User-Managed Access Control in Web Based Social Networks

Recently, motivated by the expansion and the emergence of Web Based Social Networks (WBSNs), a high number of privacy problems and challenges have arisen. One of these problems that is currently attracting the attention of scientific community is the design and implementation of user-managed access control systems. In this regard, there exist a well-known set of requirements (relationship-based, fine-grained, interoperability, sticky-policies and data exposure minimization) that have been identified in order to provide a user-managed access control for WBSNs. These requirements, partially addressed by the works proposed in the literature, represent “building blocks” for a well defined user-managed access control model. In this chapter, we first provide a conceptualization of a WBSN to propose an access control model, called SoNeUCON ABC, and a mechanism that implements it. A set of mechanisms among the recently proposed in the literature are selected such that, when deployed over SoNeUCON ABC, the whole set of user-managed requirements can be fulfilled.

[1]  Fan Hong,et al.  An Attribute-Based Access Control Model for Web Services , 2006, PDCAT.

[2]  Kevin M. Stine,et al.  Security Architecture Design Process for Health Information Exchanges (HIEs) [DRAFT] , 2010 .

[3]  Fabio Martinelli,et al.  Usage control in computer security: A survey , 2010, Comput. Sci. Rev..

[4]  Ed Dawson,et al.  An Administrative Model for UCON ABC , 2010, AISC.

[5]  Danah Boyd,et al.  Social Network Sites: Definition, History, and Scholarship , 2007, J. Comput. Mediat. Commun..

[6]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[7]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[8]  Sudheendra Hangal,et al.  PrPl: a decentralized social networking infrastructure , 2010, MCS '10.

[9]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[10]  Justine Becker Measuring privacy risk in online social networks , 2009 .

[11]  Ed Dawson,et al.  An administrative model for UCON , 2010, ISC 2010.

[12]  Luc Bouganim,et al.  Secure personal data servers , 2010, Proc. VLDB Endow..

[13]  Anna Carreras Coch,et al.  Access control issues in social networks , 2010 .

[14]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[15]  Barbara Carminati,et al.  Access control and privacy in web-based social networks , 2008, Int. J. Web Inf. Syst..

[16]  W. Parent Privacy, morality, and the law , 1985 .

[17]  Giancarlo Ruffo,et al.  LotusNet: Tunable privacy for distributed online social network services , 2012, Comput. Commun..

[18]  Mohamed Shehab,et al.  Social applications: exploring a more secure framework , 2009, SOUPS.

[19]  Barbara Carminati,et al.  Private Relationships in Social Networks , 2007, 2007 IEEE 23rd International Conference on Data Engineering Workshop.

[20]  Deborah Estrin,et al.  Personal data vaults: a locus of control for personal data streams , 2010, CoNEXT.

[21]  Sebastian Ryszard Kruk,et al.  D-FOAF: Distributed Identity Management with Access Rights Delegation , 2006, ASWC.

[22]  Giancarlo Ruffo,et al.  Secure and flexible framework for decentralized social network services , 2010, 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).

[23]  Alec Wolman,et al.  Lockr: better privacy for social networks , 2009, CoNEXT '09.

[24]  Barbara Carminati,et al.  Rule-Based Access Control for Social Networks , 2006, OTM Workshops.

[25]  Prateek Mittal,et al.  DECENT: A decentralized architecture for enforcing privacy in online social networks , 2011, 2012 IEEE International Conference on Pervasive Computing and Communications Workshops.

[26]  Hiltz Starr,et al.  Dwyer, Catherine, and Passerini, Katia. . Trust and Privacy Concern Within Social Networking Sites: of Facebook and MySpace. , 2007 .

[27]  Sonja Buchegger,et al.  PeerSoN: P2P social networking: early experiences and insights , 2009, SNS '09.

[28]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[29]  Ralf Steinmetz,et al.  LifeSocial.KOM: A secure and P2P-based solution for online social networks , 2011, 2011 IEEE Consumer Communications and Networking Conference (CCNC).

[30]  Yuan Cheng,et al.  A User-Activity-Centric Framework for Access Control in Online Social Networks , 2011, IEEE Internet Computing.

[31]  Nishchol Mishra,et al.  Privacy in Social Networks : A Survey , 2013 .

[32]  Paul Anderson,et al.  Prometheus: User-Controlled P2P Social Data Management for Socially-Aware Applications , 2010, Middleware.

[33]  Jun Hu,et al.  Security Issues in Online Social Networks , 2011, IEEE Internet Computing.

[34]  Starr Roxanne Hiltz,et al.  Trust and Privacy Concern Within Social Networking Sites: A Comparison of Facebook and MySpace , 2007, AMCIS.

[35]  Saikat Guha,et al.  NOYB: privacy in online social networks , 2008, WOSN '08.

