社交网络中的隐私保护研究综述

doi:10.11959/j.issn.2096-109x.2016.00036

摘要/Abstract

摘要：

随着信息技术的发展，社交网络逐渐成为人们沟通的主要方式，而敏感信息暴露在开放的社交网络中所导致的多种隐私信息泄露问题也引起了人们的日益关注。首先，介绍了社交网络及隐私的相关概念；其次，对当前社交网络中的隐私保护所采用的主要方法：匿名技术和访问控制技术进行了详细的介绍、分析和讨论；最后，对现有方法存在的问题和挑战进行了分析，并给出了一些潜在的研究热点，为未来研究工作指明方向。

关键词: 社交网络, 隐私保护, 匿名, 访问控制

Abstract:

Social network has gradually become the main way in communication with the development of informa-tion technology and the issue of privacy preserving in social network has also obtained more and more attention due to the interactive information exposed in the open social networks.Firstly,an overview of the concept of social net-work and privacy was givem.Secondly,the current mainly two methods:anonymity mechanism and access control technique employed for privacy preservation in social networks were reviewed and discussed.Finally,the vulner-abilities and challenges of the current mechanism were analyzed and the potential research issues for the future re-search works were showed.

Key words: social network, privacy preserving, anonymity, access control

中图分类号:

TP309

姚瑞欣,李晖,曹进. 社交网络中的隐私保护研究综述[J]. 网络与信息安全学报, 2016, 2(4): 33-43.

Rui-xin YAO,Hui LI,Jin CAO. Overview of privacy preserving in social network[J]. Chinese Journal of Network and Information Security, 2016, 2(4): 33-43.

