With millions of users, Online Social Networks (OSNs) are a huge cultural phenomenon. Put briefly, they are characterized by: i) an intrinsic sharing of personal information, ii) a rich set of features to publish, organize and retrieve contents, especially for emphasizing their social organization, iii) the interaction with a heterogeneous set of devices, e.g., ranging from desktops to mobile appliances, and iv) the mix of Web-based paradigms and sophisticated methodologies for processing data. However, if not properly implemented, or without effective security policies, i) – iv) could lead to severe risks in terms both of privacy and security. In this perspective, this chapter analyzes the major peculiarities of OSN platforms, the preferred development methodologies, and usage patterns, also by taking into account how personal information can be exploited to conduct malicious actions. Then, a graph-based modeling approach is introduced to reveal possible attacks, as well as to elaborate the needed countermeasures or (automated) checking procedures.
Online Social Networks (OSNs) have changed the way people communicate and share their personal information. Also, they are a key advancement for pursuing the vision of developing an Internet of People (IoP), rather than a straight internetwork of nodes. Even if revolutionary, OSNs are not based on completely novel concepts. Specifically, the World Wide Web Consortium (W3C), when detailing the model at the basis of the Social Web (W3C, 2010), envisaged the introduction of a core set of people-centric services. Nowadays, such functionalities are partially implemented within the most popular OSN platforms, rather than in a unified manner as originally planned by the W3C. As a consequence, the current social vocation of the Web has not been developed according to a precise standard, or under an organic guidance. Rather, it has grown (and continues to evolve) around features introduced by the different OSN providers. As a result, social tools are constrained to provide functionalities for task-specific duties, for instance to share photos in an OSN aiming at entertainment, or to publish resumes or portfolios in platforms designed to support business development. To summarize, the overall OSN geography is substantially split, populated by different frameworks delivering services in a non-uniform, redundant and mostly incompatible manner.