ABSTRACT
Online Social Networks (OSNs) have become one of the principal technological phenomena of the Web, gaining an eminent popularity among its users. With the growing worldwide expansion of OSN services, people have devoted time and effort to maintaining and manipulating their online identity on these systems. However, the processing of personal data through these networks has exposed users to various privacy threats. Consequently, new solutions need to be developed for addressing the threat scenarios to which a user is potentially exposed. In this sense, this paper proposes PTMOL (Privacy Threat MOdeling Language), an approach for modeling privacy threats in OSN domain. The proposed language aims to support the capture, organization and analysis of specific privacy threats that a user is exposed to when sharing assets in a social application, also enabling the definition of countermeasures to prevent or mitigate the effects of threat scenarios. The first language version has undergone a preliminary empirical study that identified its validity as a modeling language. The results indicate that the use of the language is potentially useful for identifying real privacy threats due to its exploratory and reflexive nature. We expect to contribute to support designers in making more preemptive decisions about user privacy risk, helping them to introduce privacy early in the development cycle of social applications.
- Jemal H Abawajy, Mohd Izuan Hafez Ninggal, and Tutut Herawan. 2016. Privacy preserving social network data publication. IEEE communications surveys & tutorials 18, 3 (2016), 1974--1997.Google Scholar
- Younes Abid, Abdessamad Imine, and Michael Rusinowitch. 2018. Online testing of user profile resilience against inference attacks in social networks. In European Conference on Advances in Databases and Information Systems. Springer, 105--117.Google ScholarCross Ref
- A. Aktypi, J.R.C. Nurse, and M. Goldsmith. 2017. Unwinding Ariadne's identity thread: Privacy risks with fitness trackers and Online Social Networks. MPS 2017 - Proceedings of the 2017 Workshop on Multimedia Privacy and Security, co-located with CCS 2017 2017-January (2017), 1--11. cited By 6. Google ScholarDigital Library
- H.A. Al-Asmari and M.S. Saleh. 2019. A conceptual framework for measuring personal privacy risks in facebook online social network. 2019 International Conference on Computer and Information Sciences, ICCIS 2019 (2019). cited By 0. Google ScholarCross Ref
- Shaukat Ali, Naveed Islam, Azhar Rauf, Ikram Ud Din, Mohsen Guizani, and Joel JPC Rodrigues. 2018. Privacy and security issues in online social networks. Future Internet 10, 12 (2018), 114.Google ScholarCross Ref
- Irwin Altman. 1975. The Environment and Social Behavior: Privacy, Personal Space, Territory, and Crowding. (1975).Google Scholar
- Simone Barbosa and Bruno Silva. 2010. Interação humano-computador. Elsevier Brasil.Google Scholar
- L. Bioglio, S. Capecchi, F. Peiretti, D. Sayed, A. Torasso, and R.G. Pensa. 2019. A Social Network Simulation Game to Raise Awareness of Privacy among School Children. IEEE Transactions on Learning Technologies 12, 4 (2019), 456--469. cited By 1. Google ScholarDigital Library
- H. Brakemeier, T. Widjaja, and P. Buxmann. 2016. Calculating with different goals in mind - The moderating role of the regulatory focus in the privacy calculus. 24th European Conference on Information Systems, ECIS 2016 (2016). cited By 1.Google Scholar
- I. Casas, J. Hurtado, and X. Zhu. 2015. Social network privacy: Issues and measurement. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 9419 (2015), 488--502. cited By 2. Google ScholarCross Ref
- Fred D Davis. 1989. Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS quarterly (1989), 319--340.Google ScholarDigital Library
- S.J. De and A. Imine. 2018. Privacy scoring of social network user profiles through risk analysis. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 10694 LNCS (2018), 227--243. cited By 0. Google ScholarCross Ref
- S.J. De and A. Imine. 2018. To reveal or not to reveal: Balancing user-centric social benefit and privacy in online social networks. Proceedings of the ACM Symposium on Applied Computing (2018), 1157--1164. cited By 3. Google ScholarDigital Library
- Tamara Denning, Batya Friedman, and Tadayoshi Kohno. 2013. The Security Cards: A Security Threat Brainstorming Toolkit. Univ. of Washington, http://securitycards.cs.Washington.edu (2013).Google Scholar
- Valerian J Derlega and Alan L Chaikin. 1977. Privacy and self-disclosure in social relationships. Journal of Social Issues 33, 3 (1977), 102--115.Google ScholarCross Ref
- C. Dong and B. Zhou. 2016. Privacy inference analysis on event-based social networks. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 10047 LNCS (2016), 421--438. cited By 0. Google ScholarDigital Library
- Adrian Fernandez, Silvia Abrahão, Emilio Insfran, and Maristella Matera. 2012. Further analysis on the validation of a usability inspection method for model-driven web development. In Proceedings of the ACM-IEEE international symposium on Empirical software engineering and measurement. 153--156.Google ScholarDigital Library
- R. Fogues, J.M. Such, A. Espinosa, and A. Garcia-Fornes. 2015. Open Challenges in Relationship-Based Privacy Mechanisms for Social Network Services. International Journal of Human-Computer Interaction 31, 5 (2015), 350--370. cited By 30. Google ScholarCross Ref
- Omar Jaafor and Babiga Birregah. 2015. Multi-layered graph-based model for social engineering vulnerability assessment. In 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM). IEEE, 1480--1488.Google ScholarDigital Library
- O. Jaafor, B. Birregah, C. Perez, and M. Lemercier. 2015. Privacy threats from social networking service aggregators. Proceedings - 5th Cybercrime and Trustworthy Computing Conference, CTC 2014 (2015), 30--37. cited By 2. Google ScholarDigital Library
- S. Joyee De and A. Imine. 2019. On Consent in Online Social Networks: Privacy Impacts and Research Directions (Short Paper). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 11391 LNCS (2019), 128--135. cited By 0. Google ScholarCross Ref
- S. Kavianpour, Z. Ismail, and A. Mohtasebi. 2011. Effectiveness of using integrated algorithm in preserving privacy of social network sites users. Communications in Computer and Information Science 167 CCIS, PART 2 (2011), 237--249. cited By 0. Google ScholarCross Ref
- H. Kumar, S. Jain, and R. Srivastava. 2017. Risk analysis of online social networks. Proceeding - IEEE International Conference on Computing, Communication and Automation, ICCCA 2016 (2017), 846--851. cited By 1. Google ScholarCross Ref
- Oliver Laitenberger and Horst M Dreyer. 1998. Evaluating the usefulness and the ease of use of a web-based inspection data collection tool. In Proceedings Fifth International Software Metrics Symposium. Metrics (Cat. No. 98TB100262). IEEE, 122--132.Google ScholarCross Ref
- Carlos Laorden, Borja Sanz, Gonzalo Alvarez, and Pablo G Bringas. 2010. A threat model approach to threats and vulnerabilities in on-line social networks. In Computational Intelligence in Security for Information Systems 2010. Springer, 135--142.Google Scholar
- S. Mahmood. 2012. New privacy threats for facebook and twitter users. Proceedings - 2012 7th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, 3PGCIC 2012 (2012), 164--169. cited By 10. Google ScholarDigital Library
- Nancy R Mead, Forrest Shull, Krishnamurthy Vemuru, and Ole Villadsen. 2018. A hybrid threat modeling method. Carnegie Mellon University-Software Engineering Institute-Technical Report-CMU/SEI-2018-TN-002 (2018).Google Scholar
- Microsoft. 2003. Threat Modeling. urlhttps://msdn.microsoft.com/en-us/library/ff648644.aspx.Google Scholar
- S. Nobari, P. Karras, H. Pang, and S. Bressan. 2014. L-opacity: Linkage-aware graph anonymization. Advances in Database Technology - EDBT 2014: 17th International Conference on Extending Database Technology, Proceedings (2014), 583--594. cited By 9. Google ScholarCross Ref
- Samia Oukemeni, Helena Rifà-Pous, and Joan Manuel Marquès Puig. 2019. Privacy analysis on microblogging online social networks: a survey. ACM Computing Surveys (CSUR) 52, 3 (2019), 1--36.Google ScholarDigital Library
- Sandra Petronio. 2002. Boundaries of privacy: Dialectics of disclosure. Suny Press.Google Scholar
- Andreas Pfitzmann and Marit Hansen. 2010. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management.Google Scholar
- Bradley Potteiger, Goncalo Martins, and Xenofon Koutsoukos. 2016. Software and attack centric integrated threat modeling for quantitative risk assessment. In Proceedings of the Symposium and Bootcamp on the Science of Security. 99--108.Google ScholarDigital Library
- Kai Rannenberg. 2011. ISO/IEC standardization of identity management and privacy technologies. Datenschutz und Datensicherheit-DuD 35, 1 (2011), 27--29.Google ScholarCross Ref
- S. Rathore, P.K. Sharma, V. Loia, Y.-S. Jeong, and J.H. Park. 2017. Social network security: Issues, challenges, threats, and solutions. Information Sciences 421 (2017), 43--69. cited By 35. Google ScholarCross Ref
- Riccardo Scandariato, Kim Wuyts, and Wouter Joosen. 2015. A descriptive study of Microsoft's threat modeling technique. Requirements Engineering 20, 2 (2015), 163--180.Google ScholarDigital Library
- Zhenpeng Shi, Kalman Graffi, David Starobinski, and Nikolay Matyunin. 2021. Threat Modeling Tools: A Taxonomy. IEEE Security & Privacy 01 (2021), 2--13.Google Scholar
- Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2012. Protecting location privacy: optimal strategy against localization attacks. In Proceedings of the 2012 ACM conference on Computer and communications security. 617--627.Google ScholarDigital Library
- Adam Shostack. 2008. Experiences Threat Modeling at Microsoft. MODSEC@MoDELS 2008 (2008), 35.Google Scholar