参考文献 105

[1]	刘建伟, 李为宇, 孙钰 . 社交网络安全问题及其解决方案[J]. 中国科学技术大学学报, 2011,41(7):565-575.
	LIU J W , LI W Y , SUN Y . Security issues and solutions on social networks[J]. Journal of University of Science ＆ Technology of China, 2011,41(7):565-575.
[2]	. Twitter[EB/OL]. .
[3]	BILTON N . Twitter implements do not track privacy option[N]. The New York Times, 2012-05-26.
[4]	BAO J , CHENG J . Group trust algorithm based on social net-work[J]. Computer Science, 2012,39(2):38-41.
[5]	WEI W , LI Y , ZHANG W . Study on GSNPP algorithm based pri-vacy-preserving approach in social networks[J]. Computer Science, 2012,39(3):104-106.
[6]	WANG X G . Discovering critical nodes in social networks based on cooperative games[J]. Computer Science, 2013,40(4):155-161.
[7]	AJAMI R , RAMADAN N , MOHAMED N , et al. Security chal-lenges and approaches in online social networks:a survey[J]. In-ternational Journal of Computer Science ＆ Network Security, 2011,11(20).
[8]	SCHNEIDER F , FELDMANN A , KRISHNAMURTHY B , et al. Understanding online social network usage from a network per-spective[C]// IMC. c2009:35-48.
[9]	BOYD D M , ELLISON N B . Social network sites:definition,history,and scholarship[J]. Journal of Computer-mediated Com-munication, 2010,38(3):16-31.
[10]	ADAMIC L , ADAR E . How to search a social network[J]. Social Networks, 2005,27(3):187-203.
[11]	NGUYEN N P , XUAN Y , THAI M T . A novel method for worm containment on dynamic social networks[C]// Military Communica-tions Conference. c2010:2180-2185.
[12]	WEI W , XU F , TAN C C , et al. Sybil defender:defend against sybil attacks in large social networks[C]// IEEE Infocom. c2012:1951-1959.
[13]	WEIPPL E , GOLUCH S , KITZLER G , et al. Friend-in-the-middle attacks:exploiting social networking sites for spam[J]. Internet Computing IEEE, 2011,15(3):28-34.
[14]	AHN G J , SHEHAB M , SQUICCIARINI A . Security and privacy in social networks[J]. Internet Computing, 2011,15(3):10-12.
[15]	DEY R , TANG C , ROSS K , et al. Estimating age privacy leakage in online social networks[J]. IEEE Infocom, 2012,131(5):2836-2840.
[16]	YANG C C . Preserving privacy in social network integration with τ-tolerance[C]// 2011 IEEE International Conference on Intelli-gence and Security Informatics (ISI). c2011:198-200.
[17]	IRANI D , WEBB S , PU C , et al. Modeling unintended per-sonal-information leakage from multiple online social networks[J]. IEEE Internet Computing, 2011,15(3):13-19.
[18]	KRISHNAMURTHY B , WILLS C E . Characterizing privacy in online social networks[C]// The first workshop on online social networks. c2008:37-42.
[19]	LUO W , XIE Q , HENGARTNER U . FaceCloak:an architecture for user privacy on social networking sites[C]// International Confer-ence on Computational Science ＆ Engineering. c2009:26-33.
[20]	BEYE M , JECKMANS A J P , ERKIN Z , et al. Privacy in online social networks[J]. International Journal of Computer Applications, 2012,41(13):5-8.
[21]	SMITH H J , DINEV T , XU H . Information privacy research:an interdisciplinary review[J]. MIS Quarterly, 2011,35(4):989-1016.
[22]	BANSAL G , ZAHEDI F , GEFEN D . The moderating influence of privacy concern on the efficacy of privacy assurance mechanisms for building trust:a multiple-context investigation[C]// The Interna-tional Conference on Information Systems( ICIS).Paris, c2008.
[23]	宋文略 . 社交网络数据的隐私保护研究[D]. 南京：南京大学, 2011.
	SONG W L . Social network data privacy protection research[D]. Nanjing:Nanjing University, 2001.
[24]	HUANG Q , ZHU J , SONG B , et al. Game model of user’s pri-vacy-preserving in social networds[J]. Computer Science, 2014,41(10):184-190.
[25]	MARTIN D J , KIFER D , MACHANAVAJJHALA A , et al. Worst-case background knowledge for privacy-preserving data publishing[C]// IEEE 23rd international Conference on Data Engi-neering(ICDE). c2007:126-135.
[26]	ZHOU B , PEI J , LUK W S . A brief survey on anonymization tech-niques for privacy preserving publishing of social network data[J]. ACM Sigkdd Explorations Newsletter, 2008,10(2):12-22.
[27]	LIU K , TERZI E . Towards identity anonymization on graphs[C]// ACM Sigmod. c2008:93-106.
