Social Network
Forensic Tools

Background

Social network sites are becoming increasingly popular, and have attracted millions of users, many of whom have integrated these sites into their daily practice. Some sites cater to diverse audiences, while others attract people based on common language or shared racial, sexual, religious, or nationality-based identities. These sites also vary by how they portray themselves by posting new information and using communication tools, such as mobile connectivity, blogging, and photo/video-sharing, live text chat, comparing people, etc.

There are many security issues with the social network sites. Users have the right to post information as they like, but is the information they are putting up secure? How easy is it for others to access and change the information on their sites?

There are other security issues. There is the inappropriate and often illegal use of these sites for interacting with and in some cases preying on the vulnerable users of the sites. There is also the distribution of malicious software through social networks -- one logs out users who view a compromised page for several seconds, and another sends unauthorized friend requests from the target users (for more information on malicious software through social networks, see Technology Review article).

For related earlier work, see Research Day 2009 paper, Research Day 2010 paper, Research Day 2011 paper.

Project

This project deals with the security issues related to social network sites. The popular social network sites include Myspace, Second Life, Facebook, Netlog, HI5, IRC, Bebo, Skype, and Cyworld. We need to understand and innumerate all the security problems before we can find solutions for them.

After we understand the security issues, we need to create forensic tools for the social network sites. We also need to understand the legal issues that are enabled with these sites because only then will we be able to develop security software.

The forensic tools being developed can be used by social network users so they can protect themselves. They can also be used by law enforcement officers to help find the perpetrators of illegal uses of the sites. For the most part, these tools will provide the ability to retrieve online user information of other users.

This semester we will focus on security issues with Facebook.

Idea: CMU presented a conference paper entitled "Faces of Facebook: Privacy in the Age of Augmented Reality" in August 2011, see CMU BlackHat USA Conference slides. Apparently, face recognition companies are collaborating with social network sites to tag "billions" of face images. Try to think of some research that your team could do related to the work described in this paper. Additional related papers and work can be found on the Internet.

Fast Agile XP Deliverables

We will use the agile methodology, particularly Extreme Programming (XP) which involves small releases and fast turnarounds in roughly two-week iterations. Many of these deliverables can be done in parallel by different members or subsets of the team. The following is the current list of deliverables (ordered by the date initiated, initiated date marked in bold red if programming involved, deliverable modifications marked in red, completion date and related comments marked in green, pseudo-code marked in blue):
  1. 9/26 (first week). Read the background material to become familiar with the project. Brainstorm possible research problems, decide on two or three to work on for the semester, and plan the semester's work with your customer Steve Kim and your instructor.