SPSN 2011: First Int. Workshop on Security and Privacy in Social Networks 2011
Link: http://spsn11.media.mit.edu/
In conjunction with IEEE Conference on Social Computing 9\10 October 2011, Boston, Massachusetts
Overview
As the area of online social networking develops and many online services add social features to their offerings, the definition of online social networking services broadens. Online social networking services range from social-interaction centered sites such as Facebook or MySpace, to information-dissemination-centric services such as Twitter or Google Buzz, to social interaction features added to existing sites and services such as Flickr or Amazon. Each of these services has different characteristics of social interaction, and different vulnerabilities susceptible to attack.
The value of online social networking sites stems from people spending a great deal of their time on these networks. Updating their personal profiles, browsing for social or professional interactions or taking part in social oriented online applications and events, people nowadays become immersed in their preferred online social environments, creating an exciting entanglement between their real and virtual identities. However, this immersion holds also great perils for the users, their friends, their employers, and may even endanger national security.
There is a great deal of information in the patterns of communication exercised by the user with his peers. These patterns are affected by many factors of relationship and context, and could be used in reverse – to infer the relationship and context. Later on, these relationships can be further used in order to deduce additional private information that was intended to remain disclosed. A recent study carried out at MIT had said to reveal the sexual orientation of Internet users based on social network contacts. In this example, the users whose privacy was compromised did not even place this information online, but rather – notify their social interaction to users, who apparently did disclose this information.
Yet, in other cases, this problem can become even worse, due to the (false) assumption of users that information that is marked as “private” will remain private and will not be disclosed by the network. Indeed, although the operators of social networks rarely betray the confidence of their users, no security mechanism is perfect. As these networks often utilize standard (and not necessarily updated) security methods, a determined attacker can sometimes gain access to such unauthorized information. The combination of sensitive private information, managed by users who are not security aware, in an environment that is not hermetically sealed is a sure cause for frequent leaks of private information and identity thefts.
This problem becomes even more threatening when viewed from the corporate (or even national) perspective. Users that possess sensitive commercial or security-related information are expected to be under severe control in their workplaces. However, while interacting virtually in social networks, the same people tend to often shed their precautions, supported by a false sense of intimacy and privacy, while being unaware of the damage their naive behavior may cause. As it is hard (and sometimes illegal) to monitor the behavior of online social networks users, these platforms possess a significant threat for the safety and privacy of sensitive information. Hard to detect and almost impossible to prevent – leaks of business, military or governmental data through social networks could become the security epidemic of the 21st century.
The workshop aims to bring to the forefront innovative approaches for analyzing and enhancing the security and privacy dimensions in online social networks. In order to facilitate the transition of such methods from theory to mechanisms designed and deployed in existing online social networking services, we need to create a common language between the researchers and practitioners of this new area — spanning from the theory of computational social sciences to conventional security and network engineering.
Objectives
The guiding goal of the workshop is to bring together researchers and practitioners who deal with the design and analysis of online social networking side by side with those who design security and privacy protocols, in order to:
1. Survey and discuss the current state of research that deals with security and privacy in social networks.
2. Create a community of researchers and practitioners who are interested in enabling current social networks to incorporate dedicated security methods.
3. Create new opportunities and set the ground for future collaboration between participants, generating insights that can be carried forward into future work.
4. Foster creativity and imagine the underlying technological changes in the way we network and communicate that will take place over the next 5-10 years.
Submission
Authors are invited to submit original, unpublished research papers that are not being considered in another forum. We welcome work in progress in addition to more mature work. Submission could be made in the form of either
• A short position paper of up to 4 proceedings pages in length.
• A full-length technical paper of up to 8 proceedings pages in length.
Submission must be in PDF format, in accordance with the IEEE conference paper style.
Submissions should be done via the submissions website at http://www.easychair.org/conferences/?conf=spsn2011.
All submitted papers will be reviewed and judged on originality, technical correctness, relevance, and quality of presentation by the Technical Program Committee.
Should the paper be accepted, at least one of the authors must attend the workshop to present the work in order for the paper to be published by IEEE and included in the IEEE Digital Library.
