Distributed Social Platforms for Confidentiality and Resilience

Social networking sites have deeply changed the perception of the web in the last years. Although the current approach to build social networking systems is to create huge centralized systems owned by a single company, such strategy has many drawbacks, e.g., lack of privacy, lack of anonymity, risks of censorship and operating costs. These issues contrast with some of the main requirements of information systems, including: (i) confidentiality, i.e., the interactions between a user and the system must remain private unless explicitly public; (ii) integrity; (iii) accountability; (iv) availability; (v) identity and anonymity. Moreover, social networking platforms are vulnerable to many kind of attacks: (i) masquerading, which occurs when a user disguises his identity and pretends to be another user; (ii) unauthorized access; (iii) denial of service; (iv) repudiation, which occurs when a user participates in an activity and later claims he did not; (v) eavesdropping; (vi) alteration of data; (vii) copy and replay attacks; and, in general, (viii) attacks making use of social engineering techniques. In order to overcome both the intrinsic defects of centralized systems and the general vulnerabilities of social networking platforms, many different approaches have been proposed, both as federated (i.e., consisting of multiple entities cooperating to provide the service, but usually distinct from users) or peer-to-peer systems (with users directly cooperating to provide the service); in this work the most interesting ones were reviewed. Eventually, the authors present their own approach to create a solid distributed social networking platform consisting in a novel peer-to-peer system that leverages existing, widespread and stable technologies such as distributed hash tables and BitTorrent. The topics considered in detail are: (i) anonymity and resilience to censorship; (ii) authenticatable contents; (iii) semantic interoperability using activity streams and weak semantic data formats for contacts and profiles; and (iv) data availability.

Security and Privacy of Online Social Network Applications

An important recent innovation on social networking sites is the support for plugging in third-party social applications. Together with the ever-growing number of social network users, social applications come with privacy and security risks for those users. While basic mechanisms for isolating applications are well understood, these mechanisms fall short for social-enabled applications. It is an interesting challenge to design and develop application platforms for social networks that enable the necessary functionality of social applications without compromising both users’ security and privacy. This chapter will identify and discuss the current security and privacy problems related to social applications and their platforms. Next, it will zoom in on proposals on how to address those problems.

Access Control Models for Online Social Networks

Access control is one of the crucial aspects in information systems security. Authorizing access to resources is a fundamental process to limit potential privacy violations and protect users. The nature of personal data in online social networks (OSNs) requires a high-level of security and privacy protection. Recently, OSN-specific access control models (ACMs) have been proposed to address the particular structure, functionality and the underlying privacy issues of OSNs. In this survey chapter, the essential aspects of access control and review the fundamental classical ACMs are introduced. The specific OSNs features and review the main categories of OSN-specific ACMs are highlighted. Within each category, the most prominent ACMs and their underlying mechanisms that contribute enhancing privacy of OSNs are surveyed. Toward the end, more advanced issues of access control in OSNs are discussed. Throughout the discussion, different models and highlight open problems are contrasted. Based on these problems, the chapter is concluded by proposing requirements for future ACMs.

A Graph-Based Approach to Model Privacy and Security Issues of Online Social Networks

With millions of users, Online Social Networks (OSNs) are a huge cultural phenomenon. Put briefly, they are characterized by: i) an intrinsic sharing of personal information, ii) a rich set of features to publish, organize and retrieve contents, especially for emphasizing their social organization, iii) the interaction with a heterogeneous set of devices, e.g., ranging from desktops to mobile appliances, and iv) the mix of Web-based paradigms and sophisticated methodologies for processing data. However, if not properly implemented, or without effective security policies, i) – iv) could lead to severe risks in terms both of privacy and security. In this perspective, this chapter analyzes the major peculiarities of OSN platforms, the preferred development methodologies, and usage patterns, also by taking into account how personal information can be exploited to conduct malicious actions. Then, a graph-based modeling approach is introduced to reveal possible attacks, as well as to elaborate the needed countermeasures or (automated) checking procedures.

