XACML-Based Access Control for Decentralized Online Social Networks

With the increasing popularity of Online Social Networks (OSNs), one type of Big Data, namely personal, sensitive, and behavioral information, is being collected, analyzed, and spread on the Internet. As the collection and mining of user data improves, both qualitatively and quantitatively, users' privacy is more and more at risk. Current OSNs and other web services are, at least logically, centralized and thus more vulnerable to accidental or deliberate privacy leaks as well as inference. Decentralization, taking away the control of a single service provider, can be a step toward preserving the users' privacy and giving them control over their own data. Even after removing the threats from centralized big data, the users' personal data needs to be protected from unauthorized access. In contrast to other proposals for decentralized OSNs, we aim to provide the basis for a privacy-preserving system built from light-weight and readily available components, namely the Extensible Access Control Mark up Language (XACML) and the Security Assertion Mark up Language (SAML) with secret key authentication, including simple ways of formulating access policies for users. We find that this combination provides a straightforward way of keeping and deliberately sharing personal information with other users that is robust against a range of attacks including unauthorized access at least in the case of every user's profile being stored on machines under their control. One can consider replicas on trusted servers, storage on untrusted servers, however, is left for future work.

[1]  Barbara Carminati,et al.  Rule-Based Access Control for Social Networks , 2006, OTM Workshops.

[2]  Danah Boyd,et al.  Social Network Sites: Definition, History, and Scholarship , 2007, J. Comput. Mediat. Commun..

[3]  Sudheendra Hangal,et al.  PrPl: a decentralized social networking infrastructure , 2010, MCS '10.

[4]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[5]  Barbara Carminati,et al.  Enforcing access control in Web-based social networks , 2009, TSEC.

[6]  Roshan K. Thomas,et al.  Flexible team-based access control using contexts , 2001, SACMAT '01.

[7]  Refik Molva,et al.  Safebook: A privacy-preserving online social network leveraging on real-life trust , 2009, IEEE Communications Magazine.

[8]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[9]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[10]  Ravi S. Sandhu,et al.  Conceptual foundations for a model of task-based authorizations , 1994, Proceedings The Computer Security Foundations Workshop VII.

[11]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[12]  Ravi S. Sandhu,et al.  Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management , 1997, DBSec.

[13]  Honggang Zhang,et al.  The growth of Diaspora - A decentralized online social network in the wild , 2012, 2012 Proceedings IEEE INFOCOM Workshops.

[14]  P. Samarati,et al.  PrimeLife Policy Language , 2010 .

[15]  Josep Domingo-Ferrer A Public-Key Protocol for Social Networks with Private Relationships , 2007, MDAI.

[16]  Sebastian Mödersheim,et al.  Credential-Based Access Control Extensions to XACML , 2009 .

[17]  Benjamin Greschbach,et al.  User Search with Knowledge Thresholds in Decentralized Online Social Networks , 2013, Privacy and Identity Management.

[18]  Rajesh Sharma,et al.  SuperNova: Super-peers based architecture for decentralized online social networks , 2011, 2012 Fourth International Conference on Communication Systems and Networks (COMSNETS 2012).

[19]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.