The Community for Technology Leaders
RSS Icon
Issue No.02 - March-April (2014 vol.11)
pp: 142-154
Gorrell P. Cheek , University of North Carolina at Charlotte, Charlotte
Mohamed Shehab , University of North Carolina at Charlotte, Charlotte
We enhance existing and introduce new social network privacy management models and we measure their human effects. First, we introduce a mechanism using proven clustering techniques that assists users in grouping their friends for traditional group-based policy management approaches. We found measurable agreement between clusters and user-defined relationship groups. Second, we introduce a new privacy management model that leverages users' memory and opinion of their friends (called example friends) to set policies for other similar friends. Finally, we explore different techniques that aid users in selecting example friends. We found that by associating policy temples with example friends (versus group labels), users author policies more efficiently and have improved perceptions over traditional group-based policy management approaches. In addition, our results show that privacy management models can be further enhanced by utilizing user privacy sentiment for mass customization. By detecting user privacy sentiment (i.e., an unconcerned user, a pragmatist or a fundamentalist), privacy management models can be automatically tailored specific to the privacy sentiment and needs of the user.
Privacy, Educational institutions, Facebook, Visualization, Prototypes, Access control,social network, Policy, human factors, privacy, access control
Gorrell P. Cheek, Mohamed Shehab, "Human Effects of Enhanced Privacy Management Models", IEEE Transactions on Dependable and Secure Computing, vol.11, no. 2, pp. 142-154, March-April 2014, doi:10.1109/TDSC.2013.34
[1] R. McMillan, "Google Buzz Criticized for Disclosing Gmail Contacts," buzz_criticized_for_disclosing_gmail_contacts.html , 2010.
[2] A. Acquisti and R. Gross, "Imagined Communities: Awareness, Information Sharing and Privacy on the Facebook," Proc. Sixth Int'l Conf. Privacy Enhancing Technologies (PET '06), 2006.
[3] A. Acquisti and J. Grossklags, "Privacy and Rationality in Individual Decision Making," IEEE Security & Privacy, vol. 3, no. 1, pp. 26-33, Jan./Feb. 2005.
[4] A. Besmer, J. Watson, and H.R. Lipford, "The Impact of Social Navigation on Privacy Policy Configuration," Proc. Symp. Usable Privacy and Security, 2010.
[5] J. Bonneau and S. Preibusch, "The Privacy Jungle: On the Market for Data Protection in Social Networks," Proc. Workshop the Economics of Information Security (WEIS '09), 2009.
[6] B. Carminati, E. Ferrari, R. Heatherly, M. Kantarcioglu, and B. Thuraisingham, "A Semantic Web Based Framework for Social Network Access Control," Proc. Symp. Access Control Models and Technologies, 2009.
[7] B. Carminati, E. Ferrari, R. Heatherly, M. Kantarcioglu, and B.M. Thuraisingham, "Semantic Web-Based Social Network Access Control," Computers & Security, vol. 30, pp. 108-115, 2011.
[8] Y. Cheng, J. Park, and R.S. Sandhu, "A User-to-User Relationship-Based Access Control Model for Online Social Networks," Proc. 26th Ann. IFIP WG 11.3 Conf. Data and Applications Security and Privacy, 2012.
[9] A. Clauset, M. Newman, and C. Moore, "Finding Community Structure in Very Large Networks," Physical Rev. E, vol. 70, p. 066111, 2004.
[10] E. Cutrell, M. Czerwinski, and E. Horvitz, "Notification, Disruption, and Memory: Effects of Messaging Interruptions on Memory and Performance," Proc. Conf. Human Computer Interaction, 2001.
[11] R. Dhamija and A. Perrig, "Deja Vu: A User Study Using Images for Authentication," Proc. USENIX Security Symp., 2000.
[12] P. Dunphy, A.P. Heiner, and N. Asokan, "A Closer Look at Recognition-Based Graphical Passwords on Mobile Devices," Proc. Symp. Usable Privacy and Security, 2010.
[13] C. Dwyer, S.R. Hiltz, and K. Passerini, "Trust and Privacy Concern within Social Networking Sites: A Comparison of Facebook and MySpace," Proc. Am. Conf. Information Systems (AMCIS '07), 2007.
[14] L. Fang and K. LeFevre, "Privacy Wizards for Social Networking Sites," Proc. Conf. World Wide Web, 2010.
[15] D. Ferraiolo and R. Kuhn, "Role-Based Access Control," Proc. Nat'l Computer Security Conf., 1992.
