The ability of third-party applications to aggregate and repurpose personal data is a fundamental privacy weakness in today’s social networking platforms. Prior work has proposed sandboxing in a hosted cloud infrastructure to prevent leakage of user information [22]. In this paper, we extend simple sandboxing to allow sharing of information among friends in a social network, and to help application developers securely aggregate user data according to differential privacy properties. Enabling these two key features requires preventing, among other subtleties, a new“Kevin Bacon” attack aimed at aggregating private data through a social network graph. We describe the significant architectural and security implications for the application framework in the

Web (JavaScript) application, backend cloud, and user data handling.

PDF file

In  Proceedings of the Workshop on Online Social Networks (WOSN'12)

Publisher  ACM

Details