SoNeUCONABC, an expressive usage control model for Web-Based Social Networks

Abstract In the era of hyper-connectivity Web-Based Social Networks (WBSNs) are demanding applications. They facilitate the interaction of huge amounts of users and the development of appropriate Access Control Models (ACMs) is an arising necessity. Particularly, the development of WBSNs ACMs with expressive power and capable of managing access control along the whole usage process is the challenge pursued. To contribute on this issue, first, 23 proposals have been analysed and second, SoNeUCON ABC , an expressive usage control model for WBSNs, is proposed. It extends UCON ABC ( Park, 2003 ) including relationships management and it is formally defined, specifying entities and elements involved and an access control policy language. Moreover, policy construction is carefully detailed by using regular expressions and access control enforcement functions are described. Finally, the evaluation shows, theoretically, the significant expressive power of SoNeUCON ABC and, empirically, the feasibility of its implementation by the development of a proof of concept system.

[1]  Jaehong Park,et al.  Usage control: a unified framework for next generation access control , 2003 .

[2]  Philip W. L. Fong Relationship-based access control: protection model and policy language , 2011, CODASPY '11.

[3]  Jaehong Park,et al.  Usage Control: A Vision for Next Generation Access Control , 2003, MMM-ACNS.

[4]  Georg Gottlob,et al.  Complexity and expressive power of logic programming , 2001, CSUR.

[5]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[6]  Marie Pelleau,et al.  1 – State of the Art , 2015 .

[7]  Monika Mital,et al.  Information Exchange and Information Disclosure in Social Networking Web Sites: Mediating Role of Trust. , 2010 .

[8]  Charles Morisset,et al.  Formal definition and comparison of access control models , 2009 .

[9]  M. Amini,et al.  Policy specification and enforcement in online social networks using MKNF+ , 2012, 2012 9th International ISC Conference on Information Security and Cryptology.

[10]  Lei Zhang,et al.  Six Degrees of Separation in Online Society , 2009 .

[11]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[12]  Yuan Cheng,et al.  ACON: Activity-Centric Access Control for Social Computing , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[13]  Jonathan Grudin,et al.  A study of preferences for sharing and privacy , 2005, CHI Extended Abstracts.

[14]  Elisa Bertino,et al.  An analysis of expressiveness and design issues for the generalized temporal role-based access control model , 2005, IEEE Transactions on Dependable and Secure Computing.

[15]  Anna Cinzia Squicciarini,et al.  WWW 2009 MADRID! Track: Security and Privacy / Session: Web Privacy Collective Privacy Management in Social Networks , 2022 .

[16]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[17]  Lujo Bauer,et al.  Access Control for Home Data Sharing: Attitudes, Needs and Practices , 2010, CHI.

[18]  Howard J. Hamilton,et al.  Visualizing Privacy Implications of Access Control Policies in Social Network Systems , 2009, DPM/SETOP.

[19]  Barbara Carminati,et al.  Rule-Based Access Control for Social Networks , 2006, OTM Workshops.

[20]  Gail-Joon Ahn,et al.  Multiparty Access Control for Online Social Networks: Model and Mechanisms , 2013, IEEE Transactions on Knowledge and Data Engineering.

[21]  Vincenzo Iovino,et al.  Secure and Policy-Private Resource Sharing in an Online Social Network , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[22]  Lars Backstrom,et al.  The Anatomy of the Facebook Social Graph , 2011, ArXiv.

[23]  Elisa Bertino,et al.  A logical framework for reasoning about access control models , 2001, SACMAT '01.

[24]  Bhavani M. Thuraisingham,et al.  A semantic web based framework for social network access control , 2009, SACMAT '09.

[25]  Gilbert Harman,et al.  Reasoning, Meaning, and Mind , 1999 .

[26]  Talel Abdessalem,et al.  Primates: a privacy management system for social networks , 2012, CIKM '12.

[27]  Na Li,et al.  Preserving Relation Privacy in Online Social Network Data , 2011, IEEE Internet Computing.

