy risks with fitness trackers and Online Social Networks. MPS 2017 - Proceedings of the 2017 Workshop on Multimedia Privacy and Security, co-located with CCS 2017 2017-January (2017), 1--11. cited By 6. Google ScholarDigital Library
H.A. Al-Asmari and M.S. Saleh. 2019. A conceptual framework for measuring personal privacy risks in facebook online social network. 2019 International Conference on Computer and Information Sciences, ICCIS 2019 (2019). cited By 0. Google ScholarCross Ref
Shaukat Ali, Naveed Islam, Azhar Rauf, Ikram Ud Din, Mohsen Guizani, and Joel JPC Rodrigues. 2018. Privacy and security issues in online social networks. Future Internet 10, 12 (2018), 114.Google ScholarCross Ref
Irwin Altman. 1975. The Environment and Social Behavior: Privacy, Personal Space, Territory, and Crowding. (1975).Google Scholar
Simone Barbosa and Bruno Silva. 2010. Interação humano-computador. Elsevier Brasil.Google Scholar
L. Bioglio, S. Capecchi, F. Peiretti, D. Sayed, A. Torasso, and R.G. Pensa. 2019. A Social Network Simulation Game to Raise Awareness of Privacy among School Children. IEEE Transactions on Learning Technologies 12, 4 (2019), 456--469. cited By 1. Google ScholarDigital Library
H. Brakemeier, T. Widjaja, and P. Buxmann. 2016. Calculating with different goals in mind - The moderating role of the regulatory focus in the privacy calculus. 24th European Conference on Information Systems, ECIS 2016 (2016). cited By 1.Google Scholar
I. Casas, J. Hurtado, and X. Zhu. 2015. Social network privacy: Issues and measurement. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 9419 (2015), 488--502. cited By 2. Google ScholarCross Ref
Fred D Davis. 1989. Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS quarterly (1989), 319--340.Google ScholarDigital Library
S.J. De and A. Imine. 2018. Privacy scoring of social network user profiles through risk analysis. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 10694 LNCS (2018), 227--243. cited By 0. Google ScholarCross Ref
S.J. De and A. Imine. 2018. To reveal or not to reveal: Balancing user-centric social benefit and privacy in online social networks. Proceedings of the ACM Symposium on Applied Computing (2018), 1157--1164. cited By 3. Google ScholarDigital Library
Tamara Denning, Batya Friedman, and Tadayoshi Kohno. 2013. The Security Cards: A Security Threat Brainstorming Toolkit. Univ. of Washington, http://securitycards.cs.Washington.edu (2013).Google Scholar
Valerian J Derlega and Alan L Chaikin. 1977. Privacy and self-disclosure in social relationships. Journal of Social Issues 33, 3 (1977), 102--115.Google ScholarCross Ref
C. Dong and B. Zhou. 2016. Privacy inference analysis on event-based social networks. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 10047 LNCS (2016), 421--438. cited By 0. Google ScholarDigital Library
Adrian Fernandez, Silvia Abrahão, Emilio Insfran, and Maristella Matera. 2012. Further analysis on the validation of a usability inspection method for model-driven web development. In Proceedings of the ACM-IEEE international symposium on Empirical software engineering and measurement. 153--156.Google ScholarDigital Library
R. Fogues, J.M. Such, A. Espinosa, and A. Garcia-Fornes. 2015. Open Challenges in Relationship-Based Privacy Mechanisms for Social Network Services. International Journal of Human-Computer Interaction 31, 5 (2015), 350--370. cited By 30. Google ScholarCross Ref
Omar Jaafor and Babiga Birregah. 2015. Multi-layered graph-based model for social engineering vulnerability assessment. In 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM). IEEE, 1480--1488.Google ScholarDigital Library
O. Jaafor, B. Birregah, C. Perez, and M. Lemercier. 2015. Privacy threats from social networking service aggregators. Proceedings - 5th Cybercrime and Trustworthy Computing Conference, CTC 2014 (2015), 30--37. cited By 2. Google ScholarDigital Library
S. Joyee De and A. Imine. 2019. On Consent in Online Social Networks: Privacy Impacts and Research Directions (Short Paper). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 11391 LNCS (2019), 128--135. cited By 0. Google ScholarCross Ref
S. Kavianpour, Z. Ismail, and A. Mohtasebi. 2011. Effectiveness of using integrated algorithm in preserving privacy of social network sites users. Communications in Computer and Information Science 167 CCIS, PART 2 (2011), 237--249. cited By 0. Google ScholarCross Ref
H. Kumar, S. Jain, and R. Srivastava. 2017. Risk analysis of online social networks. Proceeding - IEEE International Conference on Computing, Communication and Automation, ICCCA 2016 (2017), 846--851. cited By 1. Google ScholarCross Ref
Oliver Laitenberger and Horst M Dreyer. 1998. Evaluating the usefulness and the ease of use of a web-based inspection data collection tool. In Proceedings Fifth International Software Metrics Symposium. Metrics (Cat. No. 98TB100262). IEEE, 122--132.Google ScholarCross Ref
Carlos Laorden, Borja Sanz, Gonzalo Alvarez, and Pablo G Bringas. 2010. A threat model approach to threats and vulnerabilities in on-line social networks. In Computational Intelligence in Security for Information Systems 2010. Springer, 135--142.Google Scholar
S. Mahmood. 2012. New privacy threats for facebook and twitter users. Proceedings - 2012 7th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, 3PGCIC 2012 (2012), 164--169. cited By 10. Google ScholarDigital Library
Nancy R Mead, Forrest Shull, Krishnamurthy Vemuru, and Ole Villadsen. 2018. A hybrid threat modeling method. Carnegie Mellon University-Software Engineering Institute-Technical Report-CMU/SEI-2018-TN-002 (2018).Google Scholar
Microsoft. 2003. Threat Modeling. urlhttps://msdn.microsoft.com/en-us/library/ff648644.aspx.Google Scholar