- Adam Shostack. 2014. Threat modeling: Designing for security. John Wiley & Sons.Google ScholarDigital Library
- Forrest Shull, Jeffrey Carver, and Guilherme H Travassos. 2001. An empirical methodology for introducing software processes. ACM SIGSOFT Software Engineering Notes 26, 5 (2001), 288--296.Google ScholarDigital Library
- Madhuri Siddula, Lijie Li, and Yingshu Li. 2018. An empirical study on the privacy preservation of online social networks. IEEE Access 6 (2018), 19912--19922.Google ScholarCross Ref
- Olivia Solon. 2018. Facebook says Cambridge Analytica may have gained 37m more users' data. The Guardian 4 (2018).Google Scholar
- M. Sramka. 2012. Privacy scores: Assessing privacy risks beyond social networks. Infocommunications Journal 4, 4 (2012), 36--41. cited By 1.Google Scholar
- Guilherme Horta Travassos, Dmytro Gurov, and EAGG Amaral. 2002. Introdução à engenharia de software experimental. (2002).Google Scholar
- R. Tucker, C. Tucker, and J. Zheng. 2015. Privacy pal: Improving permission safety awareness of third party applications in online social networks. Proceedings - 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security and 2015 IEEE 12th International Conference on Embedded Software and Systems, HPCC-CSS-ICESS 2015 (2015), 1268--1273. cited By 2. Google ScholarDigital Library
- Tony UcedaVelez and Marco M Morana. 2015. Risk Centric Threat Modeling: process for attack simulation and threat analysis. John Wiley & Sons.Google ScholarDigital Library
- H.Q. Vu, R. Law, and G. Li. 2019. Breach of traveller privacy in location-based social media. Current Issues in Tourism 22, 15 (2019), 1825--1840. cited By 2. Google Scholar
- Y. Wang and R.K. Nepali. 2015. Privacy threat modeling framework for online social networks. 2015 International Conference on Collaboration Technologies and Systems, CTS 2015 (2015), 358--363. cited By 5. Google ScholarCross Ref
- C. Watanabe, T. Amagasa, and L. Liu. 2011. PrIvacy risks and countermeasures in publishing and mining social network data. ColiaborateCom 2011 - Proceedings of the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (2011), 55--66. cited By 6. Google ScholarCross Ref
- G. Wen, H. Liu, J. Yan, and Z. Wu. 2018. A privacy analysis method to anonymous graph based on bayes rule in social networks. Proceedings - 14th International Conference on Computational Intelligence and Security, CIS 2018 (2018), 469--472. cited By 0. Google ScholarCross Ref
- Kim Wuyts, Dimitri Van Landuyt, Aram Hovsepyan, and Wouter Joosen. 2018. Effective and efficient privacy threat modeling through domain refinements. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing. 1175--1178.Google ScholarDigital Library
- Wenjun Xiong and Robert Lagerström. 2019. Threat modeling-A systematic literature review. Computers & security 84 (2019), 53--69.Google Scholar
- Heng Xu, Hock-Hai Teo, and Bernard Tan. 2005. Predicting the adoption of location-based services: the role of trust and perceived privacy risk. ICIS 2005 proceedings (2005), 71.Google Scholar
- Y. Zeng, Y. Sun, L. Xing, and V. Vokkarane. 2015. A study of online social network privacy via the TAPE framework. IEEE Journal on Selected Topics in Signal Processing 9, 7 (2015), 1270--1284. cited By 7. Google ScholarCross Ref
- Elena Zheleva and Lise Getoor. 2009. To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In Proceedings of the 18th international conference on World wide web. 531--540.Google ScholarDigital Library
- Elena Zheleva and Lise Getoor. 2011. Privacy in social networks: A survey. In Social network data analytics. Springer, 277--306.Google Scholar
Index Terms
- PTMOL: a suitable approach for modeling privacy threats in online social networks
Recommendations
Privacy leakage analysis in online social networks
Online Social Networks (OSNs) have become one of the major platforms for social interactions, such as building up relationship, sharing personal experiences, and providing other services. The wide adoption of OSNs raises privacy concerns due to personal ...
Privacy-Aware Cloaking Technique in Location-Based Services
MS '12: Proceedings of the 2012 IEEE First International Conference on Mobile ServicesThe explosive growth of location-detection devices, such as GPS (Global Positioning System), continuously increasing users' privacy threat in location-based services (LBSs). However, in order to enjoy such services, the user must precisely disclose his/...
K-Anonymous Cloaking Algorithm Based on Weighted Adjacency Graph for Preserving Location Privacy
TRUSTCOM '12: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and CommunicationsThe propagation of position identifying devices, such as GPS (Global Positioning System), becomes increasingly a privacy threat in location-based services (LBSs). However, in order to enjoy such services, the user must precisely disclose his/her exact ...
Comments