3 research outputs found
Authenticity and integrity of participant data in social networks without a central authority
Soziale Netzwerke decken ein breites Spektrum an Anwendungsfällen ab und bieten somit eine Vielzahl an Funktionen, bei denen die Teilnehmer mit ihrem sozialen Umfeld interagieren und mit anderen Informationen teilen können. Die dabei aufkommenden Informationen über die Teilnehmer müssen teilweise erfasst und gespeichert werden, um die Funktionalität und die Gebrauchstauglichkeit des sozialen Netzwerkes zu sichern und Missbrauch vorzubeugen. Dies jedoch hat den Nachteil, dass die entstandenen Daten und somit eine Reihe von Aktivitäten der Teilnehmer durch den Anbieter eines sozialen Netzwerkes beobachtet werden können. Um die Privatsphäre der Teilnehmer zu schützen oder auch um eine bessere Skalierbarkeit der sozialen Netzwerke zu erreichen, konzentrieren sich aktuelle Forschungsarbeiten auf die Dezentralisierung sozialer Netzwerke. Dies führt zu neuen Herausforderungen, da die Aufgaben der zentralen Organisationseinheit auf mehrere Komponenten ver-
teilt werden müssen. Eine dieser Aufgaben ist es, die Authentizität und Integrität der Daten für die Teilnehmer sicher zustellen. Die Vernachlässigung dieser beiden Schutzziele kann zu Missbrauch und verschiedenen Angriffen auf ein soziales Netzwerk und dessen Teilnehmer führen.
Um an diese Problemstellung heranzugehen, soll innerhalb dieser Arbeit geklärt werden, wann und welche Mechanismen für die Erfüllung der beiden Schutzziele in sozialen Netzwerken ohne zentrale Organisationseinheit geeignet sind. Hierfür werden die Angriffe zur Verletzung dieser beiden Schutzziele in soziale Netzwerken und der darunter liegenden Infrastruktur betrachtet. Des Weiteren wird geklärt, welchen Einfluss die Dezentralisierung auf die die Teilnehmerdaten hat und was die relevanten Kriterien für authentische Teilnehmerdaten sind.Social networks cover a wide range of use cases and thus offer a variety of functions in which the participants can interact with their social environment and share information. In this process, the emerging information about the participants must be partially captured and stored to ensure the functionality, usability and to prevent abuse. The disadvantage is that the resulting data and thus a number of activities of the participants can be observed by the provider of a social network. To protect the participants' privacy or to achieve better scalability of social networks, actual research focuses on the decentralization of social networks. This leads to new challenges because the responsibilities of the central organization must be distributed over several components. One of these challenges is to provide the authenticity and integrity of the data for the participants. The neglect of these two security objectives can lead to abuse and various attacks on a social network and its participants.
To approach this problem the goal is to resolve when and which kind of mechanisms satsify the two security objectives in social networks without a central organization. Therefore the attacks for violating these security objectives in social networks and the underlying infrastructure are considered. In addition to that it will be clarified what the impact of decentralization on participant data is and what the relevant criteria for authentic participant data are
Recommended from our members
A decentralised semantic architecture for social networking platforms
This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonSocial networking platforms (SNPs) are complex distributed software applications exhibiting many challenges related to data portability. Since existing platforms are propriety in design, users cannot easily share their data with other SNPs, however decentralisation of social networking platforms can provide a solution to this problem. There is a difference of opinion, the way the research and developer communities have pursued this issue. Existing approaches used in decentralisation provide limited structural detail and lack in providing a systematic framework of design activities. There is a need for an architectural framework based on standardised software architectural principles and technologies to guide the design and development of decentralised social networking platforms in order to improve the level of both data portability and interoperability.
The main aim of this research is to develop an architectural solution to achieve data portability among SNPs via decentralisation. Existing proposed decentralised platforms are based on a distributed structure and are mainly for a specific aspect such as access control or security and privacy. In addition to this, existing approaches lack in practicality due to underdeveloped and non-standardised design. To solve these issues a new architectural framework is needed, which can provide design and development guidelines for the decentralised social networking platform.
The goal of this thesis is to study, design and develop an architectural framework for social networking platforms that can incorporate the requirements of the decentralisation, to make portability possible. The synergies between the software engineering principles and social web technologies are investigated to create a standard approach. The proposed architecture is based on component-based software development (CBSD) and aspect-oriented software development (AOSD), a unified approach known as CAM (Component Aspect Model). The foundations of the proposed architecture are based on decentralised social networking architecture (DSNA), architectural style which is derived from CAM. Components and aspects are the building blocks of the proposed decentralised social networking platform architecture.
From a development perspective, each component represents a social network functionality and aspects represent the properties and preferences that are used to decentralise the functionality. The model for the component composition is a major challenge because the use of CAM for social networks has not been attempted before.
The proposed architecture comprehensively integrates the DSNA architectural style into each architectural component. Portability among SNPs by means of decentralisation can be summarised into three steps. (1) Definition of the architectural style, (2) implementation of the architectural style into components and (3) integration of the component composition.
To date component composition approaches have not been used for social networks as a way to develop social network functionality. The concept of middleware has been adapted to achieve the composition feature of the architecture. In the architecture Social Network Support Layer (SNSL) functions as middleware to facilitate component composition. Existing middleware solutions still lack integration of CBSD and AOSD concepts. This limitation is characterised by, a lack of explicit guidelines for composition, a lack of declarative specification and definition model to express component composition and a lack of support for role allocation. This research overcome these limitations.
The application of the architecture is based on the W3C SWAT (Social Web Acid Test) scenario. A Messaging application is developed to evaluate the scenario based on the Design Science Research Methodology. The architectural style is defined in the first stage of design followed by the component-based architecture. The architectural style is defined to guide the architecture and the component composition model. In the second stage, the design and implementation of composition technology (that is SNSL) are developed with architectural style and the rules defined in the first stage. The refined version of the architecture is evaluated in the third stage, according to WC3 SWAT test. The definitive version of the proposed architecture with the benchmarked result can be used to design and build social networking platforms, allowing users to share and collaborate information across the different social networking platforms
Secure and flexible framework for decentralized social network services
The rapid growth of the volume of user-generated contents in online social networks has raised many privacy concerns, mainly due to the data exploitation operated by providers. In order to address this problem, the idea of supporting social network services with open peer-to-peer systems has gained ground very recently. Nevertheless, the development of social network applications on decentralized layers involves several new security and design issues. In this paper we define an architectural model which embeds user identity management in a DHT overlay, providing a very robust and flexible support for any identity-based application. Important features for social applications like reputation management, modular expandability of the application suite and discretionary access control to shared resources can be easily implemented on our framework