S. Nobari, P. Karras, H. Pang, and S. Bressan. 2014. L-opacity: Linkage-aware graph anonymization. Advances in Database Technology - EDBT 2014: 17th International Conference on Extending Database Technology, Proceedings (2014), 583--594. cited By 9. Google ScholarCross Ref
Samia Oukemeni, Helena Rifà-Pous, and Joan Manuel Marquès Puig. 2019. Privacy analysis on microblogging online social networks: a survey. ACM Computing Surveys (CSUR) 52, 3 (2019), 1--36.Google ScholarDigital Library
Sandra Petronio. 2002. Boundaries of privacy: Dialectics of disclosure. Suny Press.Google Scholar
Andreas Pfitzmann and Marit Hansen. 2010. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management.Google Scholar
Bradley Potteiger, Goncalo Martins, and Xenofon Koutsoukos. 2016. Software and attack centric integrated threat modeling for quantitative risk assessment. In Proceedings of the Symposium and Bootcamp on the Science of Security. 99--108.Google ScholarDigital Library
Kai Rannenberg. 2011. ISO/IEC standardization of identity management and privacy technologies. Datenschutz und Datensicherheit-DuD 35, 1 (2011), 27--29.Google ScholarCross Ref
S. Rathore, P.K. Sharma, V. Loia, Y.-S. Jeong, and J.H. Park. 2017. Social network security: Issues, challenges, threats, and solutions. Information Sciences 421 (2017), 43--69. cited By 35. Google ScholarCross Ref
Riccardo Scandariato, Kim Wuyts, and Wouter Joosen. 2015. A descriptive study of Microsoft's threat modeling technique. Requirements Engineering 20, 2 (2015), 163--180.Google ScholarDigital Library
Zhenpeng Shi, Kalman Graffi, David Starobinski, and Nikolay Matyunin. 2021. Threat Modeling Tools: A Taxonomy. IEEE Security & Privacy 01 (2021), 2--13.Google Scholar
Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2012. Protecting location privacy: optimal strategy against localization attacks. In Proceedings of the 2012 ACM conference on Computer and communications security. 617--627.Google ScholarDigital Library
Adam Shostack. 2008. Experiences Threat Modeling at Microsoft. MODSEC@MoDELS 2008 (2008), 35.Google Scholar
Adam Shostack. 2014. Threat modeling: Designing for security. John Wiley & Sons.Google ScholarDigital Library
Forrest Shull, Jeffrey Carver, and Guilherme H Travassos. 2001. An empirical methodology for introducing software processes. ACM SIGSOFT Software Engineering Notes 26, 5 (2001), 288--296.Google ScholarDigital Library
Madhuri Siddula, Lijie Li, and Yingshu Li. 2018. An empirical study on the privacy preservation of online social networks. IEEE Access 6 (2018), 19912--19922.Google ScholarCross Ref
Olivia Solon. 2018. Facebook says Cambridge Analytica may have gained 37m more users' data. The Guardian 4 (2018).Google Scholar
M. Sramka. 2012. Privacy scores: Assessing privacy risks beyond social networks. Infocommunications Journal 4, 4 (2012), 36--41. cited By 1.Google Scholar
Guilherme Horta Travassos, Dmytro Gurov, and EAGG Amaral. 2002. Introdução à engenharia de software experimental. (2002).Google Scholar
R. Tucker, C. Tucker, and J. Zheng. 2015. Privacy pal: Improving permission safety awareness of third party applications in online social networks. Proceedings - 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security and 2015 IEEE 12th International Conference on Embedded Software and Systems, HPCC-CSS-ICESS 2015 (2015), 1268--1273. cited By 2. Google ScholarDigital Library
Tony UcedaVelez and Marco M Morana. 2015. Risk Centric Threat Modeling: process for attack simulation and threat analysis. John Wiley & Sons.Google ScholarDigital Library
H.Q. Vu, R. Law, and G. Li. 2019. Breach of traveller privacy in location-based social media. Current Issues in Tourism 22, 15 (2019), 1825--1840. cited By 2. Google Scholar
Y. Wang and R.K. Nepali. 2015. Privacy threat modeling framework for online social networks. 2015 International Conference on Collaboration Technologies and Systems, CTS 2015 (2015), 358--363. cited By 5. Google ScholarCross Ref
C. Watanabe, T. Amagasa, and L. Liu. 2011. PrIvacy risks and countermeasures in publishing and mining social network data. ColiaborateCom 2011 - Proceedings of the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (2011), 55--66. cited By 6. Google ScholarCross Ref
G. Wen, H. Liu, J. Yan, and Z. Wu. 2018. A privacy analysis method to anonymous graph based on bayes rule in social networks. Proceedings - 14th International Conference on Computational Intelligence and Security, CIS 2018 (2018), 469--472. cited By 0. Google ScholarCross Ref
Kim Wuyts, Dimitri Van Landuyt, Aram Hovsepyan, and Wouter Joosen. 2018. Effective and efficient privacy threat modeling through domain refinements. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing. 1175--1178.Google ScholarDigital Library
Wenjun Xiong and Robert Lagerström. 2019. Threat modeling-A systematic literature review. Computers & security 84 (2019), 53--69.Google Scholar
Heng Xu, Hock-Hai Teo, and Bernard Tan. 2005. Predicting the adoption of location-based services: the role of trust and perceived privacy risk. ICIS 2005 proceedings (2005), 71.Google Scholar
Y. Zeng, Y. Sun, L. Xing, and V. Vokkarane. 2015. A study of online social network privacy via the TAPE framework. IEEE Journal on Selected Topics in Signal Processing 9, 7 (2015), 1270--1284. cited By 7. Google ScholarCross Ref
Elena Zheleva and Lise Getoor. 2009. To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In Proceedings of the 18th international conference on World wide web. 531--540.Google ScholarDigital Library
Elena Zheleva and Lise Getoor. 2011. Privacy in social networks: A survey. In Social network data analytics. Springer, 277--306.Google Scholar

