The ability of third-party applications to aggregate and re-purpose personal data is a fundamental privacy weakness in today's social networking platforms. Prior work has proposed sandboxing in a hosted cloud infrastructure to prevent leakage of user information. In this work, we extend simple sandboxing to allow sharing of information among friends in a social network, and to help application developers securely aggregate user data according to differential privacy properties. Enabling these two key features requires preventing, among other subtleties, a new 'Kevin Bacon' attack aimed at aggregating private data through a social network graph. We explore the significant architectural and security implications of our design for the application framework in the Web (JavaScript) application, backend cloud, and user data handling.

 

Keeping Information Safe from Social Networking Apps
Bimal Viswanath, Emre Kiciman and Stefan Saroiu. ACM SIGCOMM Workshop on Online Social Networks (WOSN), August 2012.

 

Bimal Viswanath
Emre Kiciman
Stefan Saroiu