Accepted papers will be included in the workshop’s proceedings. The organizers intend to publish extended versions of selected papers as a handbook on the topic of security and privacy in social networks.
Topics
The proposed topics for the workshop include but are not limited to the following:
• Malware propagation in social networks
• Information leakage via social networks
• Social currency mechanisms – potential and risks
• Privacy management in social networks – access controls, permissions
• Identity theft in social networks
• Collaborative detection of distributed network attacks
• Peer-to-peer based security mechanisms
• Trust and reputation in social networks
• Socially inspired network security architectures
• Socially aware network security protocols
• Security configuration based on social contexts groups (social-firewall, authentication protocols, etc.)
• Configuring security protocol parameters based on social information
• Privacy-preserving methods for data access and data mining.
Important Dates
• Paper Submission: 22 July 2011
• Author Notification: 20 August 2011
• Final Manuscript: 27 August 2011
• Workshop Date: 9-11 October 2011
Organizing Committee
• Yaniv Altshuler, Human Dynamics Group, MIT Media Laboratory
• Yuval Elovici, Deutsche Telekom Laboratories at Ben-Gurion University of the Negev
• Armin Cremers, University of Bonn
• Nadav Aharony, Human Dynamics Group, MIT Media Laboratory
• Yehudith Naftalovich (administrative assistant)
Technical Program Committee
• Alex (Sandy) Pentland, MIT
• Alfred Bruckstein, Technion
• Bruno Lepri, MIT / FBK, Trento, Italy
• Christian Thurau, Fraunhofer Institute
• V.S Subrahmanian, University of Maryland
• Rami Puzis, Ben Gurion University
• Max Little, MIT / Oxford University
• Yves-Alexandre de Montjoye, MIT
• Sagi Ben Moshe, Technion
• Ronen Vaisenberg, University of California, Irvine
• Arie Matsliah, IBM Research
• Orna Agmon Ben-Yehuda, Technion
• Manuel Cebrian, UCSD
• Wei Pan, MIT
• Muli Ben-Yehuda, Technion and IBM Research
• Shlomi Dolev, Ben-Gurion University
• Santi Phithakkitnukoon, MITSPSN 2011: First Int. Workshop on Security and Privacy in Social Networks 2011
Link: http://spsn11.media.mit.edu/
In conjunction with IEEE Conference on Social Computing 9\10 October 2011, Boston, Massachusetts
Overview
As the area of online social networking develops and many online services add social features to their offerings, the definition of online social networking services broadens. Online social networking services range from social-interaction centered sites such as Facebook or MySpace, to information-dissemination-centric services such as Twitter or Google Buzz, to social interaction features added to existing sites and services such as Flickr or Amazon. Each of these services has different characteristics of social interaction, and different vulnerabilities susceptible to attack.
The value of online social networking sites stems from people spending a great deal of their time on these networks. Updating their personal profiles, browsing for social or professional interactions or taking part in social oriented online applications and events, people nowadays become immersed in their preferred online social environments, creating an exciting entanglement between their real and virtual identities. However, this immersion holds also great perils for the users, their friends, their employers, and may even endanger national security.
There is a great deal of information in the patterns of communication exercised by the user with his peers. These patterns are affected by many factors of relationship and context, and could be used in reverse – to infer the relationship and context. Later on, these relationships can be further used in order to deduce additional private information that was intended to remain disclosed. A recent study carried out at MIT had said to reveal the sexual orientation of Internet users based on social network contacts. In this example, the users whose privacy was compromised did not even place this information online, but rather – notify their social interaction to users, who apparently did disclose this information.
Yet, in other cases, this problem can become even worse, due to the (false) assumption of users that information that is marked as “private” will remain private and will not be disclosed by the network. Indeed, although the operators of social networks rarely betray the confidence of their users, no security mechanism is perfect. As these networks often utilize standard (and not necessarily updated) security methods, a determined attacker can sometimes gain access to such unauthorized information. The combination of sensitive private information, managed by users who are not security aware, in an environment that is not hermetically sealed is a sure cause for frequent leaks of private information and identity thefts.
