A New Access Control Scheme for Facebook-Style Social Networks

The popularity of online social networks (OSNs) makes the protection of users' private information an important but scientifically challenging problem. In the literature, relationship-based access control schemes have been proposed to address this problem. However, with the dynamic developments of OSNs, we identify new access control requirements which cannot be fully captured by the current schemes. In this paper, we focus on public information in OSNs and treat it as a new dimension which users can use to regulate access to their resources. We define a new OSN model containing users and their relationships as well as public information. Based on this model, we introduce a variant of hybrid logic for formulating access control policies. A type of category relations among public information are exploited to further improve our logic for its usage in practice. In addition, we propose a few solutions to address the problem of information reliability in OSNs.

[1]  Michael Backes,et al.  A Security API for Distributed Social Networks , 2011, NDSS.

[2]  Wenke Lee,et al.  xBook: Redesigning Privacy Control in Social Networking Platforms , 2009, USENIX Security Symposium.

[3]  Elisa Bertino,et al.  Privacy Protection , 2022 .

[4]  Bhavani M. Thuraisingham,et al.  A semantic web based framework for social network access control , 2009, SACMAT '09.

[5]  Barbara Carminati,et al.  P3D - Privacy-Preserving Path Discovery in Decentralized Online Social Networks , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference.

[6]  Luca de Alfaro,et al.  A content-driven reputation system for the wikipedia , 2007, WWW '07.

[7]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[8]  Philip W. L. Fong,et al.  Relationship-based access control policies and their policy languages , 2011, SACMAT '11.

[9]  Barbara Carminati,et al.  Enforcing relationships privacy through collaborative access control in web-based Social Networks , 2009, 2009 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[10]  Ninghui Li,et al.  Beyond proof-of-compliance: security analysis in trust management , 2005, JACM.

[11]  Heather Richter Lipford,et al.  Moving beyond untagging: photo privacy in a tagged world , 2010, CHI.

[12]  Ebrahim Tarameshloo,et al.  On protection in federated social computing systems , 2014, CODASPY '14.

[13]  Jason Crampton,et al.  Path conditions and principal matching: a new approach to access control , 2014, SACMAT '14.

[14]  Srdjan Capkun,et al.  Proximity-based access control for implantable medical devices , 2009, CCS.

[15]  David Evans,et al.  Privacy Protection for Social Networking Platforms , 2008 .

[16]  Howard J. Hamilton,et al.  Visualizing Privacy Implications of Access Control Policies in Social Network Systems , 2009, DPM/SETOP.

[17]  Michael Huth,et al.  Relationship-based access control: its expression and enforcement through hybrid logic , 2012, CODASPY '12.

[18]  Yang Zhang,et al.  A Logical Approach to Restricting Access in Online Social Networks , 2015, SACMAT.

[19]  Barbara Carminati,et al.  Enforcing access control in Web-based social networks , 2009, TSEC.

[20]  L. Jean Camp,et al.  Beyond Risk-Based Access Control: Towards Incentive-Based Access Control , 2011, Financial Cryptography.

[21]  Panagiotis Papadimitratos,et al.  Privacy-Preserving Relationship Path Discovery in Social Networks , 2009, CANS.

[22]  Martín Abadi,et al.  Logic in access control , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[23]  Barbara Carminati,et al.  Privacy-Aware Collaborative Access Control in Web-Based Social Networks , 2008, DBSec.

[24]  Anna Cinzia Squicciarini,et al.  WWW 2009 MADRID! Track: Security and Privacy / Session: Web Privacy Collective Privacy Management in Social Networks , 2022 .

[25]  Gail-Joon Ahn,et al.  Access control for online social networks third party applications , 2012, Comput. Secur..

[26]  Ebrahim Tarameshloo,et al.  Access control models for geo-social computing systems , 2014, SACMAT '14.

[27]  Jun Pang,et al.  A Trust-Augmented Voting Scheme for Collaborative Privacy Management , 2010, STM.

[28]  Yuan Cheng,et al.  Relationship-Based Access Control for Online Social Networks: Beyond User-to-User Relationships , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[29]  Martín Abadi,et al.  Access Control Based on Execution History , 2003, NDSS.

[30]  Josep Domingo-Ferrer,et al.  Privacy homomorphisms for social networks with private relationships , 2008, Comput. Networks.

[31]  Philip W. L. Fong,et al.  A visualization tool for evaluating access control policies in facebook-style social network systems , 2012, SAC '12.

[32]  Emiliano De Cristofaro,et al.  Do I know you?: efficient and privacy-preserving common friend-finder protocols and applications , 2013, ACSAC.

[33]  Preethi Srinivas,et al.  Key allocation schemes for private social networks , 2009, WPES '09.

[34]  Jun Pang,et al.  A trust-augmented voting scheme for collaborative privacy management , 2010, J. Comput. Secur..

[35]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[36]  Philip W. L. Fong Relationship-based access control: protection model and policy language , 2011, CODASPY '11.

[37]  Gail-Joon Ahn,et al.  Multiparty Access Control for Online Social Networks: Model and Mechanisms , 2013, IEEE Transactions on Knowledge and Data Engineering.

[38]  Yang Zhang,et al.  Cryptographic Protocols for Enforcing Relationship-Based Access Control Policies , 2015, 2015 IEEE 39th Annual Computer Software and Applications Conference.

[39]  Philip W. L. Fong,et al.  A Privacy Preservation Model for Facebook-Style Social Network Systems , 2009, ESORICS.