A Taxonomy-based Model of Security and Privacy in Online Social ...

Int. J. Signal and Imaging Systems Engineering, Vol. X, No. Y, 2012 1

A Taxonomy-based Model of Security and Privacyin Online Social Networks

L. Caviglione*

Institute of Intelligent Systems for Automation (ISSIA) - Genoa Branch,National Research Council of Italy (CNR),Via De Marini, 6 - 16149 Genova, ItalyFax: +39-010-6475600E-mail: [email protected]*Corresponding author

M. CoccoliDepartment of Communications, Computer and Systems Science,University of Genoa,Via Opera Pia, 13 - 16145 Genoa, ItalyFax: +39-010-3536533E-mail: [email protected]

A. MerloDepartment of Communications, Computer and Systems Science,University of Genoa, Via Opera Pia, 13 - 16145 Genoa, Italyand E-campus university, Novedrate, Como, ItalyFax: +39-010-3536533E-mail: [email protected]

Abstract: Social environments were already present in the original Web vision, butnowadays are mainly available through Online Social Networks (OSNs), which are a realcultural phenomenon. However, their actual deployment is very heterogeneous, reflectinginto different development choices and functional architectures. Such aspects, jointly withthe intrinsic sharing of personal information, lead to severe risks both in terms of securityand privacy.

In this perspective, this paper proposes a taxonomy-based approach to describe andmodel the complex security space characterizing OSNs. The contributions of the paperare: i) to introduce a systematic approach to understand and describe the “problemspace” of an OSN and ii) to showcase basic models for better organizing the engineeringand the research to be done.

Keywords: security, privacy, online social networks, taxonomy, modeling.

Reference to this paper should be made as follows: Caviglione, L., Coccoli, M. andMerlo, A. (2012) “A Taxonomy-based Model of Security and Privacy in Online SocialNetworks”, Int. J. Computational Science and Engineering, Vol. X, No. Y, pp. xxx–yyy.

Biographical notes: L. Caviglione is a Researcher at the Genoa Branch of the Istitutodi Studi sui Sistemi Intelligenti per l’Automazione (ISSIA) of the Italian NationalResearch Council (CNR). He has a PhD in Electronic and Computer Engineering fromthe University of Genoa, Italy. His research interests include p2p systems, IPv6, socialnetworks, wireless networks, and security. He is author and co-author of about 80academic publications. He is an Associate Editor for the Transactions on EmergingTelecommunications Technologies, Wiley.

M. Coccoli is Assistant Professor with the University of Genoa, Faculty of EducationScience, since December 2005. He is with the Department of Communications, Computerand Systems Science (DIST), University of Genoa, where he was a temporary researchersince 1995. He received the PhD in Electronic Engineering and Computer Science fromthe University of Genoa in 2000.

Copyright c© 2009 Inderscience Enterprises Ltd.

2 L. Caviglione, M. Coccoli and A. Merlo

A. Merlo received his PhD in Computer Science from University of Genoa (Italy) wherehe had worked on performance and access control issues related to Grid Computing. Hisresearch interests are focused on security issues in Web and distributed computing. Heis currently working as a teaching assistant at E-Campus University and as an associateresearcher at University of Genoa and at the Italian National Research Council (CNR).

1 Introduction

Nowadays, enabling social interactions amongindividuals is a critical requirement for many networkapplications. In fact, boosted by the availability ofubiquitous connectivity, the Internet is even morean Internet of People (IoP), rather than a simpleinternetwork of hosts (Zhang et al., 2011). This paradigmhas also accounted for the huge success of Web 2.0,which enables to create and share contents with anincreased degree of social connectivity.

Although, such features were already present in theoriginal Web vision. Specifically, the World Wide WebConsortium (W3C) put effort in the definition of a SocialWeb, where, “people can create networks of relationshipsoverlapped with the entire Web, while controlling theirown privacy and data” (Social Web Incubator Group,2005). Unfortunately, social applications are not basedon standardized architectures. Rather, they delegate ad-hoc services, that are becoming real cultural phenomena.

Online Social Networks (OSNs) are the archetype ofthis new wave of applications accounting for millions ofactive users worldwide (see, e.g., Caviglione & Coccoli(2011) and references therein). Even if there are nostandard definitions, an informal one can be as follows:an OSN enables the interaction among participantsaccording to some relationship basis. The rules definingconnections can be very mixed. For instance, they canbe based on friendship, business partnership, or commoninterests.

As a consequence, OSNs are highly specialized,e.g., there are general-purpose services for dealing withspecific topics, such as books and traveling. To makesome examples of the broad nature of OSNs, wemention Facebook, Google+ and Twitter. Facebook andGoogle+ offer a rich set of functionalities, ranging fromtext and multimedia sharing, to AV communications.Instead, Twitter only allows posting short text messages(accordingly called “tweets” having, at least in theirbasic form, a maximum of 140 characters).

To summarize, even if the “space of features”offered by OSNs is very split, their popularity ismainly given by the following core characteristics: i)they allow to share user-generated contents in a quickand simple way (e.g., there is no need for additionalhosting or authoring tools); ii) they support user-to-user real-time communications, as well as asynchronousconversations through messages and comments; iii)many OSNs are appealing development environmentssince they provide a set of Applications Programming

Interfaces (APIs) to create new services or to extendtheir basic functionalities (Esfahani & Malek, 2010);iv) earlier incarnations of OSNs were “closed” (i.e.,a user belonging to a service could not interact withsimilar platforms operated by different providers), butnowadays proper data percolation can be made throughspecific interfaces (Caviglione & Coccoli, 2011); v)the availability of well-established Web developmenttechniques, such as the Asynchronous Javascript AndXML (AJAX) method, enable many OSNs to behighly interactive even providing support to real-time features (e.g., to promptly notify a user aboutchanges happening within his/her network of contacts)(Caviglione, 2011); vi) many OSNs can be accessed viaad-hoc client-interfaces specifically crafted for tablets,handheld devices and gaming consoles, making theservice ubiquitously available (Hu et al., 2010); vii) as aconsequence of a solid mobility support, OSNs also offerlocalization services, making them suitable for exercisinggeo-tagged information (Rao & Nagpal, 2011).

