{"title":"在线社交网络中访问控制策略配置错误检测","authors":"Yousra Javed, Mohamed Shehab","doi":"10.1109/SocialCom.2013.82","DOIUrl":null,"url":null,"abstract":"The ability to stay connected with friends online and share information, has accounted for the popularity of online social networking websites. However, the overwhelming task of access control policy management for information shared on these websites has resulted in various mental models of sharing with a false sense of privacy. The misalignment between a user's intended and actual privacy settings causes access control misconfigurations, raising the risk of unintentional privacy leaks. In this paper, we propose a scheme to extract the user's mental model of sharing, enhance this model using information learned from their existing policies, and enable them to compose misconfiguration free policies. We present the possible misconfiguration patterns based on which we scan the Facebook user's access control policies. We implemented a prototype Facebook application of our scheme and conducted a pilot study using Amazon Mechanical Turk. Our preliminary results show that the users' intended policies were significantly different than their actual policies. Our scheme was able to detect the misconfiguration patterns in album policies. However, the reduction in the number of misconfigurations after using our approach was not significant. Participants' perceptions of our proposed policy misconfiguration patterns and the usability of our scheme was positive.","PeriodicalId":129308,"journal":{"name":"2013 International Conference on Social Computing","volume":"65 6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Access Control Policy Misconfiguration Detection in Online Social Networks\",\"authors\":\"Yousra Javed, Mohamed Shehab\",\"doi\":\"10.1109/SocialCom.2013.82\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The ability to stay connected with friends online and share information, has accounted for the popularity of online social networking websites. However, the overwhelming task of access control policy management for information shared on these websites has resulted in various mental models of sharing with a false sense of privacy. The misalignment between a user's intended and actual privacy settings causes access control misconfigurations, raising the risk of unintentional privacy leaks. In this paper, we propose a scheme to extract the user's mental model of sharing, enhance this model using information learned from their existing policies, and enable them to compose misconfiguration free policies. We present the possible misconfiguration patterns based on which we scan the Facebook user's access control policies. We implemented a prototype Facebook application of our scheme and conducted a pilot study using Amazon Mechanical Turk. Our preliminary results show that the users' intended policies were significantly different than their actual policies. Our scheme was able to detect the misconfiguration patterns in album policies. However, the reduction in the number of misconfigurations after using our approach was not significant. Participants' perceptions of our proposed policy misconfiguration patterns and the usability of our scheme was positive.\",\"PeriodicalId\":129308,\"journal\":{\"name\":\"2013 International Conference on Social Computing\",\"volume\":\"65 6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-09-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 International Conference on Social Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SocialCom.2013.82\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 International Conference on Social Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SocialCom.2013.82","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Access Control Policy Misconfiguration Detection in Online Social Networks
The ability to stay connected with friends online and share information, has accounted for the popularity of online social networking websites. However, the overwhelming task of access control policy management for information shared on these websites has resulted in various mental models of sharing with a false sense of privacy. The misalignment between a user's intended and actual privacy settings causes access control misconfigurations, raising the risk of unintentional privacy leaks. In this paper, we propose a scheme to extract the user's mental model of sharing, enhance this model using information learned from their existing policies, and enable them to compose misconfiguration free policies. We present the possible misconfiguration patterns based on which we scan the Facebook user's access control policies. We implemented a prototype Facebook application of our scheme and conducted a pilot study using Amazon Mechanical Turk. Our preliminary results show that the users' intended policies were significantly different than their actual policies. Our scheme was able to detect the misconfiguration patterns in album policies. However, the reduction in the number of misconfigurations after using our approach was not significant. Participants' perceptions of our proposed policy misconfiguration patterns and the usability of our scheme was positive.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
