Access control for online social networks third party applications

Mohamed Shehab, Anna Squicciarini, Gail-Joon Ahn, Irini Kokkinou

Research output: Contribution to journalArticlepeer-review

46 Scopus citations


With the development of Web 2.0 technologies, online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications. At the same time, these open interfaces pose serious privacy concerns as third party applications are usually given access to the user profiles. Current related research has focused on mainly user-to-user interactions in social networks, and seems to ignore the third party applications. In this paper, we present an access control framework to manage third party applications. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services. We assess the feasibility of our approach by developing a proof-of-concept implementation and by conducting user studies on a widely-used social network platform.

Original languageEnglish (US)
Pages (from-to)897-911
Number of pages15
JournalComputers and Security
Issue number8
StatePublished - Nov 2012


  • Access control
  • Applications
  • Attribute generalization
  • Finite state machine
  • Social networks

ASJC Scopus subject areas

  • General Computer Science
  • Law


Dive into the research topics of 'Access control for online social networks third party applications'. Together they form a unique fingerprint.

Cite this