Skip to main content
SpringerLink
Log in

User-Managed Access Control in Web Based Social Networks

  • Chapter
  • First Online:
Security and Privacy Preserving in Social Networks

Part of the book series: Lecture Notes in Social Networks ((LNSN))

  • 2550 Accesses

Abstract

Recently, motivated by the expansion and the emergence of Web Based Social Networks (WBSNs), a high number of privacy problems and challenges have arisen. One of these problems that is currently attracting the attention of scientific community is the design and implementation of user-managed access control systems. In this regard, there exist a well-known set of requirements (relationship-based, fine-grained, interoperability, sticky-policies and data exposure minimization) that have been identified in order to provide a user-managed access control for WBSNs. These requirements, partially addressed by the works proposed in the literature, represent “building blocks” for a well defined user-managed access control model. In this chapter, we first provide a conceptualization of a WBSN to propose an access control model, called SoNeUCON ABC, and a mechanism that implements it. A set of mechanisms among the recently proposed in the literature are selected such that, when deployed over SoNeUCON ABC, the whole set of user-managed requirements can be fulfilled.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.internetworldstats.com/emarketing.htm, last access November 2012.

  2. 2.

    http://www.internetworldstats.com/facebook.htm, last access November 2012.

  3. 3.

    http://www.internetworldstats.com/stats.htm, last access November 2012.

  4. 4.

    http://www.un.org/en/index.shtml, last access November 2012.

  5. 5.

    http://tools.ietf.org/html/rfc2904, last access November 2012.

  6. 6.

    http://www.itu.int/rec/T-REC-X.812/en, last access November 2012.

  7. 7.

    http://kantarainitiative.org/, last access November 2012.

References

  1. Ackermann, M., Ludwig, B., Hymon, K., Wilhelm, K.: Helloworld: An open source, distributed and secure social network. In: W3C Wks. on the Future of Social Networking, 2009

    Google Scholar 

  2. Acquisti, A., Gross, R.: Imagined communities: awareness, information sharing, and privacy on the Facebook. In: Privacy Enhancing Technologies, vol. 4258 of Lecture Notes in Computer Science, pp. 36–58. Springer, Berlin/Heidelberg (2006)

    Google Scholar 

  3. Aiello, L.M., Ruffo, G.: Lotusnet: Tunable privacy for distributed online social network services. Comput. Comm. 35(1), 75–88 (2012)

    Article  Google Scholar 

  4. Aiello, L.M., Ruffo, G.: Secure and flexible framework for decentralized social network services. In: 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 594–599, 2010

    Google Scholar 

  5. Ajami, R., Ramadan, N., Mohamed, N., Al-Jaroodi, J.: Security challenges and approaches in online social networks: A survey. Int. J. Comput. Sci. Netw. Secur. 11, 1–12 (2011)

    Google Scholar 

  6. Ali, B., Villegas, W., Maheswaran, M.: A trust based approach for protecting user data in social networks, pp. 288–293, 2007

    Google Scholar 

  7. Allard, T., Anciaux, N., Bouganim, L., Guo, Y., Le Folgoc, L., Nguyen, B., Pucheral, P., Ray, I., Yin, S.: Secure personal data servers: A vision paper. Proc. VLDB Endow. 3(1–2), 25–35 (2010)

    Google Scholar 

  8. Anderson, J., Diaz, C., Bonneau, J., Stajano, F.: Privacy-enabling social networking over untrusted networks. In: Proceedings of the 2nd ACM Workshop on Online Social Networks, pp. 1–6. ACM, New York (2009)

    Google Scholar 

  9. Attrapadung, N., Imai, H.: Conjunctive broadcast and attribute−based encryption. In: Proc. of the 3rd International Conference Palo Alto on Pairing−Based Cryptography, Pairing ’09. Springer, New York (2009)

    Google Scholar 

  10. Backes, M., Maffei, M., Pecina, K.: A security API for distributed social networks. In: NDSS, vol. 11, pp. 35–51 (2011)

    Google Scholar 

  11. Baden, R., Bender, A., Spring, N., Bhattacharjee, B., Starin, D.: Persona: an online social network with user−defined privacy. SIGCOMM Comput. Comm. Rev. 39, 135–146 (2009)

