AppMonitor: restricting information leakage to third-party applications

Nowadays, the popularity of online social networks (OSNs) has been increased tremendously. Meanwhile, a wide range of third-party applications (TPAs) facilitated by OSNs has made a significant contribution to their popularity. TPAs offer many attractive functionalities and services to the OSN users but pose serious privacy threats to the users. Therefore, it is essential to strictly regulate the divulgence of user data to TPAs. In this paper, we propose an access control framework called AppMonitor to monitor and curb the user data to TPA. Further, we also introduce a relation-based access control policy model that uses predicate calculus to express data access policies. Analysis of the usability and correctness of the introduced policy model has been made, based on a logical model using answer set programming. A simplified prototype has been developed to show the feasibility of AppMonitor, and its effectiveness is shown through a user study.