Unfortunately, features i)-vii) reflect into a variety ofsecurity hazards and privacy issues. We mention, amongthe others:

1. unintentional disclosure of personal informationleading to possible attacks a-la social engineering(Caviglione & Coccoli, 2011);

2. due to complex or incoherent privacy and securitysettings, users can reveal their geographicalposition. This can lead to breaches into physicalsecurity (Ruiz Vicente et al., 2011);

3. the joint utilization of different specialized servicescan bring to a new type of attacks based uponmultiple profile fusion (Krishnamurthy & Wills,2009). Nevertheless, the availability of suitabledata structures can ease automatic and massiveuser profiling campaigns (Raad et al., 2010);

4. OSNs are widely accessed from mobile devices, e.g.,via IEEE 802.11 air interfaces. Then, additionalrisks are due the utilization of weak securitysettings to exchange data (e.g., the usage ofHTTP instead of the HyperText Transfer ProtocolSecure) (Wu et al., 2007). Besides, being mobiledevices often battery operated, this can bring to anew class of battery-draining attacks (Caviglioneet al., 2011);

A Taxonomy-based Model of Security and Privacy in Online Social Networks 3

5. third-party Web applications can access to userprofiles, turning the OSN into an effective attackplatform (see, e.g., Haifeng et al. (2010) for adetailed discussion on many attacks that can beperformed via OSNs, such as the Sybil one);

6. to provide highly interactive and sophisticateduser-interfaces, also containing mash-ups, specificWeb programming paradigms are adopted. Thisincreases the risk of attacks such as requestforgeries (Siddiqui & Verma, 2011);

7. the availability of client-interfaces for accessingan OSN from a variety of appliances (e.g., set-top boxes and gaming consoles) may foster newthreats based upon stack misbehaviors, or protocolfingerprinting. This is even worse for devices nothaving full-featured TCP/IP stacks that couldhave exploitable erratic behaviors.

Therefore, the investigation of privacy and securityaspects of OSNs is a mandatory action to guaranteetheir safe and successful utilization. Yet, this is complex,since OSNs have a twofold heterogeneity, i.e., in termsof features and technologies. As a consequence, it is veryunlikely to have an ultimate security model or a unifiedmethodology to produce a uniform analysis. Rather, itwould be useful to understand the “space” of issuesgenerated by a OSN application, also in the perspectiveof developing proper countermeasures and evaluating theeffectiveness of the state-of-the-art solutions.

In this perspective, the contributions of the paperare: i) to provide a comprehensive understanding, alsothrough basic modeling, of the hazards introduced byOSN applications; ii) to investigate privacy issues andpossible related exploits; iii) to showcase a model of aprototypal OSN service, also for highlighting the neededengineering; iv) to help in the creation of checkingprocedures to increase the degree of privacy and securityof OSN.

At the authors’ best knowledge, this is thefirst attempt in capturing the majority of securityand privacy issues related to the adoption of OSNapplications also by introducing models and detailedtaxonomies for revealing potential cross pollinationamong different functional viewpoints. However, apartial survey on the topic has been compiled by Hongyuet al. (2011).

The remainder of the paper is structured as follows:Section 2 introduces a taxonomy-based model to describethe security of an OSN service. Section 3 discusses thesecurity issues of technologies adopted is OSN platforms.Section 4 deals with problems due to specific devices orusers’ habits, while Section 5 portraits hazards tightlycoupled with the “social” nature of such services. Then,Section 6 presents a model of an OSN emphasizing themost critical vulnerabilities. Lastly, Section 7 concludesthe work and also proposes future research directions.

2 Security Space of OSNs: a Taxonomy

In this section we discuss the centrality of security in anOSN-based framework. To this aim, Figure 1 presentsa taxonomy-based model of OSN-exploitable hazards.Also it depicts how different spaces can be “reached”through the OSN. The proposed taxonomy is composedby four main functional spaces (namely, device, personal,social and technological). Being devices and users tightlycoupled, they can be further merged to reduce theclassification to three layers. Specifically:

• user space: it accounts for weaknesses and exploitsconsequence of specific devices or users’ habits. Itis subdivided in two subspaces: i) the device andii) the personal space, respectively. As regards i),it represents issues related to the set of featuresoffered by a device used to access an OSN service(reference Vildjiounaite et al. (2007) is a detailedsurvey on issues introduced by mobile devices,as well as possible solutions). Concerning ii), itgroups all the user behaviors leading to breachesinto the overall security infrastructure, e.g., socialengineering attacks;

• social space: it is strictly affected by the design ofthe OSN, e.g., datatypes and personal informationmanaged. A possible example concerns privateinformation disclosable via GPS updates. We alsomention user-to-user insecuirities, which can leadto bullying or blackmailing (Ochoa et al., 2011)and (Honjo et al., 2011);

• technological space: it represents the set ofsecurity risks related to specific technologies (bothhardware and software) used to implement theOSN service. A paradigmatic case could be whenaccessing an OSN via the Web. Hence, all theflaws known both for the adopted browser and theinvolved communication protocols (e.g., HTTP(s))can be exploited (Criscione et al., 2009). Anotherexample is the remote attack of web-services usedas a public interface by the OSN provider (Jun &Wooyong, 2003).

2.1 Minimal taxonomy-based space modeling

To characterize the role of the OSN in the proposedtaxonomy, we introduce a minimal model to describethe security space. Specifically, we want to show howthe merge of technological and human factors makesthe three-layer taxonomy as a “base” to build a morecomplex security domain. The latter should be deeplyevaluated when engineering or developing social-enabledservices. To this aim, let us define Us, Ss and Ts asthe user, social and technological space, respectively.Also, let us define Css as the OSN Combined SecuritySpace. We model Css as a combination of the featurescharacterizing each space:

Css = f(Us, Ss, Ts) (1)


!"#$%&''()*+",-'

."/$&)'0)1$#)2''

!)*3*"4'5"6)2'7%8$9:';"92"&)2'

<9),:=';"92>84?"9'@A%#-2'

B,"*"#"&'C$9:),4,$9*'!*%#-';,%2D'

EF)9?*='GD)H'!"#$%&'<9:$9)),$9:'!4%8IBD$2D$9:'

7B!'*,%#-$9:'B,$1%#='E22>)'5>&&=$9:IG,>2*'

!JK'E9L)#?"9M'N!!M'N!OCM'@BEM''P@>*D3&$-)'@A%#-2M'G,%Q#'!9$Q9:'

0)1$#)'!4%#)' B),2"9%&'!4%#)'

!"#$%&'!4%#)'

G)#D9"&":$#%&'!4%#)'

Figure 1 Taxonomy-based model of OSN-exploitablehazards.

where, f(·) is an OSN-dependent function forgenerating the space. As hinted, the OSN enables to mixa huge set of information, services and technologies formalicious operations. Defining a unique model for f(·),possibly analytical, could be impossible and is out of thescope of this work. However, Section 6 will present themodeling of a toy OSN in the perspective of explaininghow it can be used systematically to mix the differentspaces. To evaluate the number of attacks exploitable foreach space (fixed the implementation and the featuresoffered by an OSN service), let us introduce as | · | a kindof cardinality operator. Therefore, an OSN could lead tothe following relation:

|Css| ≥ |Us|+ |Ss|+ |Ts| (2)

which states that an OSN can amplify the numberof attacks through the exploitation of its physicaldeployment and stored personal details of a victim. Thisis a consequence of its intrinsic coupling of devices,(wrong) habits, error-prone engineering choices andtechnologies.