    Article  Google Scholar 

  12. Becker, J., Chen, H.: Measuring privacy risk in online social networks. In: Proc. of W2SP 2009: Web 2.0 Security and Privacy, 2009

    Google Scholar 

  13. Bertino, E., Bonatti, P.A., Ferrari, E.: Trbac: a temporal role-based access control model. In: Symposium on Access Control Models and Technologies. Proc. of the Fifth ACM Wks. on Role-Based Access Control, pp. 21–30. ACM, New York (2000)

    Google Scholar 

  14. Besenyei, T., Földes, Á.M., Gulyás, G.G., Imre, S.: StegoWeb: towards the ideal private web content publishing tool. In: SECURWARE 2011, The Fifth International Conference on Emerging Security Information, Systems and Technologies, pp. 109–114, 2011

    Google Scholar 

  15. Besmer, A., Lipford, H.R., Shehab, M., Cheek, G.: Social applications: exploring a more secure framework. In: Proc. of the 5th Symposium on Usable Privacy and Security, SOUPS ’09, pp. 2:1–2:10. ACM, New York (2009)

    Google Scholar 

  16. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proc. of the 2007 IEEE Symposium on Security and Privacy, SP ’07. IEEE Computer Society, Oakland, CA (2007)

    Google Scholar 

  17. Bishop, M.: Computer Security Art and Science. Addison-Wesley (2002)

    Google Scholar 

  18. Bouganim, L., Pucheral, P.: Chip-secured data access: confidential data on untrusted servers. In: Proc. of the 28th International Conference on Very Large Data Bases, VLDB ’02, pp. 131–142. VLDB Endowment, 2002

    Google Scholar 

  19. Boyd, D.M., Ellison, N.B.: Social network sites: Definition, history, and scholarship. J. Comput. Mediat. Comm. 13, 210–230 (2007)

    Article  Google Scholar 

  20. Buchegger, S., Schiöberg, D., Vu, L.-H., Datta, A.: Peerson: P2p social networking: early experiences and insights, pp. 46–52, 2009

    Google Scholar 

  21. Capitani di Vimercati, S., Foresti, S., Samarati, P.: Authorization and access control. Security, Privacy, and Trust in Modern Data Management, pp. 39–53, 2007

    Google Scholar 

  22. Carminati, B., Ferrari, E.: Access control and privacy in web-based social networks. Int. J. Web Inform. Syst. 4(4), 395–415 (2008)

    Article  Google Scholar 

  23. Carminati, B., Ferrari, E.: Privacy-aware collaborative access control in web-based social networks. In: Proceeedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, pp. 81–96. Springer, New York (2008)

    Google Scholar 

  24. Carminati, B., Ferrari, E., Perego, A.: Rule-based access control for social networks. In: Proc. OTM 2006 Workshops (On the Move to Meaningful Internet Systems), vol. 4278 of LNCS, pp. 1734–1744. Springer, New York (2006)

    Google Scholar 

  25. Carminati, B., Ferrari, E., Perego, A.: Private relationships in social networks. In: Proc. of the 2007 IEEE 23rd International Conference on Data Engineering Wks., pp. 163–171. IEEE Computer Society, Oakland, CA (2007)

    Google Scholar 

  26. Carminati, B., Ferrari, E.: Access control and privacy in web-based social networks. Int. J. Web Inf. Syst. 4(4), 395–415 (2008)

    Google Scholar 

  27. Carminati, B., Ferrari, E., Heatherly, R., Kantarcioglu, M., Thuraisingham, B.: A semantic web based framework for social network access control. In: Proc. of the 14th ACM symposium on Access control models and technologies, SACMAT ’09, pp. 177–186. ACM, New York (2009)

    Google Scholar 

  28. Carreras, A., Rodriguez, L., Delgado, J., Maronas, X.: Access control issues in social networks, pp. 47–52, 2010

    Google Scholar 

  29. Carrie, Dr., Gates, E.: Access control requirements for web 2.0 security and privacy. In: Proc. of Wks. on Web 2.0 Security & Privacy (W2SP 2007, 2007

