Resource Access Control in the Facebook Model

摘要

We study the fundamental security properties of resource access control as suggested by the operation of current social networks including Facebook. The "facebook model", which treats the server as a trusted party, suggests two fundamental properties, "owner privacy" and "server consistency", and two different modes of revocation, implicit and explicit. Through black-box experimentation, we determine Facebook's implementation for resource access control and we analyze its security properties within our formal model. We demonstrate, by the construction of explicit attacks, that the current implementation is not secure: specifically, we attack privacy with implicit revocation and server consistency. We evaluate the implications of the attacks and we propose amendments that can align the current implementation with all its intended security properties. To the best of our knowledge this is the first time that a security analysis of the Facebook resource access control mechanism is performed within a proper security model.