Before showcasing some paradigmatic examples toprove the validity of Equation (2), let us explain how thefunctional relationship introduced in Equation (1) can bederived. Let us consider arrows connecting the differentspaces depicted in Figure 1. As it can be noticed, all ofthem point to the OSN. By exploiting its central role,it could be possible to create “paths” from a layer toanother. The type and the number of paths characterizethe functional relationship denoted as f(·). Such conceptis graphically depicted in Figure 2.

Let us denote with S an attack that can be performedwith the current knowledge of a given space (e.g., theattacker has an exploit), while with T we identify anaction that the attacker is not able to do. Thus, theattacker, by using the OSN, can shift to a space toanother, i.e., he/she constructs a path from S to T .

To clarify such concept, we introduce the followingtoy example. Let us assume that an attacker wants to

!"#$%%&'()#%

&*)+(,%%&'()#%

-#)./*,*0+)(,%%&'()#%

&%

-%

Figure 2 The security space generated by the differentcomponent of an OSN and how it can beexploited.

gain access to the account of an OSN user (i.e., thisis the target outcome T ). Forcing a real-deployed OSNcould require a non-trivial knowledge, and it could beunfeasible for the average attacker. However (at leastfrom a theoretical point of view), he/she could:

1. check if the victim’s profile has some publiclyavailable information through an OSN, for instancethe email address;

2. he/she can investigate if the provider has someknown weaknesses, or a legacy user/passwordrecovery procedure. For the sake of the example,let us assume that a mechanism based on a “secretquestion” is used, and the answer can be foundwithin the user profile in the OSN;

3. by performing an identity theft attack, or creatingan ad-hoc fake profile, the attacker can become“friend” of the victim. Thus he/she can dig tohis/her personal details and find the answer tothe secret question. This step can be simple, sincemany users do allow strangers to access theirpersonal information (Newk-Fon et al., 2008);

4. the attacker can violate the email. Then, sincemany OSN require an email account for thelogins, the registration email could be found in themailbox. Also, many OSNs send new credentialsvia email at each password change/restore.Additionally, attacks such as the social phishing(Jugatic et al., 2007) can be directly exploited byusing the gathered personal information;

5. the attacker can log into the victim’s profilewithout any technological knowledge.

The proposed example explains how an attackercan “move” from a space to another, resulting intomore chances and methods. Also, it underlines thatthe OSN provider does not have a direct bug orexploitable features. Other possible approaches canrely on developing well-crafted malicious third party


applications, or using traffic sniffing tools when inpresence of IEEE 802.11 unencrypted accesses to makefurther actions, such as endpoint profiling through Websearch engines, such as Google (Trestian et al., 2008).

2.2 Extension to the multiple profile case

In Section 5.2 we will introduce ad-hoc techniques, suchas those based on multiple profiles fusion, to combineCss belonging to different OSNs. Therefore, we want toextended the model presented in Equation (1) for such acase. Put briefly, a user can participate on different OSNservices. Upon identified, it would be possible to movefrom a space to another, i.e.,

|Css| =N∑

i=1

|Ciss| (3)

where, Ciss is the OSN Combined Security Space

of the i-th service, and N is the number of OSNswhere the same user has been identified. The modelpresented in Equation (3) also gives some idea on how todevelop possible countermeasures against space merging.For instance:

• reducing the number of hazards for eachOSN by acting on each specific space, aswell as in its implementation, i.e., min(f(·)i),min(|U i

s|), min(|Sis|), min(|T i

s |), for i = 1, . . . , N .This can be done through optimizing theOSN architecture, for instance in terms ofprivacy management (thus acting over f(·)i)), orimproving the implementation of client-interfaces(therefore reducing |U i

s|);

• increasing the degree of decoupling of the spaceswithin a given OSN as to reduce paths, i.e.,reducing the possibility of having a space like theone depicted in Figure 2. This divide et imperastrategy should be at the basis of a good design ofany OSN service;

• reducing the chances of identifying the same usersin different OSNs, then decoupling the spaces tobe adopted, i.e., having Equation (3) not validanymore since the number of Ci

ss is reduced, i.e.,N ;

• applying simultaneously all the previousapproaches.

3 Issues of the Technological Space

In this section we discuss specific issues affecting thetechnological space identified in Section 2. For the sakeof brevity, we will concentrate on Web technologiesand issues related to the network. In fact, despiteengineering and design differences, about the totality ofOSNs are essentially Web applications. Therefore they

potentially suffer from a huge set of vulnerabilities thatare intrinsically related to the current model of the Web(James et al., 2001).

Such vulnerabilities, should be properly correctedwith the single-OSN level of granularity, to avoid attacksaimed at compromising the security of the entire service.This can happen at different levels, thus affectingdata privacy, confidentiality and application availability,just to cite some. Then, we showcase the most riskyvulnerabilities that can impact over a general Webapplication. To complete the picture, we also introducesome possible hazards due to the specific traffic patternsproduced by Web-based OSN services.

3.1 The OWASP top–ten vulnerabilities

The Open Web Application Security Projects (OWASP)(Open Web Application Security Project) defines a setof ten top-risky vulnerabilities for Web applications,updated every year. The most recent list is composed bythe following vulnerabilities:

1. Injection. Injection flaws, such as Structured QueryLanguage (SQL) and Lightweight Directory AccessProtocol (LDAP) injections, occur when untrusteddata is sent to an interpreter as part of a commandor a query. The attacker’s hostile data can trickthe interpreter forcing the execution of unintendedcommands or accessing unauthorized data.

2. Cross-Site Scripting (XSS). XSS flaws occurwhenever an application sends untrusted data to auser without proper validation and escaping. XSSallows attackers to execute scripts in the victim’sbrowser, which can hijack a sessions, or redirectthe browser to malicious sites.

3. Broken Authentication and Session Management.Application functionalities related toauthentication and session management are oftennot correctly implemented, allowing attackers tocompromise passwords, keys, session tokens, orexploit other flaws to assume identities arbitrarily.

4. Insecure Direct Object Reference. A direct objectreference occurs when a developer exposes areference to an internal implementation object,such as a file, a directory, or a database key.Without proper checks attackers can manipulatethese references to access unauthorized data.

5. Cross-Site Request Forgery (XSRF). A XSRFattack forces a logged-on victim’s browser tosend a forged HTTP request, including thevictim’s session cookie and any other automaticallyincluded authentication information. This allowsthe attacker to generate requests appearing aslegitimate.

6. Security Misconfiguration. Good security practicesrequire having a proper configurations defined


and deployed for the application, frameworks,application server, web server, database server,and platform. All these settings should be defined,implemented, and maintained, since many productare not shipped with secure defaults. This caninclude the constant update of all software.

7. Insecure Cryptographic Storage. Many Webapplications do not use appropriate encryptionor hashing to protect sensitive data, such ascredit cards, Social Security Numbers (SSN)and authentication credentials, with appropriateencryption or hashing. These can be retrieved byan attacker to conduct identity theft, credit cardfraud, or other crimes.

8. Failure to Restrict URL Access. Many Webapplications check the Uniform Resource Locator(URL) access rights only just before renderingprotected links and buttons. However, applicationsneed to perform similar access control checks eachtime these pages are accessed, or attackers will beable to forge URLs to access these hidden pagesanyway.

9. Insufficient Transport Layer Protection.Applications frequently fail to authenticate,encrypt, and protect the confidentiality andintegrity of sensitive network traffic. However,they sometimes support weak algorithms, usecertificates that are expired or invalid, or do notuse them correctly.

10. Unvalidated Redirect and Forwards. Webapplications frequently redirect users to otherpages and websites, and use untrusted data todetermine the destination pages. Without propervalidation, attackers can redirect victims tophishing or malware sites.

An important remark is that OWASP vulnerabilitiescan be easily automated, e.g., via scripts. Therefore, itis very important to properly protect the technologicalspace since it is largely overlapped with the Web.

*****In Section 6 we will propose a practical modelto systematically exploit such features.

We underline that the service provider mustadopt suited systems such as, storage security toprotect data and information, access management andIntrusion Detection Systems (IDS) for avoiding externalattacks. As regards internal security, proper sandbox-likemechanisms should be used for third party applicationsand to avoid unauthorized access from the inside.

3.2 HTTP traffic issues

The traffic produced by OSN applications exhibit well-defined characteristics, which can be exploited fordifferent malicious actions. Even if anachronistic, one ofthe major risks is still due to the adoption of HTTPinstead of HTTPS for moving data among clients and

servers. As a consequence, information gathering can bestraightforward. However, traffic sniffing is not alwaysa simple task. For instance, capturing packets froma Digital Subscriber Loop (DSL) is harder than inwireless accesses (e.g., the IEEE 802.11). Nevertheless,the joint adoption of HTTP over non-protected (orweakly protected accesses, such as those employingWEP) channels dramatically eases operations aiming attraffic sniffing. In this perspective, having standard tools,such as Wireshark (Wireshark, 2011) or tcpdump cansuffice.

When traffic is not encrypted, attackers can capitalizethe flaws that OSNs inherit from the WWW. In fact,OSN applications are mostly accessed through Webbrowsers, thus having HTML a as core component,i.e., the Web page is the basic building block. Thisalso happens when using other client-interfaces, usuallyimplementing Web-views to speed-up the developmentcycle and to avoid different server-side implementations.Typically, a Web page is composed by several objects,which have to be retrieved to compose it entirely. Twotypes of objects exist: the main object (containing theHTML source) and in-line object(s), i.e., those linkedwithin the hypertext. Therefore, it is possible to gatherall the objects composing the pages sent by the OSNto a given user. This can be used to reconstruct thenetwork of individuals, the exchanged text, as well as toexamine each in-line object (e.g., to see pictures). As adrawback, by inspecting a user traffic is then possible togain access to “private” material. For instance, a usercan have privacy settings preventing strangers to seehis/her profile pictures. However, when a friend accessesto his/her profile, data can be captured. This usuallyguarantees to easily gather enough information to mimicother users profiles or to perform identity theft actions.

Also HTTP encrypted traffic has exploitable features.Actually, SN applications are characterized by well-defined traffic patterns, especially in terms of throughput(see, e.g., Caviglione (2009) for a general investigationof many Web 2.0 services delivered through satelliteenvironments). This is mainly due to the continuousand regular “polling” performed by in-line objectsimplementing ad-hoc scripts to update in a nearly real-time manner pages, such as, to sync widgets or todeliver Instant Message (IM) notifications. Widespreadapproaches are AJAX and Comet, where a long-heldHTTP connection enables the Web server to push datato the browser, without the need of additional HTTPrequests. Therefore, such elements trigger data transfersvia HTTP/TCP as well as additional or long-lastingconnections******. Such a repetitive behavior can berevealed by calculating the Power Spectral Density(PSD) of the traffic trace. Then, this sort of “fingerprint”can be used to reveal OSN-related activities withinencrypted flows, and can be used to perform well-definedattacks, also aided by social engineering approaches. Forinstance, upon becoming aware a user is online, it couldbe possible to perform malicious actions such as bullying,


or Denial of Service attacks to the target machine (sinceconversation endpoints are usually not encrypted).

3.3 Network security hierarchy at-large

Figure 3 suggests the typical network security hierarchythat should be adopted in OSN services, also listingpotential “in the middle” intermediaries.

SN `

Applications

SN `

SOAP

SN `

HTTP

SN `

TLS/SSL

SN `

LOWER LEVELS

HTTP Auth

SN `

SOAP

SN `

HTTP

SN `

TLS/SSL

SN `

LOWER LEVELS

WS-S

SSL

IP SEC

HTTP Auth SN `

HTTP

SN `

TLS/SSL

SN `

LOWER LEVELS

Web Services Security

SSL

IP SEC

HTTP Authentication

SN `

TLS/SSL

SN `

LOWER LEVELS

SSL

IP SEC SN `

LOWER LEVELS

SSL

IP SEC

SN `

Applications

SN `

SOAP

SN `

HTTP

SN `

TLS/SSL

SN `

LOWER LEVELS

Application Security

IP SEC

CLIENT SERVER SOAP ENDPOINT

HTTP ENDPOINT

SSL ENDPOINT

IP ENDPOINT

Figure 3 The suggested network security hierarchyadopted in OSN services.

Depending on the specific security solutions, propermechanisms can be implemented at different layers ofthe ISO/OSI protocol stack. Dotted lines indicate thatsecure communications can be absent at that level. Thetypical interaction workflow is:

• the client application can add security directly tothe content of the message;

• Web Service gateway can add Web Service Security(WSS) to the system;

• Web Services gateway may allow the WSS headerto flow and might add other security;

• Secure Socket Layer (SSL) processor or HTTPProxy might switch to SSL;

• security is delegated to the network via IP Security(IPSec) (if any).

However, even in presence of a full-featured securityhierarchy, other spaces can be used to make maliciousactions and to make ineffective network-orientedcountermeasures.

4 Issues of the User Space

In this section we consider issues related to the userspace, identifying unwary behaviors of the users thatcould potentially engender insecurity in all of the otherspaces. Specifically we will take into account a set ofactions made by end users, which enables to “reach”other spaces as depicted in Figure 2.

4.1 User-to-OSN interaction

To better understand issues related to the user space,we describe interactions among OSN sites and typicalservice consumers, e.g., from Web browser to third partyapplications. The main interactions can be grouped asfollows:

1. Users directly interact with OSNs through the Webbrowser, as well as from the official client-interfacesif available. In both cases, users can access fromdifferent devices and/or network locations. To copewith such usage paradigm personalized settings areusually adopted, to prevent from re-authenticating(e.g., by typing username and password) each time.Such an insecure behavior is also supported bythe OSN infrastructure that does not take anycorrective actions when multiple sessions are openconcurrently.

2. Users access the OSN from “mediating” entities,which mix data to build enriched contents viamash-up. To enable such features, read/writepermissions should be granted by the users tothe third party applications. This allows machine-to-machine communications by means of ad-hocAPIs. With an application-level of granularity,the access privileges can be requested at differentlevels (i.e., to inspect personal information, or tomodify the user’s profile). As a result, applicationstransparently act on behalf the user. This can leadto scam applications, which can leak data or resultinto very powerful hacking tools, especially whencombined with social phishing, or suggested by(posing) trusted contacts.

3. Users or applications use the OSN as a “dataprovider”. This service is not offered by all theOSNs, but is becoming very diffuse. In this case,the OSN makes public portions of its knowledge viaspecific APIs as a snapshot of the social attitudesand relationships of an user. Popular mechanismsare, for instance, Social Graph for Google andOpengraph for Facebook. As it will be discussedin Section 5.2, we guess how this feature canbe employed to draw information about multiplenodes, to reveal connections and attacks aimed atendangering users’ privacy.

From a more technical point of view, Figure 4shows how the aforementioned interactions happenthrough a reference architecture. Also it depicts relevantinformation flows of the “authorization chain” typicallydeployed in an OSN.

4.2 Device space issues

The availability of powerful and cost effective appliances,jointly with the cultural explosion of OSN applications,


Figure 4 Reference architecture of and relevantinformation flows of the “authorization chain”typically deployed in an OSN.

modify the attitude of many users when utilizing theInternet. Besides, the ever-growing adoption of mobiledevices, reflects in many people accessing OSN servicesfrom their personal devices while “on the road”. Thiscan impact on many aspects related to their security andprivacy.

Firstly, devices such as smart phones and tablets,enable the continuous interaction also hiding andautomating authentication mechanism and dataexchanges. In particular, due to their “very personal”nature, this machineries lower the level of carefulnessof their users, while increasing attention from manyattackers (Leavitt, 2011).

In addition, devices able to access OSNs, may alsohave limited capabilities (both in terms of CPU andpower resources) as well as incomplete or flawed protocolimplementations. Therefore, by recognizing an endpointproducing traffic for OSN activities (e.g., by using thesignature approach discussed in Section 3.2), it can beattacked. If the target host is a mobile device or a gamingconsole, traffic flooding attacks (such as ping flooding)can lead to a quick battery-drain, crash or intermittentconnectivity (Caviglione et al., 2011).

Moreover, stack vulnerabilities are often well-documented, thus it could be possible to send well-formatted packets to crash the victim’s appliance. Thisis even true for many TVs or set-top boxes offeringaccess to the Internet without the worrying to implementa proper degree of sophistication of the protocol stack(Brentham, 2002).

4.3 Personal space issues

As discussed, devices usually store access credentialsto OSN permanently. Thus, the first security weaknessis a physical one, related with the risk of leaving themachinery unattended.

The adoption of HTTPS has been already discussedin Section 3.2. However, users can decide to by-passits adoption, when this is a requirement imposed

by third party applications. Hence, it is possible todevelop applications asking for HTTP connectivity, thenallowing to perform attacks based on traffic inspection.

An additional security breach can be caused bythe trustful use of harmful applications that somebody(many times a “friend”) has recommended (Stajano &Wilson, 2011). Many malware software spread this way.Especially: i) according to a “chain-letter” mechanism,people sends suggestions to their contacts, with detailedinformation on some software to install (e.g., byproviding URLs); ii) by using fake profiles, crafted viaidentity theft techniques (as it will discussed in detail inSection 5).

5 Social space issues

Since OSNs are made for sharing a wide variety ofpersonal information, this can lead to the empowermentof common social engineering tricks and to theirsuccessful application with the aim of performingmalicious actions. Also, the concept of privacy protectionsomehow clashes with the main objective of an OSN,which is sharing (personal) information with the aimof creating communities and relationships, as well asmaintaining and reinforcing personal contacts. Despitethe presence of many possible “security-settings”, usersshould understand that they are the only responsible oftheir information.

Therefore, in this section we will discuss issues relatedto privacy rather than security (Rosenblum, 2007).

5.1 Data gathering for social engineering

One of the most relevant aspects of the privacymanagement in OSNs considers the refinement ofsocial engineering techniques, which can overtake anysoftware/hardware countermeasure. This approach isfurther empowered by the encouragement in sharingpersonal information made by OSNs. The more detailedthe information is, the more efficient the social platformshould behave. In addition, when publishing plain text,videos or pictures (e.g., when updating a status onFacebook or posting a message on Twitter) one is alsorequested to add the geographical position to routeinteresting updates to potential neighbors.

Social engineers can greatly benefit from such ahuge amount of information and data publicly availablewithin OSNs. For instance (Huber et al., 2009) proposethe use of a bot to automate the operations ofinformation gathering, which are a prerequisite for socialengineering attacks. Interestingly, the used softwareagent was not detected or blocked by the OSNsite “attacked” during the experiments. This is dueto the fact that the relevant security measures areprimarily concerned with unsolicited bulk messagesand not against software entities behaving like normalusers. Generally speaking, given the high percentage ofusers connected participating in OSN activities, it is


easy to gather information about persons, even in anautomated manner, with batch procedures, through Webspiders (Gupta & Johari, 2009) and agents (Bodorik &Jutla, 2008).

5.2 Multiple profile fusion

As said, the scenario of OSNs is highly specialized, thusthe average users has, usually, more than one account tojoin different services. As an example, let us consider auser having the same username in two different OSNs.

Then, a possible attack is based on profile fusion,which aims at matching common user’s informationfrom different OSNs. In a recent research (Iraniet al., 2011), this problem has been outlined as the“unintended personal-information leakage”. For a betterunderstanding and quantification, a specific indicatorhas been defined, called the social footprint. Put briefly,it measures the personal information that a specific usermakes available online. In this way, by using data fromdifferent OSNs a kind of super-identity can be built.The latter originates from the matching and mergingof different user profiles (even with different usernames)based on common information, localization, friends andrelationships. As a consequence, traditional attacks, suchas physical identification and password recovery, couldbecome trivial.

Using different identifiers (IDs) for each OSN isa commonly adopted strategy to maintain anonymity.However, it may be not sufficient (e.g., if explicit linksare present through the different OSNs). The actualtrend is using shared accounts over the Web, as toguarantee a seamless access to different applications,services and OSNs. Hence, profiles created for a given siteare commonly used as credentials for some other services(e.g., the ubiquitous “Sign-In with Facebook” button orthe “Google Account”, which is used by multiple servicessuch as YouTube, as well as the “Yahoo! Account”,used by Flickr). To allow such cross-site operations,the OAuth protocol is used to manage identities acrossservices (Leiba, 2012), which can become ineffectivewithin public or shared wireless connections.

A unified identity is the first steps towards the modelof the social Web envisaged by the W3C, as hinted inSection 1. To this aim, different projects exist, suchas ping.fm, UniqueID or Gravatar, which automaticallyrecognize a user’s identity when, e.g., by using cookies.A more ambitious project is the FOAF+SSL WebIDprotocol (WebID Incubator Group, 2012), which is thesecure authentication protocol defined by the W3CWebID Incubator Group, to enable the building ofdistributed, open, and secure social networks, accordingto the model of the Social Web.

However, unifying users’ identities could make profilefusion easier. In this case, also anonymizing data couldbe not sufficient, especially due to the availability ofmachine-to-machine data structures, (as discussed inSection 4.1) makes the “deanonymization” of OSN data

very simple (Narayanan & Shmatikov (2009) show acomprehensive experiment on data denonymization).

5.3 Identity theft

Techniques discussed so far give to attacker the toolsfor i) gathering information about real persons and ii)building own profiles and perform identity theft. Thisallows to take advantages of the trust given by theOSN neighbors, to launch malicious actions. Identitytheft successfulness is based on the trust relationship,which makes malicious actions considered as reliable.This kind of attack is also performed through cloningattacks (Bilge et al., 2009), i.e., the aim is to accessthe contacts of a chosen victim, based on the premisethat “users are generally not cautious when acceptingfriend requests”. We underline that the same techniquesused to perform attacks can be exploited to counteractmalicious behaviors, as in Stringhini et al. (2010),where accounts used by spammers were automaticallyidentified and violations were reported to the OSNadministrator (i.e, Twitter and Facebook in their work)who deleted thousands of spamming profiles. Lastly, anexample of code needed to build applications devoted tofind security holes in machines exploiting identity theftis available in Patsakis et al. (2009).

6 Impact of Social Network Flaws

In this section we analyze how a malicious user canexploit vulnerabilities related to technological, user andsocial spaces by simply belonging to the OSN and legallyoperating on the OSN model. To this aim, we introducea simple model, describing the logical organization of anOSN.

6.1 A graph model for OSNs

From a general perspective, each OSN can be seen asa set of associations between users (mapping physicalusers) and social objects, such as messages, posts,photos, movies and so on. The social background of anOSN is given by the set of all associations of i) users-to-users (i.e., friendship), ii) users-to-objects (i.e., tagging),and iii) objects-to-objects (i.e., posting). Any object isexpected to be related to at least one user (the owner)as well as each user is expected to be related to at leastone object (i.e., the personal profile).

In this scenario, users can relate themselves to objectsand perform operations involving other members of thesocial network, such as associating other users to objects,under given constraints (e.g., friendships). Users canalso remove such associations. We underline that, toenable the possible interactions and mutual permissions,privacy and security policies may be different from OSNto OSN but investigating such differences is out of thescope of the paper.


What we present is an informal model, which hasbeen designed as an abstraction of the functionalitiesoffered both by Facebook and Google+. At the sametime it should be regarded as reference point in theOSN landscape. The model allows representing theassociations arranged in a graph. Associations and,accordingly, the graph, can be modified upon theexecution of valid operations performed by users. Foreach OSN a specific set of operations is defined, then theuser is allowed to execute them under proper constraints.The successful achievement of a given action reflects ina modification of the status of the graph.

Given U as the set of users of the OSN, and O theset of the objects, we define four basic relations:

• Friendship (u1, u2). It defines a friendshiprelation between two users.

• Owner(u, o). It states that user u is the owner(i.e., the builder) of object o.

• Assignment(u, o). It states that user u is relatedto object o, as a result of a linking operationperformed by himself or other users (i.e., friends).

• Connection(o1, o2). It states that two objectsare related due to operations made by theirrespective owners.

Obviously, each object may be built and destroyed bya user as well as each user can delete a previouslyestablished friendship relation.

Typical operations in an OSN can be defined on topof the previous relations. With reference to their commonmeaning and using a Prolog-like syntax, we define thefollowing operations:

• ChatMessage(u1, o, u2) :- Owner(u1, o),Friendship(u1, u2). The sending of private chatmessage, allowed exclusively between friends.

• Message(u1, o, UList) :- Owner(u1, o).Sending of a public message to friend and nonfriend users.

• Update(u, o):-Owner(u,o). Updating the statusof an object (e.g., profile).

• Posting(u, o1, o2) :- Owner(u, o1),Owner(u2, o2), Friendship(u1,u2). Posting anobject o1 (e.g., a photo) on another object o2 (e.g.,the wall of another user).

• Tagging(u1o, u2) :- Owner(u1, o),Friendship(u1, u2). Tagging a user u2 on anobject o belonging to user u1.

Such relations may be represented on a graph asdepicted in Figure 5.

U1 O1

U2

Friendship

Association

Ownership

U1 O1

U2

Friendship

Ownership

O2

Ownership

Connection

U1 O1

U2

Association

Ownership

U4U3

Friendship

Association

Association Message

Posting

Tagging

U1 O1Ownership

Update

U1 O1

OwnershipU2

Association

ChatMessage

Update

Figure 5 Graph modeling of basic OSN operations.

Each operation modifies the state of the graph into anew state. Figure 6 shows a sample graph representingi) a chat message from u1 to u2, ii) a tagging of user u2

on o1 performed by u1, iii) a posting of o2 on o3, andiv) a message involving users u2, u3 and u4.

U1 O1

U2

Friendship Connection/Posting

Ownership

O2

Ownership

Association/Tagging

Update

O3

Ownership

Association/chatMessage

U3

Friendship

O3 U4

Association/Message

Association/MessageOwnership

Figure 6 An example of an OSN graph.

The presented model and the related operations limitthe impact of each user on the graph. In particular:

• users may only modify the graphs by invokingoperations, which are subject to constraints (i.e.,


the right hand side of each operation). Forinstance, by default a user u1 cannot force a useru2 to add u3 as a friend;

• users have a limited impact on the graph, accessingobjects they own or they are associated with,accordingly to the operational constraints;

• users have a limited view of the graph.

We show here how a malicious user can combine andexploit threats and vulnerabilities in the technological,user and social spaces to overcome such limitationswithout violating the model.

6.2 Technological, user and social spaces threats

From a general point of view, the previous modelallows the building of graph as a result of operationsexclusively performed by the set of users. Thus, theuser is de facto the main vulnerability point in anOSN. Therefore, forcing the user to perform unwantedactions is the most straightforward way for a malicioususer to build unwanted friendship relations, associationsand connections. This leads to OSN graphs, which arestill valid but do not reflect real social connectionsbetween users, thus allowing malicious ones to violateboth privacy and security.

In our model, objects are connection points betweenusers. Thus, objects correspond to vulnerability pointsthat can be exploited to force legal users to modify theirsocial connections, by inadvertently execute operations.

Objects may be target of threats belonging to allthree spaces we analyzed in the previous sections.

6.2.1 Technological space

Currently, OSNs implement objects as HTML elements,since OSNs are Web applications. Thus, all objectsmay potentially convey some OWASP vulnerabilitieslike XSS, or SQL injection if proper checks atimplementation level are not performed. For instance,with reference to the graph in Figure 6, let us supposethat malicious user u2 aims at stealing u1 session cookieby sending a chat message to u1. User u2 may embeda JavaScript (JS) code, forwarding the cookie of u1 toan external server, performing a XSS attack. In fact, thebrowser of u1 automatically executes the JS code as soonas the user accesses to the message. Besides, u2 is grantedto receive the right cookie (i.e., the one granting theaccess to the OSN) since only authenticated users canaccess to messages. The success of the previous attackmay lead u2 to be recognized as u1 and perform legaloperations on the graph in his stead, like updating u1

profile, as shown in Figure 7.

In general, vulnerabilities and threats of technologicalspace are mandatory in order to exploit weakness typicalof user and social space.

U1 O1

U1

FriendshipConnection/Posting

Ownership

O2Ownership

Association/Tagging

Update

O3

Ownership


U3

Friendship

O3 U4

Association/Message


Ownership

Update

Figure 7 Impact of a successful XSS attack.

6.2.2 User space

User space vulnerabilities are mostly due to the OSNsupport to multiple connections enabling the sameuser to be contemporary connected to OSN througha desktop PC, a mobile device and a game console,just to cite some. Such an approach inevitably opensthe OSN to threats that are typical of mobile devices,which generally keeps the user indefinitely logged. Withreference to to the OWASP vulnerabilities, this scenariois a more fertile ground for XSRF attacks than otherWeb applications. For instance, let us consider a mobiledevice used by user u4 to connect to the OSN. Let usalso suppose that malicious user u2 gets to know the cellnumber of u4 by analyzing his public profile and aims toforce u4 to inadvertently add him as a friend. Since thecommand request for adding a friend is publicly availableto OSN application developers, u2 may send an MMS,an SMS or an email, which embeds a link containing an“add friend” command to u4. If u4 goes through the link,the operation is executed without any interaction withthe user, due to the fact that the session is open andOSN applications do not require re-authentication. As aresult, a valid “add friend” operation is executed by u4,as depicted in Figure 8.

Note that in this case, there is no identity theft as inthe previous case. The actual user u4 performs the “addfriend” operation.

6.2.3 Social space

Broken Authentication attacks are aimed at retrievingcredentials of a legal user in order to impersonate him.Also in this case, OSNs simplify the successful executionof such attack, due to the high number of informationavailable that can be retrieved by malicious users, simplyexecuting suitable operations on the OSN graph. Oneof the typical ways to retrieve a user’s credential is touse a password retrieval service (offered by each OSN),


U1 O1

U2


Ownership

O2

Ownership

Association/Tagging

Update

O3

Ownership


U3

Friendship

O3 U4

Association/Message


Friendship

Figure 8 Impact of a successful XSRF attack.

where a user is challenged on secret information (e.g.,the mother’s maid name) that, once retrieved, allowsthe user to change his credentials. A malicious usermay try to discover users on the network and to accesspassword retrieval as those users. This can be obtained,for instance, by posting appealing objects on friends’wall. Such objects may act as a sort of honeypot, takingfriends to tag other users as depicted in Figure 9, whereu3 is the malicious user and u2 tags his friend u1.

U1 O1

U2


Ownership

O2

Ownership

Association/Tagging

Update

U3

Friendship

O3 U4

Association/Message


O4

Ownership

Association/Tagging

Association/Tagging

Figure 9 Information retrieval for Broken Authenticationattack.

Once a malicious user gets information on otherusers, he may try to access password retrieval servicein her stead (such service is offered, by definition, tounauthenticated users), discovering the secret question.Thus, he can try to find out whether such informationare publicly available on user profile.

In all the three kind of attacks, graph is transformedthrough valid operations, making very hard the discoveryof malicious behaviors by the OSN. In fact, OSN maycheck for anomalous patterns (e.g., a high number of

posting/tagging from the same user in a short period oftime) but it is powerless against low-profile and sparseattacks. Besides, due to the high number of operationsthat are averagely executed on an OSN, it is hard fora generic user to be aware of forced and unwantedoperations like those explained in this section.

7 Conclusions and Future Work

In this paper we investigated several security issuesaffecting SN applications. Specifically, we addressedhazards spawned by the adoption of Web technologies,possible exploits observable from traffic patterns, as wellas security issues. Future works aim at enlarging thisstudy, also by taking into account commercial availableservices.

References

Bilge, L., Strufe, T., Balzarotti, D. and Kirda, E. (2009) “All

your contacts are belong to us: automated identity theft

attacks on social networks”, Proceedings of the 18th

international conference on World wide web (WWW

’09), 2009, ACM, New York, NY, USA, pp. 551-560.

Bodorik, P. and Jutla, D. (2008) “Privacy with Web Services:

Intelligence Gathering and Enforcement, International

Conference on Web Intelligence and Intelligent Agent

Technology, 2008. WI-IAT ’08. IEEE/WIC/ACM, Vol.

3, pp. 546-549, 9-12 Dec. 2008.

Brentham, J. (2002) TCP/IP Lean (Web Servers for

Embedded Systems), 2nd ed., CMPBooks.

Caviglione, L. (2009) “Can Satellites Face Trends? The Case

of Web 2.0,” International Workshop on Satellite and

Space Communications (IWSSC ’09), Siena, Italy, Sept.

2009.

Caviglione, L. (2011), “Extending HTTP Models to Web

2.0 Applications: The Case of Social Networks”, Fourth

IEEE International Conference on Utility and Cloud

Computing (UCC), pp. 361-365, Dec. 2011.

Caviglione, L. and Coccoli, M. (2011), “Privacy problems

with Web 2.0, Computer Fraud and Security, pp. 16-19,

Oct. 2011, Elsevier.

Caviglione, L., Alessio, M. and Migliardi, M. (2011) “What

is Green Security?”, 7th International Conference on

Information Assurance and Security (IAS), pp. 366-371,

Dec. 2011.

Criscione, C., Salvaneschi, G., Maggi, F. and Zanero,

S. (2009) “Integrated Detection of Attacks Against

Browsers, Web Applications and Databases”, European

Conference on Computer Network Defense (EC2ND),

pp. 37-45, Nov. 2009.

Esfahani, N. and Malek, S. (2010) “Social computing

networks: a new paradigm for engineering self-adaptive

pervasive software systems”, 2010 ACM/IEEE 32nd

International Conference on Software Engineering, vol

.2, pp. 159-162, May 2010.


Gupta, P. and Johari, K. (2009) “Implementation of Web

Crawler,” 2nd International Conference on Emerging

Trends in Engineering and Technology (ICETET), 2009,

pp. 838-843, 16-18 Dec. 2009.

Haifeng, Yu, Gibbons, P.B., Kaminsky, M., Feng Xiao (2010)

“SybilLimit: A Near-Optimal Social Network Defense

Against Sybil Attacks”, IEEE/ACM Transactions on

Networking, Vol. 18, No. 3, pp.885-898.

Hongyu, G., Jun, H., Tuo, H., Jingnan, W., Yan, C. (2011)

“Security Issues in Online Social Networks”, IEEE

Internet Computing, Vol. 15, No. 4, pp. 56-63.

Honjo, M., Hasegawa, T., Hasegawa, T., Mishima, K., Suda,

T., Yoshida, T., (2011) “A Framework to Identify

Relationships among Students in School Bullying

Using Digital Communication Media”, IEEE Third

International Conference on Privacy, Security, Risk

and Trust (PASSAT), and IEEE Third International

Conference on Social Computing (SocialCom), pp. 1474-

1479, Oct. 2011.

Hu, C.-L., Cho, C.-A., Lin C.-J. and Fan C.-W (2010),

“Design of mobile group communication system in

ubiquitous communication network”, IEEE Transactions

on Consumer Electronics, Vol. 56, No. 1, pp. 88-96, Feb.

2010.

Huber, M., Kowalski, S., Nohlberg, M.. Tjoa, S (2009)

“Towards Automating Social Engineering Using Social

Networking Sites”, Proceedings of the International

Conference on Computational Science and Engineering

(CSE ’09), 2009, Vol. 3, pp. 117-124.

Irani, D., Webb, S., Pu, C. and Li, K. (2011) “Modeling

Unintended Personal-Information Leakage from Multiple

Online Social Networks, IEEE Internet Computing, Vol.

15, No. 3, pp. 13-19.

Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.

(2007) “Social phishing”, Communications of the ACM,

Vol. 50, No. 10.

James, B.D., Walid, G. A., Ghafoor, A.,and Spafford, E.

H. (2001) “Security models for web-based applications,

Communications of the ACM, Vol. 44, No.2, Feb. 2001.

Jun, X., Wooyong, L. (2003) ”Sustaining availability of Web

services under distributed denial of service attacks”,

IEEE Transactions on Computers, Vol. 52, No. 2, pp.

195-208, Feb. 2003.

Krishnamurthy, B. and Wills, C. (2009) “On the

leakage of personally identifiable information via online

social networks”, In Proceedings of the 2nd ACM

Sigcomm Workshop on Online Social Networks (WOSN),

Barcelona, Spain, Aug. 2009.

Leavitt, N. (2011) “Mobile Security: Finally a Serious

Problem?”, Computer, Vol. 44, No. 6, pp. 11-14.

Leiba, B. (2012) “OAuth Web Authorization Protocol”,

Internet Computing, IEEE, Vol.16, No.1, pp. 74-77.

Narayanan, A. and Shmatikov, V. (2009) “De-Anonymizing

Social Networks,” IEEE 30th Symposium on Security

and Privacy, Oakland, CA, USA, May 2009, pp. 173-187.

Newk-Fon, H.T., Dell, W. and Venable, J.R. (2008),

“Understanding Information Disclosure Behaviour in

Australian Facebook Users”, the 19th Australasian

Conference on Information Systems (ACIS) 2008,

Christchurch, New Zealand, Dec. 2008.

Ochoa, A. Ponce, J., Jaramillo, R., Ornelas, F., Hernandez,

A., Azpeitia, D., Elias, A. and Hernandez, A.

(2011) “Analysis of Cyber-bullying in a virtual social

networking”, 11th International Conference on Hybrid

Intelligent Systems (HIS), pp. 229-234, Dec. 2011.

Patsakis, C., Asthenidis, A. and Chatzidimitriou, A. (2009)

“Social Networks as an Attack Platform: Facebook

Case Study”, Proceedings of the IEEE 8th International

Conference on Networks, Gosier, France, March 2009,

pp. 245-247.

Raad, E., Chbeir, R. and Dipanda, A. (2010) “User

Profile Matching in Social Networks”, 13th International

Conference on Network-Based Information Systems

(NBiS), pp. 297-304, Sept. 2010.

Rao, T. and Nagpal, S. (2011) “Real-time geo influence

in social networks”, 3rd International Conference on

Electronics Computer Technology (ICECT), pp. 246-

250, April 2011.

Rosenblum, D. (2007) “What Anyone Can Know: The

Privacy Risks of Social Networking Sites” Security &

Privacy, IEEE, Vol. 5, No. 3, pp.40-49.

Ruiz Vicente, C., Freni, D., Bettini, C. and Jensen,

C.S. (2011) “Location-Related Privacy in Geo-Social

Networks”, IEEE Internet Computing, Vol.15, No.3, pp.

20-27, May-June 2011.

Siddiqui, M.S. and Verma, D. (2011) “Cross site request

forgery: A common web application weakness”, IEEE 3rd

International Conference on Communication Software

and Networks (ICCSN), pp. 538-543, May 2011.

Social Web Incubator Group, available on-line:

http://www.w3.org/2005/Incubator/socialweb/XGR-

socialweb-20101206/ [Last Accessed Oct. 2011].

Stajano F., Wilson P. (2011) “Understanding Scam Victims:

Seven Principles for Systems Security”, Communications

of the ACM, Vol. 54, No. 3, pp. 70-75.

Stringhini, G., Kruegel, C. and Vigna, G. (2010) “Detecting

spammers on social networks”, Proceedings of the 26th

Annual Computer Security Applications Conference

(ACSAC ’10). ACM, New York, NY, USA, pp. 1-9, 2010.

The Open Web Application Security Project Homepage,

available on-line: http://www.owasp.org [Last Accessed

Oct. 2011].

Trestian, I., Ranjan, S., Kuzmanovic, A. and Nucci,

A. (2010), “Googling the Internet: Profiling Internet

Endpoints via the World Wide Web”, IEEE/ACM

Transactions on Networking, Vol. 18, No. 2, pp. 666-679,

April 2010.

Vildjiounaite, E., Makela, S.-M., Lindholm, M., Kyllonen,

V. and Ailisto, H. (2007) “Increasing Security of Mobile

Devices by Decreasing User Effort in Verification”,

Second International Conference on Systems and

Networks Communications, ICSNC 2007, pp. 80-85,

Aug. 2007.

WebID Incubator Group, FOAF+SSL, Developers wiki

available on-line: http://www.w3.org/wiki/Foaf+ssl/

[Last accessed Feb. 2012].

Wireshark, the Worlds Foremost Network Analyzer,

Homepage, available on-line: http://www.wireshark.org/

[Last accessed Feb. 2012].


Wu, B., Chen, J., Wu, J. and Cardei, M. (2007) “A Surveyof Attacks and Countermeasures in Mobile Ad HocNetworks” In Y. Xiao, X. S. Shen and D.-Z. Du (Eds.),Wireless Network Security, pp. 103-135, Springer.

Zhang, D., Guo, B. and Yu, Z., (2011) “The Emergence ofSocial and Community Intelligence”, IEEE Computer,Vol. 44, No. 7, pp. 21-28, July 2011.

A Taxonomy-based Model of Security and Privacy in Online Social ...

Documents

Transcript of A Taxonomy-based Model of Security and Privacy in Online Social ...