    Google Scholar 

  30. Chase, M., Chow, S.S.M.: Improving privacy and security in multi-authority attribute-based encryption. In: Proc. of the 16th ACM Conference on Computer and Communications Security, CCS ’09, pp. 121–130. ACM, New York (2009)

    Google Scholar 

  31. Chase, M.: Multi-authority attribute based encryption. In: Proc. of the 4th Conference on Theory of Cryptography, TCC’07, pp. 515–534. Springer, New York (2007)

    Google Scholar 

  32. Conti, M., Hasani, A., Crispo, B.: Virtual private social networks. In: Proc. of the first ACM conference on Data and application security and privacy, CODASPY ’11, pp. 39–50. ACM, New York (2011)

    Google Scholar 

  33. Covington, M.J., Sastry, M.R.: A contextual attribute-based access control model. In: Proc. of the 2006 International Conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part II, OTM’06, pp. 1996–2006, 2006

    Google Scholar 

  34. Covington, M.J., Moyer, M.J., Ahamad, M.: Generalized role−based access control for securing future applications. In: 23rd National Information Systems Security Conference, Citeseer, 2000

    Google Scholar 

  35. Cutillo, L.A., Molva, R., Strufe, T.: Safebook: Feasibility of transitive cooperation for privacy on a decentralized social network. In: 2009 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks & Workshops, (217141):1–6, 2009

    Google Scholar 

  36. Dey, R., Jelveh, Z., Ross, K.W.: Facebook users have become much more private: A large-scale study. In: Proc. of SESOC 2012, 2012

    Google Scholar 

  37. Di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: A data outsourcing architecture combining cryptography and access control. In: Proceedings of the 2007 ACM Workshop on Computer Security Architecture, pp. 63–69. ACM, New York (2007)

    Google Scholar 

  38. Dwyer, C., Hiltz, S.R., Passerini, K.: Trust and privacy concern within social networking sites: A comparison of facebook and MySpace. In: AMCIS, p. 339 (2007)

    Google Scholar 

  39. Fong, P.W.L.: Relationship-based access control: protection model and policy language. In: Proc. of the first ACM conference on Data and application security and privacy, CODASPY ’11, pp. 191–202. ACM, New York (2011)

    Google Scholar 

  40. Frikken, K.B., Srinivas, P.: Key-allocation schemes for private social networks. In: Proc. of the 8th ACM Wks. on Privacy in the Electronic Society, WPES ’09, pp. 11–20. ACM, New York (2009)

    Google Scholar 

  41. Gao, H., Hu, J., Huang, T., Wang, J., Chen, Y.: Security issues in online social networks. IEEE Internet Comput. 15, 56–63 (2011)

    Article  Google Scholar 

  42. Giunchiglia, F., Zhang, R., Crispo, B.: Relbac: Relation based access control. In: Fourth International Conference on Semantics, Knowledge and Grid, 2008. SKG ’08., pp. 3–11, 2008

    Google Scholar 

  43. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proc. of the 13th ACM Conference on Computer and Communications Security, CCS ’06, pp. 89–98. ACM, New York (2006)

    Google Scholar 

  44. Graffi, K., Groß, C., Stingl, D., Hartung, D., Kovacevic, A., Steinmetz, R.: Lifesocial.kom: A secure and p2p-based solution for online social networks. In: Proc. of the IEEE Consumer Communications and Networking Conference. IEEE Computer Society, Oakland, CA (2011)

    Google Scholar 

  45. Guha, S., Tang, K., Francis, P.: Noyb: privacy in online social networks. In: Proc. of the First Wks. on Online Social Networks, WOSN ’08, pp. 49–54. ACM, New York (2008)

    Google Scholar 

  46. Harary, F., Norman, R.Z.: Graph theory as a mathematical model in social science, 1953

    Google Scholar 

  47. Jahid, S., Nilizadeh, S., Mittal, P., Borisov, N., Kapadia, A.: Decent: A decentralized architecture for enforcing privacy in online social networks, 2012

    Google Scholar 

  48. Jahid, S., Mittal, P., Borisov, N.: Easier: encryption−based access control in social networks with efficient revocation. In: Proc. of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS ’11, pp. 411–415. ACM, New York (2011)

