2012年4月29日星期日
About online social network security
According to Wikipedia's descriptions about Security service, the conventional security services include Authentication, Access control, Data confidentiality, Data integrity and Non-repudiation.
On the other hand, in the context of OSNs there are three main security objectives: Privacy(which encompasses user profile privacy, communication privacy, message confidentiality and information disclosure), Integrity and Availability.
So as we can see, the privacy of OSNs seems to be more strict due to the more requirements. To ensure communication privacy, authentication must be done first. Information disclosure needs the access control finegrained to the level of each manageable user. Most significantly, all information of users including their participation in the OSN should be hidden in the system in order to ensure a real privacy, which is not mentioned in the conventional security services. Remember the database disclosure of an IT community called CSDN? A large amount of user profiles were available throughout the world soon because CSDN stored them in plaintext in database. This kind of privacy problem is a nightmare in famous OSN.
In terms of integrity, only ensuring data integrity is not enough in OSN. Some problems like bogus accounts or cloned accounts may occur. To solve the problem, OSN has to find ways to ensure the real identity of each registered member. For example, in Renren.com if one claims to be a student of CUHK, then he/she have to prove it by either logging in the website with CUHK's IP address or scaning the student id card for administator's verification.
When it comes to availability, besides availability of data access, message exchange among members has to be available as well. In OSN, as a basic feature, availability has to include robustness against censorship. In this way OSNs are able to ensure user's profile and data published is always available. Using the case of Renren.com again, if any user wants to stop the account, all of his/her data like journals or photos will remain on the server, waiting for possible reuse in the future.
订阅:
博文评论 (Atom)
As a user, we have to be careful when using the social network. More and more security solutions are developed to secure the social network. However, we can never eliminate all possible vulnerabilities. Therefore, maybe we should improve our awareness against the risks on social networks. What's more important is, I think we should not provide too much personal information on social network, if it not necessary.
回复删除Yep, I agree with you that awareness is quite important
删除Fackbook will also remind the user data on the server after user deactivate the account. But I think it is not good choice and user should decide delete the data or not. I think none will like to keep the data on the server when they decide to give up the account, if the server hacked by others then it will be very dangerous.
回复删除I hope Facebook will allow this one day. Therefore, as Li Qiao has mentioned, just don't put too much personal information on social platform if not necessary.
删除