A Logical Framework for Verifying Privacy Breaches of Social Networks

TL;DR

This paper introduces a formal logic-based framework to verify privacy breaches in social networks caused by permission-delegation, aiming to prevent unintentional privacy violations and improve user awareness.

Contribution

It presents a novel formal methods approach using predicate logic and Yices to model and verify privacy policies in social networks, addressing permission delegation threats.

Findings

Successfully modeled social network permissions using predicate logic

Verified security policies for permission flow in social networks

Demonstrated the approach's effectiveness in detecting privacy breaches

Abstract

We present a novel approach to deal with transitivity permission-delegation threats that arise in social networks when content is granted permissions by third-party users thereby breaking the privacy policy of the content owner. These types of privacy breaches are often unintentional in social networks like Facebook, and hence, (more) in-place mechanisms are needed to make social network users aware of the consequences of changing their privacy policies. Our approach is unique in its use of formal methods tools and techniques. It builds on a predicate logic definition for social networking that caters for common aspects of existing social networks such as users, social network content, friendship, permissions over content, and content transmission. Our approach is implemented in Yices. For the predicate logic model, we formulate a security policy for the verification of the permission flow of content owned by social network users and demonstrate how this security policy can be verified.