[28]  Ajay Chander,et al.  A state-transition model of trust management and access control , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[29]  Imen Ben Dhia Access control in social networks: a reachability-based approach , 2012, EDBT-ICDT '12.

[30]  Prateek Mittal,et al.  EASiER: encryption-based access control in social networks with efficient revocation , 2011, ASIACCS '11.

[31]  Muthucumaru Maheswaran,et al.  An Access Control Scheme for Protecting Personal Data , 2008, 2008 Sixth Annual Conference on Privacy, Security and Trust.

[32]  Amirreza Masoumzadeh,et al.  OSNAC: An Ontology-based Access Control Model for Social Networking Systems , 2010, 2010 IEEE Second International Conference on Social Computing.

[33]  Andrew C. Simpson,et al.  On the need for user-defined fine-grained access control policies for social networking applications , 2008, SOSOC '08.

[34]  Ed Dawson,et al.  An Administrative Model for UCON ABC , 2010, AISC.

[35]  Hua Wang,et al.  Trust-Involved Access Control in Collaborative Open Social Networks , 2010, 2010 Fourth International Conference on Network and System Security.

[36]  Fiona Fui-Hoon Nah,et al.  A study on tolerable waiting time: how long are Web users willing to wait? , 2004, AMCIS.

[37]  Jaehong Park,et al.  A logical specification for usage control , 2004, SACMAT '04.

[38]  Philip W. L. Fong,et al.  Relationship-based access control policies and their policy languages , 2011, SACMAT '11.

[39]  Erik Wästlund,et al.  Requirements and concepts for privacy- enhancing access control in social networks and collaborative workspaces , 2013 .

[40]  Richard Chbeir,et al.  Security and Privacy Preserving in Social Networks , 2013, Lecture Notes in Social Networks.

[41]  Muthucumaru Maheswaran,et al.  A trust based approach for protecting user data in social networks , 2007, CASCON.

[42]  Ravi Sandhu,et al.  Expressive power of access control models based on propagation of rights , 1996 .

[43]  Michael Huth,et al.  Relationship-based access control: its expression and enforcement through hybrid logic , 2012, CODASPY '12.

[44]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[45]  Talel Abdessalem,et al.  A reachability-based access control model for online social networks , 2011, DBSocial '11.

[46]  Antonios Gouglidis,et al.  A Use-Based Approach for Enhancing UCON , 2012, STM.

[47]  Barbara Carminati,et al.  Access control and privacy in web-based social networks , 2008, Int. J. Web Inf. Syst..

[48]  Sebastian Ryszard Kruk,et al.  D-FOAF: Distributed Identity Management with Access Rights Delegation , 2006, ASWC.

[49]  Wilfred Villegas A trust-based access control scheme for social networks , 2008 .

[50]  Ninghui Li,et al.  A theory for comparing the expressive power of access control models , 2007, J. Comput. Secur..

[51]  Brian Whitworth,et al.  Distributed access control for social networks , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[52]  Paul Gastin,et al.  Characterization of the Expressive Power of Silent Transitions in Timed Automata , 1998, Fundam. Informaticae.

[53]  Role Based Access Control for social network sites , 2009, 2009 Joint Conferences on Pervasive Computing (JCPC).

[54]  Joaquín Salvachúa,et al.  Tie-RBAC: An application of RBAC to Social Networks , 2012, ArXiv.

[55]  Anna Carreras Coch,et al.  Access control issues in social networks , 2010 .

[56]  Philip W. L. Fong,et al.  A Privacy Preservation Model for Facebook-Style Social Network Systems , 2009, ESORICS.

[57]  Sushil Jajodia,et al.  Policies, Models, and Languages for Access Control , 2005, DNIS.

[58]  Yuan Cheng,et al.  A User-to-User Relationship-Based Access Control Model for Online Social Networks , 2012, DBSec.

[59]  Fabio Martinelli,et al.  Usage control in computer security: A survey , 2010, Comput. Sci. Rev..