[16] P.W. Fong, "Relationship-Based Access Control: Protection Model and Policy Language," Proc. Conf. Data and Application Security and Privacy, 2011.
[17] P.W.L. Fong and I. Siahaan., "Relationship-Based Access Control Policies and Their Policy Languages," Proc. Symp. Access Control Models and Technologies, 2011.
[18] C.E. Gates, "Access Control Requirements for Web 2.0 Security and Privacy," Proc. Workshop Web 2.0 Security and Privacy, 2007.
[19] L. Hubert and P. Arabie, "Comparing Partitions," J. Classification, vol. 2, pp. 193-218, 1985.
[20] S.T. Iqbal and B.P. Bailey, "Investigating the Effectiveness of Mental Workload As a Predictor of Opportune Moments for Interruption," Proc. Computer Human Interaction Extended Abstracts on Human Factors in Computing Systems (CHI '05), 2005.
[21] Q. Jones, S.A. Grandhi, S. Whittaker, K. Chivakula, and L. Terveen, "Putting Systems into Place: A Qualitative Study of Design Requirements for Location-Aware Community Systems," Proc. Conf. Computer Supported Cooperative Work (CSCW '04), 2004.
[22] S. Jones and E. O'Neill, "Feasibility of Structural Network Clustering for Group-Based Privacy Control in Social Networks," Proc. Symp. Usable Privacy and Security, 2010.
[23] H. Krasnova, O. Günther, S. Spiekermann, and K. Koroleva, "Privacy Concerns and Identity in Online Social Networks," Identity in the Information Soc., vol. 2, no. 1, pp. 39-63, 2009.
[24] P. Kumaraguru and L.F. Cranor, "Privacy Indexes: A Survey of Westin's Studies," Technical Report CMU-ISRI-5-138, Inst. for Software Research Int'l, School of Computer Science, Carnegie Mellon Univ., 2005.
[25] S. Lederer, J.I. Hong, A.K. Dey, and J.A. Landay, "Personal Privacy through Understanding and Action: Five Pitfalls for Designers," Personal and Ubiquitous Computing, vol. 8, pp. 440-454, 2004.
[26] K. Lewis, J. Kaufman, and N. Christakis, "The Taste for Privacy: An Analysis of College Student Privacy Settings in an Online Social Network," J. Computer-Mediated Comm., vol. 14, pp. 79-100, 2008.
[27] H.R. Lipford, J. Watson, M. Whitney, K. Froiland, and R.W. Reeder, "Visual versus Compact: A Comparison of Privacy Policy Interfaces," Proc. SIGCHI Conf. Human Factors in Computing Systems, 2010.
[28] C.D. Manning, P. Raghavan, and H. Schütze, Introduction to Information Retrieval. Cambridge Univ. Press, 2008.
[29] A. Mazzia, K. LeFevre, and E. Adar, "The PViz Comprehension Tool for Social Network Privacy Settings," Technical Report CSE-TR-570-11, Univ. of Michigan, 2011.
[30] M.E.J. Newman, "Fast Algorithm for Detecting Community Structure in Networks," Physical Rev. E, vol. 69, article 066133, 2004.
[31] P.A. Norberg, D.R. Horne, and D.A. Horne, "The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors," J. Consumer Affairs, vol. 41, pp. 100-126, 2007.
[32] J.S. Olson, J. Grudin, and E. Horvitz, "A Study of Preferences for Sharing and Privacy," Proc. Computer Human Interaction (CHI '05) Extended Abstracts on Human Fcators in Computing Systems, 2005.
[33] W. Rand, "Objective Criteria for the Evaluation of Clustering Methods," J. Am. Statistical Assoc., vol. 66, pp. 846-850, 1971.
[34] R. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, "Role-Based Access Control Models," Computer, vol. 29, no. 2, pp. 38-47, Feb. 1996.
[35] R. Sandhu, D. Ferraiolo, and R. Kuhn, "The Nist Model for Role-Based Access Control: Towards a Unified Standard," Proc. Workshop Role-Based Access Control, 2000.
[36] K. Strater and H.R. Lipford, "Strategies and Struggles with Privacy in an Online Social Networking Community," Proc. British HCI Group Ann. Conf. People and Computers: Culture, Creativity, Interaction, 2008.
[37] A.S. Yuksel, M.E. Yuksel, and A.H. Zaim, "An Approach for Protecting Privacy on Social Networks," Proc. Conf. Systems and Networks Comm., 2010.
93 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool