Enforcing access control in Web-based social networks

In this article, we propose an access control mechanism for Web-based social networks, which adopts a rule-based approach for specifying access policies on the resources owned by network participants, and where authorized users are denoted in terms of the type, depth, and trust level of the relationships existing between nodes in the network. Different from traditional access control systems, our mechanism makes use of a semidecentralized architecture, where access control enforcement is carried out client-side. Access to a resource is granted when the requestor is able to demonstrate being authorized to do that by providing a proof. In the article, besides illustrating the main notions on which our access control model relies, we present all the protocols underlying our system and a performance study of the implemented prototype.

[1]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[2]  Ravi Sandhu,et al.  ACM Transactions on Information and System Security: Editorial , 2005 .

[3]  Ling Liu,et al.  PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities , 2004, IEEE Transactions on Knowledge and Data Engineering.

[4]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[5]  Simson L. Garfinkel,et al.  PGP: Pretty Good Privacy , 1994 .

[6]  Jon M. Kleinberg,et al.  The small-world phenomenon: an algorithmic perspective , 2000, STOC '00.

[7]  James A. Hendler,et al.  N3Logic: A logical framework for the World Wide Web , 2007, Theory and Practice of Logic Programming.

[8]  Audun Jøsang,et al.  Simplification and analysis of transitive trust networks , 2006, Web Intell. Agent Syst..

[9]  Rob Johnson,et al.  More Content - Less Control: Access Control in the Web 2.0 , 2006 .

[10]  Secure Database Systems , 2009, Encyclopedia of Database Systems.

[11]  Barbara Carminati,et al.  Access control and privacy in web-based social networks , 2008, Int. J. Web Inf. Syst..

[12]  Barbara Carminati,et al.  Rule-Based Access Control for Social Networks , 2006, OTM Workshops.

[13]  Brian Davis,et al.  Trust Models for Community Aware Identity Management , 2006 .

[14]  James A. Hendler,et al.  Inferring binary trust relationships in Web-based social networks , 2006, TOIT.

[15]  Sebastian Ryszard Kruk,et al.  D-FOAF: Distributed Identity Management with Access Rights Delegation , 2006, ASWC.

[16]  Audun Jøsang,et al.  An Algebra for Assessing Trust in Certification Chains , 1999, NDSS.

[17]  Jennifer Golbeck,et al.  Computing and Applying Trust in Web-based Social Networks , 2005 .

[18]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[19]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[20]  Muthucumaru Maheswaran,et al.  A trust based approach for protecting user data in social networks , 2007, CASCON.

[21]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[22]  Li Ding,et al.  How the Semantic Web is Being Used: An Analysis of FOAF Documents , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[23]  Scott A. Golder,et al.  Security Issues and Recommendations for Online Social Networks. , 2007 .

[24]  D. Watts,et al.  Small Worlds: The Dynamics of Networks between Order and Randomness , 2001 .

[25]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[26]  Jie Wu,et al.  Small Worlds: The Dynamics of Networks between Order and Randomness , 2003 .

[27]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[28]  Audun J sang,et al.  An Algebra for Assessing Trust in Certi cation Chains , 1998 .

[29]  Charles U. Martel,et al.  Analyzing Kleinberg's (and other) small-world Models , 2004, PODC '04.

[30]  Paolo Avesani,et al.  A trust-enhanced recommender system application: Moleskiing , 2005, SAC '05.

[31]  Michael K. Reiter,et al.  Toward acceptable metrics of authentication , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[32]  FerrariElena,et al.  Enforcing access control in Web-based social networks , 2009 .

[33]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[34]  Tim Berners-Lee,et al.  Creating a Policy-Aware Web: Discretionary, Rule-Based Access for the World Wide Web , 2008 .

[35]  Gediminas Adomavicius,et al.  Toward the next generation of recommender systems: a survey of the state-of-the-art and possible extensions , 2005, IEEE Transactions on Knowledge and Data Engineering.

[36]  Thomas Beth,et al.  Valuation of Trust in Open Networks , 1994, ESORICS.