Abstract

Social Network Systems (SNSs) providers allow third-party extensions to access users' information through an Application Programming Interface (API). Once an extension has been authorized by a user to access data in a user's profile, there is no more control on how that extension uses the data. This raises serious concerns about user privacy because a malicious extension may infer some private information based on the legitimately accessible information. This information leakage is called an inference attack. In addition, inference attacks are not only a privacy violation, they could also be used as the building blocks for more dangerous security attacks, such as identity theft. In this work, we conduct a comprehensive empirical study to assess the feasibility and accuracy of inference attacks that are launched from the extension API of SNSs. We also discuss an attack scenario in which inference attacks are employed as building blocks. The significance of this work is in thoroughly discussing how inference attacks could happen in practice via the extension API of SNSs, and highlighting the clear and present danger of even the naively crafted inference attacks.

Full Text

Submitted Version (Free)

Published Version

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.