Web-based social networks (WBSNs) are online communities that allow users to publish resources (e.g., personal data, annotations, blogs) and to establish relationships, possibly of a different type (“friend,” “colleague,” etc.) for purposes that may concern business, entertainment, religion, dating, and so forth. In the last few years, the usage and diffusion of WBSNs has been increasing, with about 300 Web sites collecting the information of more than 400 million registered users. As a result, the “net model” is today used more and more to communicate, share information, make decisions, and ‘do business’ by companies and organizations (Staab et al., 2005). Regardless of the purpose of a WBSN, one of the main reasons for participating in social networking is to share and exchange information with other users. Recently, thanks to the adoption of Semantic Web technologies such as FOAF and other RDF-based vocabularies (Brickley & Miller, 2005; Davis & Vitiello, 2005; Golbeck, 2004), accessing and disseminating information over multiple WBSNs has been made simpler (Ding, Zhou, Finin, & Joshi, 2005). If this has been quite a relevant improvement towards an easier sharing of information, it makes more urgent that content owners have control over information access. In fact, making available possibly sensitive and private data and resources implies that they can be used by third parties for purposes different from the intended ones. As a matter of fact, users’ personal data and resources are regularly exploited not only by companies for marketing purposes, but also by governments and institutions for tracking persons’ behaviors and opinions, and in the worst case, by online predators (Barnes, 2006). It is then a challenging issue to devise security mechanisms for social networks, able to protect private information and regulate access to shared resources. In this article, besides providing an overview of the characteristics of the WBSN environment and its protection requirements, we illustrate the current approaches and future trends to social network security, with particular attention paid to the emerging technologies related to the so-called Web 2.0.
Usually, a social network is defined as a small-world network (Watts, 2003), consisting of a set of individuals (persons, groups, organizations) connected by personal, work, or trust relationships. Social networking is then a quite broad and generic notion, which in the Web context might be applied to any kind of virtual community. For instance, users registered to a Web service, such as Web mail, online journals, or newspapers requiring a subscription, can be considered as a social network. In the following, we adopt the definition provided by Golbeck (2005), according to which an online community’s Web site can be considered a Web-based social network only if it satisfies the following conditions:
Relationships are explicitly specified by its members, and not inferred from existing interactions (e.g., a mailing list can be used to infer implicit relationships).
Relationships are stored and managed by using technologies, such as database management systems, allowing relationship analysis and regulating access and retrieval of relationship data.
Members are able to access relationship information, at least partially.
Born in the late 1990s, in the last few years WBSNs gained increasing interest and diffusion. Although the first and most successful ones, such as MySpace, Friendster, and Facebook, were formerly designed for entertainment and socialization purposes, they are currently establishing themselves as a business model, through which institutions and organizations can set up a collaborative environment for specific purposes, and where it is possible to share resources at an intra- and inter-organizational level. Due to the great amount of collected data, WBSNs are currently the subject of great interest for statistical analysis (Wasserman & Faust, 1994; Freeman, 2004), since they may provide useful information not only to social researchers, but also for marketing purposes.
Key Terms in this Chapter
Relationship-Based Access Control: An access control paradigm specifically tailored to social networks, according to which social network members authorized to access a given resource are denoted in terms of the relationships they must participate in to get the access.
Social Network: A small-world network ( Watts, 2003 ) consisting of a set of individuals (persons, groups, organization) connected by personal, work, or trust relationships. Usually modeled as a graph, where nodes correspond to social network members, whereas edges denote the relationships existing between them.
Privacy-Aware Access Control: In the context of social networks, denotes an access control paradigm where access control requirements of social network members are enforced without disclosing private information about the relationships they participate in.
Web-Based Social Network: A Web-based system that allows its registered members to establish relationships with other members and to share different types of information (e.g., personal data, contacts, multimedia resources). A precise, but not normative definition of Web-based social network has been provided by Golbeck (2005) .
Social Network Analysis: A discipline aimed at collecting statistical data from the analysis of social network topology ( Wasserman & Faust, 1994 ; Freeman, 2004 ).
Relationship Trust Level: In a social network, denotes the value associated with a trust relationship, providing a measure of how much a given member considers another member trustworthy. Depending on the purpose for which it is used, this notion may have different meanings. For instance, in a collaborative rating environment, it denotes how much a given member trusts the opinions of another member with respect to a specific topic ( topical trust ) or in general ( absolute trust ) ( Golbeck & Hendler, 2006 ). By contrast, in an access control context, it has some similarities to the notion of security level used in mandatory access control models ( Carminati et al., 2006 , 2007 ).
Edge Perturbation: Graph anonymization technique aimed at hiding the actual social network relationships by performing a set of random edge deletions/insertions in the network graph.
Social Network Relationship: A relationship concerning two members of a social network. In WBSNs, besides personal/work relationships (e.g., friend/colleague), also trust relationships may be supported which denote how much a one member trusts another. In the graph representation of a social network, relationships are usually denoted by edges, labeled with a relationship type and/or a relationship trust level.
Graph Anonymization: Technique aimed at hiding private information about social network members when performing social network analysis. Node anonymization and edge perturbation are the two main graph anonymization techniques currently used.
Node Anonymization: Graph anonymization technique aimed at hiding social network members’ identities by labeling the corresponding nodes with random identifiers (naïve anonymization), or, in case nodes are associated with attributes which can be used to identify the corresponding user, by using techniques based on k-anonymity ( Sweeney, 2002 ).