Online Social Network (OSN) services such as Facebook and Google+ are fun and useful. Hundreds of millions of users rely on these services and third-party applications to process and share personal data such as friends lists, photos, and geographic location histories. The primary drawback of today's popular OSNs is that users must fully trust a centralized service provider to properly handle their data.
This dissertation explores the feasibility of building feature-rich, privacy-preserving OSNs by shifting the bases for trust away from centralized service providers and third-party application developers and toward infrastructure providers and OSN users themselves.
We propose limiting the trust users place in service providers through two decentralized OSNs: Vis-à-Vis and Confidant. In Vis-à-Vis, privacy-sensitive data is only accessed by user-controlled code executing on “infrastructure as a service” platforms such as EC2. In Confidant this data may only be accessed by code running on desktop PCs controlled by a user's close friends. To reduce the risks posed by third-party OSN applications, we also developed a Multi-User Taint Tracker (MUTT). MUTT is a secure “platform as a service” that ensures that third-party applications adhere to access policies defined by service providers and users.
Vis-à-Vis is a decentralized framework for location-based OSN services based on the privacy-preserving notion of a Virtual Individual Server (VIS). A VIS is a personal virtual machine running within a paid compute utility. In Vis-à-Vis, a person stores her data on her own VIS, which arbitrates access to that data by others. VISs self-organize into overlay networks corresponding to social groups with whom their owners wish to share location information. Vis-à-Vis uses distributed location trees to provide efficient and scalable operations for creating, joining, leaving, searching, and publishing location data to these groups.
Confidant is a decentralized OSN platform designed to support a scalable application framework for OSN data without compromising users' privacy. Confidant replicates a user's data on servers controlled by her friends. Because data is stored on trusted servers, Confidant allows application code to run directly on these storage servers. To manage access-control policies under weakly-consistent replication, Confidant eliminates write conflicts through a lightweight cloud-based state manager and through a simple mechanism for updating the bindings between access policies and replicated data.
For securing risks from third-party OSN applications, this thesis proposes a Multi-User Taint Tracker (MUTT) — a secure “platform as a service” designed to ensure that third-party applications adhere to access policies defined by service providers and users. Mutt's design is informed by a careful analysis of 170 Facebook apps, which allows us to characterize the requirements and risks posed by several classes of apps. Our MUTT prototype has been integrated into the AppScale cloud system, and experiments show that the additional data-confidentiality guarantees of running an app on MUTT come at a reasonable performance cost.