Multiparty Authorization Framework for Data Sharing in Online Social Networks

Online social networks (OSNs) have experienced tremendous growth in recent years and become a de facto portal for hundreds of millions of Internet users. These OSNs offer attractive means for digital social interactions and information sharing, but also raise a number of security and privacy issues. While OSNs allow users to restrict access to shared data, they currently do not provide effective mechanisms to enforce privacy concerns over data associated with multiple users. In this paper, we propose a multiparty authorization framework that enables collaborative management of shared data in OSNs. An access control model is formulated to capture the essence of multiparty authorization requirements. We also demonstrate the applicability of our approach by implementing a proof-of-concept prototype hosted in Facebook.

[1]  Maarten Marx,et al.  Specifying access control policies for XML documents with XPath , 2004, SACMAT '04.

[2]  Elisa Bertino,et al.  Proceedings of the third ACM conference on Data and application security and privacy , 2013, CODASPY 2013.

[3]  Trevor Darrell,et al.  Autotagging Facebook: Social network context improves photo annotation , 2008, 2008 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops.

[4]  Peng Ning,et al.  Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings , 2009, ESORICS.

[5]  Anna Cinzia Squicciarini,et al.  WWW 2009 MADRID! Track: Security and Privacy / Session: Web Privacy Collective Privacy Management in Social Networks , 2022 .

[6]  Michael Carl Tschantz,et al.  Verification and change-impact analysis of access-control policies , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[7]  Lise Getoor,et al.  To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles , 2009, WWW '09.

[8]  J. Noll,et al.  Semantic Access Control in Web Based Communities , 2008, 2008 The Third International Multi-Conference on Computing in the Global Information Technology (iccgi 2008).

[9]  Fausto Giunchiglia,et al.  The Semantic Web - ASWC 2006, First Asian Semantic Web Conference, Beijing, China, September 3-7, 2006, Proceedings , 2006, ASWC.

[10]  Christopher Krügel,et al.  A Practical Attack to De-anonymize Social Network Users , 2010, 2010 IEEE Symposium on Security and Privacy.

[11]  Gail-Joon Ahn,et al.  Patient-centric authorization framework for sharing electronic health records , 2009, SACMAT '09.

[12]  Jorge Lobo,et al.  Access control policy combining: theory meets practice , 2009, SACMAT '09.

[13]  Barbara Carminati,et al.  Enforcing access control in Web-based social networks , 2009, TSEC.

[14]  Philip W. L. Fong,et al.  A Privacy Preservation Model for Facebook-Style Social Network Systems , 2009, ESORICS.

[15]  Srdjan Marinovic,et al.  Collaborative Privacy Policy Authoring in a Social Networking Context , 2010, 2010 IEEE International Symposium on Policies for Distributed Systems and Networks.

[16]  Wesley De Neve,et al.  Collaborative Face Recognition for Improved Face Annotation in Personal Photo Collections Shared on Online Social Networks , 2011, IEEE Transactions on Multimedia.

[17]  Gail-Joon Ahn,et al.  Patient-centric authorization framework for electronic healthcare services , 2011, Comput. Secur..

[18]  María Bárbara Álvarez Torres,et al.  On the Move to Meaningful Internet Systems 2004: OTM 2004 Workshops , 2004, Lecture Notes in Computer Science.

[19]  Barbara Carminati,et al.  Rule-Based Access Control for Social Networks , 2006, OTM Workshops.

[20]  Philip W. L. Fong Relationship-based access control: protection model and policy language , 2011, CODASPY '11.

[21]  Anna Cinzia Squicciarini,et al.  User Centric Policy Management in Online Social Networks , 2010, 2010 IEEE International Symposium on Policies for Distributed Systems and Networks.

[22]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[23]  Heather Richter Lipford,et al.  Moving beyond untagging: photo privacy in a tagged world , 2010, CHI.

[24]  Kristen LeFevre,et al.  Privacy wizards for social networking sites , 2010, WWW '10.

[25]  Sebastian Ryszard Kruk,et al.  D-FOAF: Distributed Identity Management with Access Rights Delegation , 2006, ASWC.

[26]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[27]  Amirreza Masoumzadeh,et al.  OSNAC: An Ontology-based Access Control Model for Social Networking Systems , 2010, 2010 IEEE Second International Conference on Social Computing.

[28]  Anna Cinzia Squicciarini,et al.  PriMa: an effective privacy protection mechanism for social networks , 2010, ASIACCS '10.