Modeling Social Networking Privacy

Abstract

In this paper we propose to use a formal language, called Secure UML, to model social networking privacy. Secure UML is a language for specifying role-based static and dynamic access control policies, the latter being policies that depend on the run-time satisfaction of specific constraints (e.g., the privacy settings in social networking sites). By using a formal language for modeling social networking privacy, we provide a rigorous, unambiguous description of the policies, and a solid, much-needed formal foundations for tools to validate them and to perform change impact analysis. To illustrate our proposal, as well as its benefits, we use Facebook as a case study, in particular, the latest two versions of Facebook's policy for posting and tagging.