This problem becomes even more threatening when viewed from the corporate (or even national) perspective. Users that possess sensitive commercial or security-related information are expected to be under severe control in their workplaces. However, while interacting virtually in social networks, the same people tend to often shed their precautions, supported by a false sense of intimacy and privacy, while being unaware of the damage their naive behavior may cause. As it is hard (and sometimes illegal) to monitor the behavior of online social networks users, these platforms possess a significant threat for the safety and privacy of sensitive information. Hard to detect and almost impossible to prevent – leaks of business, military or governmental data through social networks could become the security epidemic of the 21st century.
The workshop aims to bring to the forefront innovative approaches for analyzing and enhancing the security and privacy dimensions in online social networks. In order to facilitate the transition of such methods from theory to mechanisms designed and deployed in existing online social networking services, we need to create a common language between the researchers and practitioners of this new area — spanning from the theory of computational social sciences to conventional security and network engineering.
Objectives
The guiding goal of the workshop is to bring together researchers and practitioners who deal with the design and analysis of online social networking side by side with those who design security and privacy protocols, in order to:
1. Survey and discuss the current state of research that deals with security and privacy in social networks.
2. Create a community of researchers and practitioners who are interested in enabling current social networks to incorporate dedicated security methods.
3. Create new opportunities and set the ground for future collaboration between participants, generating insights that can be carried forward into future work.
4. Foster creativity and imagine the underlying technological changes in the way we network and communicate that will take place over the next 5-10 years.
Submission
Authors are invited to submit original, unpublished research papers that are not being considered in another forum. We welcome work in progress in addition to more mature work. Submission could be made in the form of either
• A short position paper of up to 4 proceedings pages in length.
• A full-length technical paper of up to 8 proceedings pages in length.
Submission must be in PDF format, in accordance with the IEEE conference paper style.
Submissions should be done via the submissions website at http://www.easychair.org/conferences/?conf=spsn2011.
All submitted papers will be reviewed and judged on originality, technical correctness, relevance, and quality of presentation by the Technical Program Committee.
Should the paper be accepted, at least one of the authors must attend the workshop to present the work in order for the paper to be published by IEEE and included in the IEEE Digital Library.
Accepted papers will be included in the workshop’s proceedings. The organizers intend to publish extended versions of selected papers as a handbook on the topic of security and privacy in social networks.
Topics
The proposed topics for the workshop include but are not limited to the following:
• Malware propagation in social networks
• Information leakage via social networks
• Social currency mechanisms – potential and risks
• Privacy management in social networks – access controls, permissions
• Identity theft in social networks
• Collaborative detection of distributed network attacks
• Peer-to-peer based security mechanisms
• Trust and reputation in social networks
• Socially inspired network security architectures
• Socially aware network security protocols
• Security configuration based on social contexts groups (social-firewall, authentication protocols, etc.)
• Configuring security protocol parameters based on social information
• Privacy-preserving methods for data access and data mining.
Important Dates
• Paper Submission: 22 July 2011
• Author Notification: 20 August 2011
• Final Manuscript: 27 August 2011
• Workshop Date: 9-11 October 2011
Organizing Committee
• Yaniv Altshuler, Human Dynamics Group, MIT Media Laboratory
• Yuval Elovici, Deutsche Telekom Laboratories at Ben-Gurion University of the Negev
• Armin Cremers, University of Bonn
• Nadav Aharony, Human Dynamics Group, MIT Media Laboratory
• Yehudith Naftalovich (administrative assistant)
Technical Program Committee
• Alex (Sandy) Pentland, MIT
• Alfred Bruckstein, Technion
• Bruno Lepri, MIT / FBK, Trento, Italy
• Christian Thurau, Fraunhofer Institute
• V.S Subrahmanian, University of Maryland
• Rami Puzis, Ben Gurion University
• Max Little, MIT / Oxford University
• Yves-Alexandre de Montjoye, MIT
• Sagi Ben Moshe, Technion
• Ronen Vaisenberg, University of California, Irvine
• Arie Matsliah, IBM Research
• Orna Agmon Ben-Yehuda, Technion
• Manuel Cebrian, UCSD
• Wei Pan, MIT
• Muli Ben-Yehuda, Technion and IBM Research
• Shlomi Dolev, Ben-Gurion University
• Santi Phithakkitnukoon, MIT