Privacy threat modeling framework for online social networks

Outlet Title

International Conference on Collaboration Technologies and Systems (CTS)

Document Type

Conference Proceeding

Publication Date



Online social networks (OSNs) provide services for people to connect and share information. Social networking sites contain huge amount of personal information such as user profiles, user relations, and user activities. Most of the information is personal and sensitive in nature and hence disclosure of this information may cause harassment, financial loss, and even identity theft. Thus, protecting user privacy in online social networks is essential. Many threats and attacks have been found in social networks. However, there is lack of a threat model to study privacy issues in online social networks. This paper presents a privacy threat model for online social networks. The threat model includes four components, online social networking sites, third party service providers, genuine social network users, and malicious users. Threats and vulnerabilities are analyzed from six security aspects, i.e., hardware, operating systems, OSN privacy policies, user privacy settings, user relations, and user data. The paper further summarizes and analyzes the existing threats and attacks using the proposed model.