    Google Scholar 

  49. Kourtellis, N., Finnis, J., Anderson, P., Blackburn, J., Borcea, C., Iamnitchi, A.: Prometheus: user-controlled p2p social data management for socially-aware applications. In: Ifip International Federation For Information Processing, pp. 212–231, 2010

    Google Scholar 

  50. Kruk, S., Grzonkowski, S., Gzella, A., Woroniecki, T., Choi, H.-C.: D-foaf: Distributed identity management with access rights delegation. In: The Semantic Web? ASWC 2006, vol. 4185 of Lecture Notes in Computer Science, pp. 140–154. Springer, Berlin/Heidelberg, (2006)

    Google Scholar 

  51. Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010)

    Article  Google Scholar 

  52. Lin, H., Cao, Z., Liang, X., Shao, J.: Secure threshold multi authority attribute based encryption without a central authority. Inf. Sci. 180, 2618–2632 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  53. Lucas, M.M., Borisov, N.: Flybynight: mitigating the privacy risks of social networking. In: Proc. of the 7th ACM Wks. on Privacy in the Electronic Society, WPES ’08, pp. 1–8. ACM, New York (2008)

    Google Scholar 

  54. Luo, W., Xie, Q., Hengartner, U.: FaceCloak: an architecture for user privacy on social networking sites. In: 2009 International Conference on Computational Science and Engineering, pp. 26–33, 2009

    Google Scholar 

  55. Au Yeung, C.M., Liccardi, I., Lu, K., Seneviratne, O., Berners-Lee, T.: Decentralization: The future of online social networking. In: W3C Wks. on the Future of Social Networking Position Papers, 2009

    Google Scholar 

  56. Mun, M., Hao, S., Mishra, N., Shilton, K., Burke, J., Estrin, D., Hansen, M., Govindan, R.: Personal data vaults: a locus of control for personal data streams. In: Proc. of the 6th International Conference, Co-NEXT ’10, pp. 17:1–17:12. ACM, New York (2010)

    Google Scholar 

  57. Nin, J., Carminati, B., Ferrari, E., Torra, V.: Computing Reputation for Collaborative Private Networks, pp. 246–253. IEEE Computer Society, Oakland, CA (2009)

    Google Scholar 

  58. Oracle-Team: Online Security, A Human Perspective (2011)

    Google Scholar 

  59. Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proc. of the 14th ACM Conference on Computer and Communications Security, CCS ’07, pp. 195–203. ACM, New York (2007)

    Google Scholar 

  60. Parent, W.A.: Privacy, morality, and the law. Philos. Publ. Aff. 12(4), 269–288 (1983)

    Google Scholar 

  61. Park, J., Sandhu, R.: A Position Paper: A Usage Control (UCON) Model for Social Networks Privacy, (2000)

    Google Scholar 

  62. Park, J., Sandhu, R.: The UCONabc usage control model. ACM Trans. Inf. Syst. Secur. 7, 128–174 (2004)

    Article  Google Scholar 

  63. Park, J., Sandhu, R., Cheng, Y.: A user-activity-centric framework for access control in online social networks. IEEE Internet Comput. 15(5), 62–65 (2011)

    Article  Google Scholar 

  64. Ray, I., Kumar, M., Yu, L.: LRBAC: a location-aware role-based access control model. In: Information Systems Security, vol. 4332 of Lecture Notes in Computer Science, pp. 147–161. Springer, Berlin/Heidelberg (2006)

    Google Scholar 

  65. Razavi, M.N., Iverson, L.: Towards usable privacy for social software. Technical report, University of British Columbia, 2007

    Google Scholar 

  66. Salim, F., Reid, J., Dawson, E.: An administrative model for UCONabc. In: Proc. of the Eighth Australasian Conference on Information Security, vol. 105 of AISC ’10, pp. 32–38, 2010

    Google Scholar 

  67. Sandhu, R.S., Samarati, P.: Access control: principles and practice. Access 40–48 (1994)

    Google Scholar 

  68. Sastry, M., Krishnan, R., Sandhu, R.: A new modeling paradigm for dynamic authorization in multi-domain systems, pp. 153–158, 2007

