Compliance Monitoring of Third-Party Applications in Online Social Networks

With the widespread adoption of Online Social Networks (OSNs), users increasingly also use corresponding third-party applications (TPAs), such as social games and applications for collaboration. To improve their social experience, TPAs access users' personal data via an API provided by the OSN....

Full description

Saved in:
Bibliographic Details
Published in2016 IEEE Security and Privacy Workshops (SPW) pp. 9 - 16
Main Authors Kelbert, Florian, Fromm, Alexander
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.05.2016
Subjects
compliance
Data privacy
data usage control
Engines
Facebook
Monitoring
online social networks
Privacy
privacy policies
Security
third-party applications
Online AccessGet full text

Cover

More Information
Summary:With the widespread adoption of Online Social Networks (OSNs), users increasingly also use corresponding third-party applications (TPAs), such as social games and applications for collaboration. To improve their social experience, TPAs access users' personal data via an API provided by the OSN. Applications are then expected to comply with certain security and privacy policies when handling the users' data. However, in practice, they might store, use, and distribute that data in all kinds of unapproved ways. We present an approach that transparently enforces security and privacy policies on TPAs that integrate with OSNs. To this end, we integrate concepts and implementations from the research areas of data usage control and information flow control. We instantiate these results in the context of TPAs in OSNs in order to enforce compliance with security and privacy policies that are provided by the OSN operator. We perform a preliminary evaluation of our approach on the basis of a TPA that integrates with the Facebook API.
DOI:10.1109/SPW.2016.13