[36]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[37]  Ramón Cáceres,et al.  Vis-à-Vis: Privacy-preserving online social networking via Virtual Individual Servers , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[38]  Ram Krishnan,et al.  A New Modeling Paradigm for Dynamic Authorization in Multi-domain Systems , 2007 .

[39]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[40]  Bhavani M. Thuraisingham,et al.  A semantic web based framework for social network access control , 2009, SACMAT '09.

[41]  Ram Krishnan,et al.  A new modeling paradigm for dynamic authorization in multi-domain systems , 2013, INTERACT 2013.

[42]  Fausto Giunchiglia,et al.  RelBAC: Relation Based Access Control , 2008, 2008 Fourth International Conference on Semantics, Knowledge and Grid.

[43]  Anna Cinzia Squicciarini,et al.  WWW 2009 MADRID! Track: Security and Privacy / Session: Web Privacy Collective Privacy Management in Social Networks , 2022 .

[44]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[45]  Seok-Won Seong PRPL: A DECENTRALIZED SOCIAL NETWORKING , 2010 .

[46]  Bruce Schneier,et al.  A Taxonomy of Social Networking Data , 2010, IEEE Security & Privacy.

[47]  Qi Xie,et al.  FaceCloak: An Architecture for User Privacy on Social Networking Sites , 2009, 2009 International Conference on Computational Science and Engineering.

[48]  Jaehong Park,et al.  A logical specification for usage control , 2004, SACMAT '04.

[49]  Frank Stajano,et al.  Privacy-enabling social networking over untrusted networks , 2009, WOSN '09.

[50]  Muthucumaru Maheswaran,et al.  A trust based approach for protecting user data in social networks , 2007, CASCON.

[51]  J. Al-Jaroodi,et al.  Security Challenges and Approaches in Online Social Networks: A Survey , 2011 .

[52]  Mauro Conti,et al.  Virtual private social networks , 2011, CODASPY '11.

[53]  Preethi Srinivas,et al.  Key allocation schemes for private social networks , 2009, WPES '09.

[54]  Sushil Jajodia,et al.  A data outsourcing architecture combining cryptography and access control , 2007, CSAW '07.

[55]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[56]  Nikita Borisov,et al.  FlyByNight: mitigating the privacy risks of social networking , 2008, WPES '08.

[57]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[58]  Luc Bouganim,et al.  Chip-Secured Data Access: Confidential Data on Untrusted Servers , 2002, VLDB.

[59]  Indrakshi Ray,et al.  LRBAC: A Location-Aware Role-Based Access Control Model , 2006, ICISS.

[60]  Manoj R. Sastry,et al.  A Contextual Attribute-Based Access Control Model , 2006, OTM Workshops.

[61]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[62]  Barbara Carminati,et al.  Computing Reputation for Collaborative Private Networks , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[63]  Gail-Joon Ahn,et al.  A collaborative framework for privacy protection in online social networks , 2010, 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010).

[64]  Anna Cinzia Squicciarini,et al.  Privacy policies for shared content in social network sites , 2010, The VLDB Journal.

[65]  Michael Backes,et al.  A Security API for Distributed Social Networks , 2011, NDSS.

[66]  Xiaohui Liang,et al.  Secure Threshold Multi Authority Attribute Based Encryption without a Central Authority , 2008, INDOCRYPT.

[67]  Hideki Imai,et al.  Conjunctive Broadcast and Attribute-Based Encryption , 2009, Pairing.

[68]  Barbara Carminati,et al.  Privacy-Aware Collaborative Access Control in Web-Based Social Networks , 2008, DBSec.

[69]  Philip W. L. Fong Relationship-based access control: protection model and policy language , 2011, CODASPY '11.

[70]  Min Y. Mun,et al.  Designing the Personal Data Stream: Enabling Participatory Privacy in Mobile Personal Sensing , 2009 .

[71]  Sabrina De Capitani di Vimercati,et al.  Authorization and Access Control , 2007, Security, Privacy, and Trust in Modern Data Management.

[72]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[73]  Keith W. Ross,et al.  Facebook users have become much more private: A large-scale study , 2012, 2012 IEEE International Conference on Pervasive Computing and Communications Workshops.

[74]  Mustaque Ahamad,et al.  Generalized Role-Based Access Control for Securing Future Applications , 2000 .

[75]  Alessandro Acquisti,et al.  Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook , 2006, Privacy Enhancing Technologies.

[76]  Refik Molva,et al.  Safebook: Feasibility of transitive cooperation for privacy on a decentralized social network , 2009, 2009 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks & Workshops.

[77]  Prateek Mittal,et al.  EASiER: encryption-based access control in social networks with efficient revocation , 2011, ASIACCS '11.

[78]  Zezhong Zhang,et al.  Attribute Based Encryption with Pattern-awareness , 2012 .

[79]  Frank Harary,et al.  Graph Theory As A Mathematical Model In Social Science , 1953 .