    Google Scholar 

  69. Schneier, B.: A taxonomy of social networking data. IEEE Security Privacy 8(4) (2010)

    Google Scholar 

  70. Scholl, M., Stine, K., Lin, K., Steinberg, D.: Security architecture design process for health information exchanges (HIEs). NISTIR 7497. National Institute of Standards and Technology

    Google Scholar 

  71. Seong, S.-W., Seo, J., Nasielski, M., Sengupta, D., Hangal, S., Teh, S.K., Chu, R., Dodson, B., Lam, M.S.: Prpl: a decentralized social networking infrastructure, pp. 8:1–8:8 (2010)

    Google Scholar 

  72. Shakimov, A., Lim, H., Li, K., Liu, D., Varshavsky, A.: Vis-a-Vis: privacy-preserving online social networking via virtual individual servers, (2010)

    Google Scholar 

  73. Shen, H., Hong, F.: An attribute-based access control model for web services. In: Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies, 2006. PDCAT ’06., pp. 74–79, 2006

    Google Scholar 

  74. Shi, W.: Attribute based encryption with pattern-awareness by attribute based encryption with pattern-awareness. Master’s thesis, Inha University, 2010

    Google Scholar 

  75. Shilton, K., Burke, J.A., Estrin, D., Hansen, M.: Designing the personal data stream: enabling participatory privacy in mobile personal sensing. Work (September), 25–27 (2009)

    Google Scholar 

  76. Squicciarini, A.C., Shehab, M., Paci, F.: Collective privacy management in social networks. In: Proc. of the 18th International Conference on World Wide Web, WWW ’09, pp. 521–530. ACM, New York (2009)

    Google Scholar 

  77. Squicciarini, A.C., Shehab, M., Wede, J.: Privacy policies for shared content in social network sites. VLDB J. 777–796 (2010)

    Google Scholar 

  78. Squicciarini, A.C., Shehab, M., Paci, F.: Collective privacy management in social networks. In: Proc. of the 18th International Conference on World Wide Web, WWW ’09, pp. 521–530. ACM, New York (2009)

    Google Scholar 

  79. Tootoonchian, A., Saroiu, S., Ganjali, Y., Wolman, A.: Lockr: Better privacy for social networks. In: Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, pp. 169–180. ACM, New York (2009)

    Google Scholar 

  80. Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proc. of the IEEE International Conference on Web Services, ICWS ’05, pp. 561–569. IEEE Computer Society, Oakland, CA (2005)

    Google Scholar 

  81. Zhang, X., Park, J., Parisi-Presicce, F., Sandhu, R.: A logical specification for usage control. In: Proc. of the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT ’04, pp. 1–10. ACM, New York (2004)

    Google Scholar 

  82. Zheleva, E., Getoor, L.: Social Network Data Analytics, chapter Privacy in Social Networks: A Survey. Springer, New York (2011)

    Google Scholar 

  83. Zhu, Y., Hu, Z., Wang, H., Hu, H., Ahn, G.-J.: A collaborative framework for privacy protection in online social networks. Organization 1–15 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Engineering Department, University Carlos III of Madrid, Avda. de la Universidad, 30., 28911, Leganés, Spain

    Lorena González-Manzano, Ana I. González-Tablas, José M. de Fuentes & Arturo Ribagorda

Authors
  1. Lorena González-Manzano
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ana I. González-Tablas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. José M. de Fuentes
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Arturo Ribagorda
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lorena González-Manzano .

Editor information

Editors and Affiliations

  1. LIUPPA Laboratory, University of Pau and Adour Countries, Anglet, France

    Richard Chbeir

  2. Ticket Laboratory, Antonine University, Baabda, Lebanon

    Bechara Al Bouna

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Wien

About this chapter

Cite this chapter

González-Manzano, L., González-Tablas, A.I., de Fuentes, J.M., Ribagorda, A. (2013). User-Managed Access Control in Web Based Social Networks. In: Chbeir, R., Al Bouna, B. (eds) Security and Privacy Preserving in Social Networks. Lecture Notes in Social Networks. Springer, Vienna. https://doi.org/10.1007/978-3-7091-0894-9_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-7091-0894-9_4

  • Published:

  • Publisher Name: Springer, Vienna

  • Print ISBN: 978-3-7091-0893-2

  • Online ISBN: 978-3-7091-0894-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation