On the need for user-defined fine-grained access control policies for social networking applications

Proceedings of the 2008 Workshop Security in Opportunistic and SOCial Networks, SOSOC'08

Volumn , Issue , 2008, Pages

  Simpson, Andrew ^a  

^a UNIVERSITY OF OXFORD   (United Kingdom)

Author keywords

Access control; Privacy; Social networks

Indexed keywords

ACCESS CONTROL POLICIES; DATA SHARING; E-RESEARCH; E-SCIENCE; EBUSINESS; EFFECTIVE MANAGEMENT; EHEALTH; PERSONAL DATA; PRIVACY; SECURITY AND PRIVACY; SOCIAL NETWORKING; SOCIAL NETWORKS; TECHNICAL SOLUTIONS; VIRTUAL COMMUNITY;

ELECTRONIC COMMERCE; HEALTH RISKS; SECURITY SYSTEMS; VIRTUAL REALITY;

ACCESS CONTROL;

EID: 70349125768     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1461469.1461470     Document Type: Conference Paper

References (40)

1. The Guardian (13th September 2007). Do social network sites genuinely care about privacy? http://www.guardian.co.uk/technology/2007/sep/13/ guardianweeklytechnologysection.news1.
2. A. Acquisti. Privacy in electronic commerce and the economics of immediate gratification. In Proceedings of the A CM Conference on Electronic Commerce (EC Õ04), pages 21-29. ACM Press, 2004.
3. A. Acquisti and R. Gross. Imagined communities: Awareness, information sharing, and privacy on the facebook. In P. Golle and G. Danezis, editors, Proceedings of the 6th Workshop on Privacy Enhancing Technologies, pages 36-58, 2006.
4. A. I. Antón, E. Bertino, N. Li, and T. Yu. A roadmap for comprehensive online privacy policy management. Communications of the ACM, 50(7):109-116, July 2007.
5. A. I. Antón, J. B. Earp, D. Bolchini, Q. He, C. Jensen, and W Stufflebeam. The lack of clarity in financial privacy policies and the need for standardization. IEEE Security & Privacy, 2 (2): 36-45, 2004.
6. M. Antonioletti, N. P. C. Hong, A. C. Hume, M. Jackson, K. Karasavvas, A. Krause, J. M. Schopf, M. P. Atkinson, B. Dobrzelecki, M. Illingworth, N. McDonnell, M. Parsons, and E. Theocharopoulous. OGSA-DAI 3.0 - the whats and whys. In Proceedings of the UK e-Science All Hands Meeting, 2007.
7. N. F. Awad and M. S. Krishnan. The personalization privacy paradox: An empirical evaluation of information transparency and the willingness to be profiled online for personalization. MIS Quarterly, 30(1):13-28, 2006.
8. S. B. Barnes. A privacy paradox: Social networking in the United States. First Monday, 11(9), September 2006.
9. M. Y. Becker, C. Fournet, and A. D. Gordon. SecPAL: Design and semantics of a decentralized authorization language. Technical Report MSR-TR-2006-120, Microsoft Research, 2006.
10. d. m. boyd. Reflections on friendster, trust and intimacy. In Proceedings of Intimate (Ubiquitous) Computing Workshop - Ubicomp 2003, October 2003.
11. d m. boyd and N. B. Ellison. Social network sites: Definition, history, and scholarship. Journal of Computer-Mediated Communication, 13(1): article 11, 2007.
12. B. Carminati, E. Ferrari, and A. Perego. Rule-based access control for social networks. In On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. Spring-Verlag Lecture Notes in Computer Science, volume 4276, 2006.
13. A. H. Chinaei and F. W. Tompa. User-managed access control for health care systems. In W. Jonker and M. Petkovic, editors, Proceedings of Secure Data Management (SDM) 2005, pages 63-72. Springer-Verlag Lecture Notes in Computer Science, volume 3674, 2005.
14. G. D'Agostino, C. Hinds, M. Jirotka, C. Meyer, T. Piper, M. Rahman, and D. Vaver. On the importance of intellectual property rights for e-science and the integrated health record. Health Informatics Journal, 14(2):95-111, 2008.
15. N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The Ponder policy specification language. In Policies for Distributed, Systems and Networks (Policy 2001), pages 18-38. Springer-Verlag Lecture Notes in Computer Science, volume 1995, 2001.
16. J. Donath and d. m. boyd. Public displays of connection. BT Technology Journal, 22:71-82, 2004.
17. C. Dwyer, S. R. Hiltz, and K. Passerini. Trust and privacy concerns within social networking sites: A comparison of facebook and myspace. In Proceedings of the 13th American Conference on Information Systems, 2007.