Index Terms

PTMOL: a suitable approach for modeling privacy threats in online social networks
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections
  2. Software and application security
    1. Social network security and privacy

Recommendations

Privacy leakage analysis in online social networks

Online Social Networks (OSNs) have become one of the major platforms for social interactions, such as building up relationship, sharing personal experiences, and providing other services. The wide adoption of OSNs raises privacy concerns due to personal ...
Read More
Privacy-Aware Cloaking Technique in Location-Based Services
MS '12: Proceedings of the 2012 IEEE First International Conference on Mobile Services

The explosive growth of location-detection devices, such as GPS (Global Positioning System), continuously increasing users' privacy threat in location-based services (LBSs). However, in order to enjoy such services, the user must precisely disclose his/...
Read More
K-Anonymous Cloaking Algorithm Based on Weighted Adjacency Graph for Preserving Location Privacy
TRUSTCOM '12: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications

The propagation of position identifying devices, such as GPS (Global Positioning System), becomes increasingly a privacy threat in location-based services (LBSs). However, in order to enjoy such services, the user must precisely disclose his/her exact ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
IHC '22: Proceedings of the 21st Brazilian Symposium on Human Factors in Computing Systems
October 2022
482 pages
ISBN:9781450395069
DOI:10.1145/3554364
General Chairs:
Caroline Queiroz Santos
Universidade Federal dos Vales do Jequitinhonha e Mucuri (UFVJM)
,
Maria Lúcia Bento Villela
Universidade Federal de Viçosa (UFV)
,
Program Chairs:
Kamila Rios da Hora Rodrigues
Universidade de São Paulo (ICMC/USP)
,
Ticianne de Gois Ribeiro Darin
Universidade Federal do Ceará (UFC)
Copyright © 2022 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 19 October 2022
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
empirical study
online social network
privacy threat
threat modeling
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate331of973submissions,34%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 114
  Total Downloads
- Downloads (Last 12 months)40
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

PTMOL: a suitable approach for modeling privacy threats in online social networks

IHC '22: Proceedings of the 21st Brazilian Symposium on Human Factors in Computing Systems

ABSTRACT

References

Cited By

Index Terms

Recommendations

Privacy leakage analysis in online social networks

Privacy-Aware Cloaking Technique in Location-Based Services

K-Anonymous Cloaking Algorithm Based on Weighted Adjacency Graph for Preserving Location Privacy