By offering a cornucopia of user information to other licit (or sometimes illicit) users, online social networks (OSNs) create the ultimate challenge for preventing privacy invasion and relationship mining, while supporting all the reasons OSNs came into existence: information sharing, communicating, making new and enforcing old connections, collaborating, and socializing. In OSNs, utility and security are in fundamental conflict. This excellent book discusses various ways to ease this conflict.
The book presents various facets of security and privacy protection in OSNs in a very readable way and without compromising technical accuracy when needed. The editors have done an excellent job of selecting 11 useful and complementary chapters that not only explain essential notions, but also present possible algorithmic solutions to the challenges, giving a good overview of the current issues and solutions found in the OSN security community.
The chapters are grouped into four parts, with the last three parts being considerably more technical than the first. The book concludes with several questions, so readers can test their understanding of the material.
Part 1, “Online Social Network Analysis, Privacy and Terrorism,” includes three chapters. The first, “Privacy in Online Social Networks,” is an excellent introduction to the subject and very readable, with a rich bibliography at the end. All aspects of the subject are discussed, from graph representations to graph measures and threats, and from the usefulness of existing privacy protection techniques to link mining. The chapter would be useful to any class of reader, academic, professional, security expert, or end user. The material makes you think, even if you are not an expert in the field.
The second chapter, “Online Social Networks: Privacy Threats and Defenses,” is more focused on threats and defenses, offering some criticism on the non-optimality of current OSN user interfaces, which do not help users understand the possible vulnerabilities and thus fail to help them self-protect. I found this well written, with an extensive analysis on where the roots of privacy threats lie (users’ limitations, design flaws and limitations, implicit flow of information, and clashes of interests) and a discussion of two defense mechanisms.
The last chapter in this part, “Online Social Networks and Terrorism: Threats and Defenses,” presents an extensive discussion on how terrorist groups exploit social networks and on possible defenses that exist. I found this chapter very readable. It’s another one that makes you think.
Part 2, “Access Control, Reputation and Semantic Policies in Social Networks,” also consists of three chapters. The first, “User-managed Access Control in Web Based Social Networks,” describes the design and implementation of technical mechanisms that would allow social network users to control access of their data by other users. The authors include a nice review of existing access control mechanisms.
The next paper, “UPP+: A Flexible User Privacy Policy for Social Networking Services,” presents a technical discussion of a privacy policy model for enhancing the privacy and security of ordinary users that do not necessarily understand the potential threats to their privacy when using OSNs or when agreeing to every site owner’s policy.
The last chapter in this part, “Social Semantic Network-Based Access Control,” discusses the benefits of an access management ontology (AMO) in access control. The authors have implemented their AMO-based approach on the SweetWiki engine and discuss the pros and cons of the approach.
Part 3 addresses “Security and Privacy in Mobile and P2P Social Networks.” The first of three chapters in this part, “Supporting Data Privacy in P2P Systems,” discusses the benefits of implementing the important notion of purpose-based access control using centralized techniques borrowed from Hippocratic databases (systems that relate and control access to data with the purpose for accessing the data). Various implementations are analyzed and compared in terms of how they support data privacy in peer-to-peer (P2P) systems.
The next chapter, “Privacy Preserving Reputation Management in Social Networks,” is an extended review on trust- and reputation-based approaches to privacy preservation in OSNs. For example, the authors examine how a reputation-based system that reveals only community scores and not individual scores may help in spotting fake profiles without any fear of retaliation.
The last chapter in this part, “Security and Privacy Issues in Mobile Social Networks,” discusses how mobile social networks have additional inherent security problems, because there is the potential for real-time sharing of sensitive data such as the user’s physical location. Several current approaches for security and privacy are reviewed and compared, including Mobilis, MobiSoC, MyNet, and MobileHealthNet.
Part 4, “Multimedia-based Authentication and Access Control Models for Social Networks,” concludes the discussion with two chapters. The first, “Avatar Facial Biometric Authentication Using Wavelet Local Binary Patterns,” is a technical discussion on using wavelet decomposition of images to recognize avatar faces from different virtual worlds in an attempt to identify who the real users are behind the avatars, usually for law enforcement-related activities.
The final paper, “A Flexible Image-based Access Control Model for Social Networks,” presents a technical discussion of a model for dynamic security rules that are based on images and contextual information. With their methodology, the authors can protect (cover) a part of a shared image (to avoid showing a particular face, for example) based on context and policy rules set by the user. The authors present and discuss a prototype implementation of their method.
