A Logical Framework for Verifying Privacy Breaches of Social Networks

Abstract: We present a novel approach to deal with transitivity permission-delegation threats that arise in social networks when content is granted permissions by third-party users thereby breaking the privacy policy of the content owner. These types of privacy breaches are often unintentional in social networks like Facebook, and hence, (more) in-place mechanisms are needed to make social network users aware of the consequences of changing their privacy policies. Our approach is unique in its use of formal methods tools and techniques. It builds on a predicate logic definition for social networking that caters for common aspects of existing social networks such as users, social network content, friendship, permissions over content, and content transmission. Our approach is implemented in Yices. For the predicate logic model, we formulate a security policy for the verification of the permission flow of content owned by social network users and demonstrate how this security policy can be verified.