[28]	BACKSTROM L , DWORK C , KLEINBERG J . Wherefore art thou R3579X?:anonymized social networks,hidden patterns,and struc-tural steganography[C]// The 16th International Conference on World Wide Web. c2007:181-190.
[29]	WONDRACEK G , HOLZ T , KIRDA E , et al. A practical attack to de-anonymize social network users[C]// 2010 IEEE Symposium on Security and Privacy (SP). c2010:223-238.
[30]	CORDELLA L P , FOGGIA P , SANSONE C , et al. A (sub) graph isomorphism algorithm for matching large graphs[J]. IEEE Trans-actions on Pattern Analysis ＆ Machine Intelligence, 2004,26(10):1367-1372.
[31]	ZHELEVA E , GETOOR L . Preserving the privacy of sensitive relationships in graph data[C]// Pinkdd. c2007:153-171.
[32]	LIU K , DAS K , GRANDISON T , et al. Privacy-preserving data analysis on graphs and social networks[J]. 2008.
[33]	ZOU L , CHEN L , ZSU M T . K-automorphism:a general frame-work for privacy preserving network publication[J]. The VLDB Endowment, 2009,2(1):946-957.
[34]	SAMARATI P , SWEENEY L . Generalizing data to provide ano-nymity when disclosing information (abstract)[C]// The 17th ACM Sigact-Sigmod-Sigart Symposium on Principles of Database Dys-tems. c1998:188.
[35]	SAMARATI P . Protecting respondents' identities in microdata release[J]. IEEE Transactions on Knowledge ＆ Data Engineering, 2001,13(6):1010-1027.
[36]	TAO Y , XIAO X . Personalized privacy preservation[C]// The 2006 ACM SIGMOD International Conference on Management of Data. c2010:229-240.
[37]	BRAND R . Microdata protection through noise addition[C]// Infer-ence Control in Statistical Databases From Theory to Practice. c2002:97-116.
[38]	FULLER W A . Masking procedures for microdata disclosure limi-tation[J]. Journal of Official Statistics, 1993.
[39]	MEYERSON A , WILLIAMS R . On the complexity of optimal k-anonymity[C]// The 23rd ACM Sigmod-Sigcat-Sigart Symposium. c2010:223-228.
[40]	XIAO X , TAO Y . Anatomy:simple and effective privacy preserva-tion[C]// International Conference on Very Large Data Bases. c2006:139-150.
[41]	KIM J J , WINKLER W E , CENSUS B O T . Masking microdata files[C]// The Survey Research Methods. c1997:114-119.
[42]	REISS S P , POST M J , DALENIUS T . Non-reversible privacy transformations.[C]// The ACM Symposium on Principles of Data-base Systems.California, c1982:139-146.
[43]	DALENIUS T , REISS S P . Data-swapping:a technique for disclo-sure control[J]. Journal of Statistical Planning ＆ Inference, 1982,6(1):73-85.
[44]	DU W , ZHAN Z . Abstract:using randomized response techniques for privacy-preserving data mining[C]// The Ninth ACM Sigkdd International Conference on Knowledge Discovery and Data Min-ing,Washington DC. c2003:505-510.
[45]	EVFIMIEVSKI A , SRIKANT R , AGRAWAL R , et al. Privacy preserving mining of association rules[J]. Information Systems, 2004,29(4):343-364.
[46]	ZHOU B , PEI J . Preserving privacy in social networks against neighborhood attacks[C]// IEEE International Conference on Data Engineering. c2008:506-515.
[47]	CORMODE G , SRIVASTAVA D , YU T , et al. Anonymizing bipar-tite graph data using safe groupings[J]. VLDB Journal, 2010,19(1):115-139.
[48]	SWEENEY L . K-anonymity:a model for protecting privacy[J]. International Journal of Uncertainty,Fuzziness and Knowledge-Based Systems, 2008,10(5):557-570.
[49]	WANG K , FUNG B C M . Anonymizing sequential releases[C]// IEEE Computer Science. c2006:414-423.
[50]	MACHANAVAJJHALA A , KIFER D , GEHRKE J . L-diversity:privacy beyond k -anonymity[J]. ACM Transactions on Knowledge Discovery from Data (TKDD), 2007,1(1):24.
[51]	WONG C W , LI J , FU W C , et al. α,k)-anonymity:an enhanced k-anonymity model for privacy preserving data publishing[C]// ACM Sigkdd. c2006:754-759.
[52]	LI N , LI T , VENKATASUBRAMANIAN S . T-Closeness:privacy beyond k-anonymity and l-diversity[C]// IEEE 23rd International Conference on Data Engineering (ICDE). c2007:106-115.
[53]	NERGIZ M E , ATZORI M , CLIFTON C . Hiding the presence of individuals from shared databases[C]// The ACM Sigmod Interna-tional Conference on Management of Data. c2007:665-676.
[54]	AGRAWAL R , SRIKANT R . Privacy preserving data mining[M]// Foundations and Advances in Data Mining. Berlin Heidelberg: Springer, 2000:439-450.
[55]	GIONIS A , MAZZA A , TASSA T . K-anonymization revis-ited[C]// IEEE 24th International Conference on Data Engineer-ing(ICDE). c2008:744-753.
[56]	IYENGAR V S . Transforming data to satisfy privacy con-straints[C]// The eighth ACM Sigkdd International Conference On Knowledge Discovery And Data Mining. c2002:279-62880.
[57]	BAYARDO R J , AGRAWAL R . Data privacy through optimal k-anonymization[C]// The 21st International Conference on Data Engineering (ICDE). c2005:217-228.
[58]	NERGIZ M E , CLIFTON C . Thoughts on k-anonymization[J]. Data＆ Knowledge Engineering, 2007,63(3):622-645.
[59]	HAY M , MIKLAU G , JENSEN D , et al. Resisting structural re-identification in anonymized social networks[J]. The Vldb En-dowment, 2008,1(1):797-823.
[60]	DIESTEL R . Graph theory[J]. Oberwolfach Reports, 2000,311(1):67-128.
[61]	GROSS J L , YELLEN J . Graph theory and its applications,second edition (discrete mathematics and its applications)[M]. Chapman ＆Hall/CRC, 2005.
[62]	YING X , WU X . Randomizing social networks:a spectrum pre-serving approach[C]// The SIAM International Conference on Data Mining.Georgia,, c2008:739-750.
[63]	CHENG J , FU W C , LIU J . K-isomorphism:privacy preserving network publication against structural attacks[C]// International Conference on Management of Data. 2010:459-470.
[64]	YANG J , WANG B , YANG X , et al. A secure k-automorphism privacy preserving approach with high data utility in social net-works[J]. Security ＆ Communication Networks, 2014,7(9):1399-1411.
[65]	LIU L , WANG J , LIU J , et al. Privacy preserving in social networks against sensitive edge disclosure[R]. Technical Report Technical Report CMIDA-HiPSCCS 006-08, 2008.
[66]	DAS S , ?MER E , ABBADI A E . Anónimos:an LP-based approach for anonymizing weighted social network graphs[J]. IEEE Transac-tions on Knowledge ＆ Data Engineering, 2010,24(4):590-604.
[67]	LIU C G , LIU I H , YAO W S , et al. K-anonymity against neighbor-hood attacks in weighted social networks[J]. Security ＆ Commu-nication Networks, 2015,8(18):3864-3882.
[68]	韩钰佳 . 社交网络访问控制安全研究[D]. 西安：西安电子科技大学, 2013.
	HAN Y J . Social network access control security research[D]. Xi'an:Xidian university, 2013.
[69]	SNYDER L . Formal models of capability-based protection sys-tems[J]. IEEE Transactions on Computers, 1981,30(3):172-181.
[70]	李凤华, 苏铓, 史国振 , 等. 访问控制模型研究进展及发展趋势[J]. 电子学报, 2012,40(4):805-813.
	LI F H , SU M , SHI G Z , et al. Research status and development trends of access control model[J]. Acta Electronica Sinica, 2012,40(4):805-813.
[71]	FERRAIOLO D F , KUHN D R . Role-based access controls[C]// The 15th NIST-NCSC National Computer Security Conference. c1992:554-563.
[72]	HU V C , KUHN D R , FERRAIOLO D F , et al. Attribute-based access control[J]. Computer, 2015,48(2):85-88.
[73]	LIN L , HUAI J , LI X . Attribute-based access control policies com-position algebra[J]. Journal of Software, 2009,20(2):403-414.
[74]	KRUK S R , GRZONKOWSKI S , GZELLA A , et al. D-FOAF:distributed identity management with access rights delegation[C]// Asian Semantic Web Conference. c2006:140-154.
[75]	CARMINATI B , FERRARI E , PEREGO A . Rule-based access control for social networks[M]// On the Move to Meaningful Inter-net Systems 2006:OTM 2006 Workshops.Berlin: Springer, 2006:1734-1744.
[76]	CARMINATI B , FERRARI E , PEREGO A . Enforcing access control in web-based social networks[J]. ACM Transactions on In-formation ＆ System Security, 2009,13(1):6:1-38.
[77]	CARMINATI B , FERRARI E , PEREGO A . A decentralized secu-rity framework for Web-based social networks[J]. International Journal of Information Security ＆ Privacy, 2008,2(4):22-53.
[78]	FERRARI E . Access control,privacy and trust in on-line social networks:issues and solutions[M]. Berlin: Springer, 2011.
[79]	LEE T B , HENDLER J , LASSILA O . The semantic Web[J]. Se-mantic Web Research ＆ Applications, 2001,284(5):28-37.
[80]	CARMINATI B , FERRARI E , HEATHERLY R , et al. A semantic Web based framework for social network access control[C]// ACM Symposium on Access Control Models ＆ Technologies. c2009:177-186.
[81]	CARMINATI B , FERRARI E , HEATHERLY R . Semantic Web-based social network access control[J]. Computers ＆ Security, 2011,30(2/3):108-115.
