Security

Keeping Information Safe From Social Networking Apps

Date Added: Aug 2012
Format: PDF

The ability of third-party applications to aggregate and re-purpose personal data is a fundamental privacy weakness in today's social networking platforms. Prior work has pro-posed sandboxing in a hosted cloud infrastructure to prevent leakage of user information. In this paper, the authors extend simple sandboxing to allow sharing of information among friends in a social network, and to help application developers securely aggregate user data according to differential privacy properties. Enabling these two key features requires preventing, among other subtleties, a new "Kevin Bacon" at-tack aimed at aggregating private data through a social net-work graph. They describe the significant architectural and security implications for the application framework in the Web (JavaScript) application, backend cloud, and user data handling.