18. A. Ferreira, R. Cruz-Correia, L. Antunes, and D. Chad wick. Access control: how can it improve patients' healthcare? Studies in Health Technology and Informatics, 127, June 2007.
19. I. Foster and C. Kesselman, editors. The GRID: Blueprint For A New Computing Infrastructure. Morgan Kaufmann, 1999.
20. W. S. Galkin. Privacy: What is it? Computer Law Observer, issue 14, May 1996.
21. R. Gross and A. Acquisti. Information revelation and privacy in online social networks. In Proceedings of WPES '05, pages 71-80, 2005.
22. R. Gross and H. J. Heinz III. Information revelation and privacy in online social networks (the facebook case). In ACM Workshop on Privacy in the Electronic Society (WPES), 2005.
23. M. Hart, R. Johnson, and A. Stent. More content-less control: Access control in the web 2.0. In Proceedings of the IEEE Web 2.0 Privacy and Security Workshop. IEEE Press, 2007.
24. A. J. G. Hey and A. E. Trefethen. The UK e-Science Programme and the grid. In Proceedings of Computational Science (ICCS 2002), Part I, pages 3-21. Springer-Verlag Lecture Notes in Computer Science, volume 2329, 2002.
25. M. J. Hodge. The fourth amendment and privacy issues on the 'new' internet: Facebook.com and myspace.com. Southern Illinois University Law Journal, 31:95-122, 2006.
26. T. Jagatic, N. Johnson, M. Jakobsson, and F. Menczer. Social phishing. Communications of the ACM, 5(10):94-100, 2007.
27. M. Jirotka, R. Procter, M. Hartswood, R. Slack, A. C. Simpson, C. Coopmans, and C. Hinds. Collaboration and trust in healthcare innovation: The eDiaMoND case study. Journal of Computer Supported Cooperative Work, 14(4):369-398, 2005.
28. W. Mackay. Triggers and barriers to customizing software. In Proceedings of CHI '91, pages 153-160. ACM Press, 1991.
29. W. Mao, A. P. Martin, J. Jin, and H. Zhang. Innovations for grid security from trusted computing. In Proceedings of the Fourteenth International Workshop on Security Protocols, 2006.
30. R. C. Mayer, J. H. Davis, and F. D. Schoorman. An integrative model of organizational trust. The Academy of Management Review, 20(3):709-734, 1995.
31. T. Mitrano. A wider world: Youth, privacy, and social networking technologies. EDUCAUSE Review, 41(6):16-29, November/December 2006.
32. D. J. Power, E. A. Politou, M. A. Slaymaker, and A. C. Simpson. Towards secure grid-enabled healthcare. Software: Practice and Experience, 35(9):857-871, 2005.
33. S. Preibusch, B. Hoser, S. Gurses, and B. Berendt. Ubiquitous social networks - opportunities and challenges for privacy-aware user modelling. In Proceedings of Workshop on Data Mining for User Modeling, 2007.
34. A. C. Simpson, D. J. Power, D. Russell, M. A. Slaymaker, G. Kouadri-Mostefaoui, X. Ma, and G. Wilson. A healthcare-driven framework for facilitating the secure sharing of data across organisational boundaries. In Proceedings of HealthGrid 2008, 2008.
35. M. A. Slaymaker, D. J. Power, D. Russell, and A. C. Simpson. On the facilitation of fine-grained access to distributed healthcare data. In Proceedings of Secure Data Management 2008. Springer-Verlag Lecture Notes in Computer Science, 2008.
36. J. M. Spivey. The Z Notation: A Reference Manual. Prentice-Hall International, second edition, 1992.
37. F. Stutzman. An evaluation of identity-sharing behavior in social network communities. Journal of the International Digital Media and Arts Association, 3(1):10-18, 2006.
38. A. Sutcliffe. Trust: from cognition to conceptual models and design. In Advanced Information Systems Engineering: Proceedings of the 18th International Conference (GAiSE 2006), pages 3-17. Springer-Verlag Lecture Notes in Computer Science, volume 4001, 2006.
39. T. Verhanneman, L. Jaco, B. De Win, F. Piessens, and W. Joosen. Adaptable access control policies for medical information systems. In Proceedings of Distributed Applications and Interoperable Systems (DAIS) 2003, pages 133-140. Springer-Verlag Lecture Notes in Computer Science, volume 2893, 2003.
40. J. C. P. Woodcock and J. W. M. Davies. Using Z: Specification, Refinement, and Proof. Prentice-Hall, 1996.