[82]	MASOUMZADEH A, , JOSHI J . OSNAC:An ontology-based access control model for social networking systems[C]// 2010 IEEE Second International Conference on Social Computing (Social-Com). c2010:751-759.
[83]	FONG P W L , ANWAR M , ZHAO Z . A privacy preservation model for facebook-style social network systems[C]// The 14th European Conference on Research in Computer Cecurity. c2009:303-320.
[84]	FONG P W L . Relationship-based access control:protection model and policy language[C]// The First ACM Conference on Data ＆Application Security ＆ Privacy. c2011:191-202.
[85]	BRUNS G , FONG P W L , SIAHAAN I , et al. Relationship-based access control:its expression and enforcement through hybrid logic[C]// ACM Conference on Data and Application Security and Privacy. c2012:117-124.
[86]	PARK J , SANDHU R , CHENG Y . A user-activity-centric frame-work for access control in online social networks[J]. IEEE Internet Computing, 2011,15(5):62-65.
[87]	YUAN C , PARK J , SANDHU R . A user-to-user relationship-based access control model for online social networks[C]// International Conference on Data ＆ Applications Security ＆ Privacy. c2012:8-24.
[88]	YUAN C , PARK J , SANDHU R . Relationship-based access control for online social networks:beyond user-to-user relationships[C]// 2012 International Conference on Privacy,Security,Risk and Trust (PASSAT),and 2012 International Confernece on Social Comput-ing (SocialCom).c 2012:646-655.
[89]	PANG J , ZHANG Y . Cryptographic protocols for enforcing rela-tionship-based access control policies[C]// IEEE Computer Soft-ware and Applications Conference.c 2015.
[92]	SHUAI H , ZHU W T . Masque:access control for interactive shar-ing of encrypted data in social networks[C]// The 6th international conference on Network and System Security.c 2012:503-515.
[91]	BADEN R , BENDER A , SPRING N , et al . Persona:an online social network with user-defined privacy[J]. ACM Sigcomm Com-puter Communication Review, 2009,39(4): 135-146.
[92]	NARAYANAN A , SHMATIKOV V . De-anonymizing social net-works[C]// Eprint Arxiv:0903.c 2009:173-187.
[93]	BHAGAT S , CORMODE G , KRISHNAMURTHY B , et al . Predic-tion promotes privacy in dynamic social networks[J]. WWW, 2010.
[94]	谷勇浩, 林九川, 郭达 . 基于聚类的动态社交网络隐私保护方法[J]. 通信学报 2015(s1).
	GU Y H , LIN J C , GUO D . Clustering-based dynamic privacy pre-serving method for social networks[J]. Journal on Communica-tions, 2015(s1).
[95]	CHEN R , FUNG B C M , YU P S , et al . Correlated network data publication via differential privacy[J]. VLDB Journal, 2014,23(4): 653-676.
[96]	MALIK I D , Sánchez D , VIEJO A . Privacy-driven Access Control in Social Networks by Means of Automatic Semantic Annotation[J]. Computer Communications, 2016,76:12-25.
[97]	BELNAP N D . A useful four-valued logic[M]// Modern Uses of Multiple-Valued Logic. Berlin: Springer, 1977:5-37.
[98]	CLIFTON C , KANTARCIOGLU M , VAIDYA J . Defining privacy for data mining[J]. National Science Foundation Workshop on Next Generation Data Mining, 2002,1(26): 1.
[99]	BRUNS G , HUTH M . Access control via belnap logic:intuitive,expressive,and analyzable policy composition[J]. ACM Transac-tions on Information ＆ System Security, 2011,14(1):1165-1182.
[100]	BRUNS G , DANTAS D S , HUTH M . A simple and expressive se-mantic framework for policy composition in access control[C]// ACM Workshop on Formal Methods in Security Engineering.c 2007:12-21.
[101]	LI N , WANG Q , QARDAJI W , et al . Access control policy com-bining:theory meets practice[C]// ACM Sacmat.c 2009:135-144.
[102]	NI Q , BERTINO E , LOBO J . D-algebra for composing access control policy decisions[C]// The 4th International Symposium on Information,Computer,and Communications Security.c 2009:298-309.
[103]	HU H , AHN G J , JORGENSEN J . Multiparty access control for online social networks:model and mechanisms[J]. IEEE Transac-tions on Knowledge ＆ Data Engineering, 2013,25(7): 1614-1627.
[104]	SQUICCIARINI A C , SHEHAB M , WEDE J , et al . Privacy policies for shared content in social network sites[J]. VLDB Journal, 2010,19(6): 777-796.
[105]	BENNETT P , RAY I , FRANCE R . Analysis of a relationship based access control model[C]// The Eighth International Conference on Computer Science ＆ Software Engineering.c 2015:1-8.