Identity, Credibility, and Trust in Social Networking Sites

Over recent years, the notions of identity, credibility and trust in digital contexts have been gaining renewed interest from scholars in different fields (from social studies to engineering and computer science), especially for their consequences for privacy and security. Emerging and urgent questions are: What does the management of online personal data entail? How much personal information are we entitled to share with others? What measures do people usually adopt to protect their identity and privacy? Are they always aware of the risks they may run? What consequences may emerge in the long term if cautions are ignored? These are some of the questions that should be addressed by users, experts and scholars engaged with digital environments, especially social networking sites. This chapter focuses on these issues trying to provide a wide overview of the current literature on identity, credibility and trust, and their implications for privacy and security, from the perspective of social and behavioral sciences. Some measures provided by experts on how to protect against the most common security and privacy threats are also outlined.

On Social Network Engineering for Secure Web Data and Services

Online Social Network (OSN) applications are used every day by millions of people, and have impacts on the society, economy and lifestyle. They also accelerate the development, or the adoption, of new technologies, for instance to support new mobile paradigms. Besides, OSNs are an important building block of the Web 2.0, thus offering new services, such as product placement, advertising and user profiling. Hence, OSNs are valuable frameworks, contributing to the technological pool of the Internet itself. Their attitude of shifting an individual life into a digital space makes OSNs interesting targets for attacks, to disclose personal details, and to force human securities through digital insecurities. In order to be effective, OSN platforms must be properly engineered, also by having privacy and security protection as strict design constraints. To this aim, it is of crucial importance investigating potential new behaviors, Web-based technologies, traffic patterns and innovative security policies. In this perspective, this chapter discusses the state-of-the-art in the engineering of OSNs infrastructures, the key issues, and the research actions needed to effectively advance in the social network engineering for secure Web data and services.

Social Interactions and Automated Detection Tools in Cyberbullying

Face-to-Face bullying is a traditional form of bullying in which bullies attack victims through physical, verbal, or social attacks. Cyberbullying is a new form of bullying. Cyberbullies abuse digital media to attack victims (such as attacks through websites, social networking services, blogging, e-mail, instant messaging, chat rooms, and cell phones). Cyberbullying and face-to-face bullying share many similarities. For example, bullies achieve power over a victim in both cyberbullying and face-to-face bullying. On the other hand, cyberbullying has differences from face-to-face bullying that arise from characteristics of digital media such as anonymity and rapid spreading of attacks. This chapter highlights key concerns of cyberbullying stemming from the use of digital media and discusses existing models of face-to-face bullying which may aid in model cyberbullying. This chapter then introduces state-of-the-art research in automated tools to detect cyberbullying. Finally, this chapter concludes with future perspective of research in automated tools to detect cyberbullying.

On the Use of Formal Methods to Enforce Privacy-Aware Social Networking

This chapter discusses the use of formal techniques and formal verification tools to ensure privacy-aware social networking; hence users of social-networking sites can predict what the consequences of updating their privacy settings are. A formal methods approach is presented for modeling and comparing social-network privacy policies, and for checking whether a user’s privacy policy can coexist with other policies within a social networking site. The authors present the Poporo tool implementing the approach. Poporo builds on a predicate calculus definition for social networking written in B that models social network content, people in the network, friendship relations, and privacy policies that are modeled as permissions to access content. Several examples of privacy-awareness social networking are also shown using Poporo.

Privacy Issues in Social Networks

The inherent human need for communication and socialization is the reason for the ever-increasing use of social networking services. Social networks are a very powerful communications tool that also has the ability of aggregating large volumes of information. However, if this user-related information is exploited in certain ways, it can have harmful consequences on user privacy. This chapter defines what privacy is in the context of social networks, demonstrates how user privacy can be violated, and supports these claims with examples of real incidents. Furthermore, it presents various countermeasures, as well as directions for future research with the common goal of the protection of user privacy.

Web Malware that Targets Web Applications

Web applications have steadily increased, making them very important in areas, such as financial sectors, e-commerce, e-government, social media network, medical data, e-business, academic an activities, e-banking, e-shopping, e-mail. However, web application pages support users interacting with the data stored in their website to insert, delete and modify content by making a web site their own space. Unfortunately, these activities attracted writers of malicious software for financial gain, and to take advantage of such activities to perform their malicious objectives. This chapter focuses on severe threats to web applications specifically on Structure Query Language Injection Attack (SQLIA) and Zeus threats. These threats could adopt new obfuscation techniques to evade and thwart countermeasures Intrusion Detection Systems (IDS). Furthermore, this work explores and discusses the techniques to detect and prevent web application malware.