Enforcing access control in Web-based social networks

ACM Transactions on Information and System Security

Volumn 13, Issue 1, 2009, Pages

  Carminati, Barbara ^a   Ferrari, Elena ^a   Perego, Andrea ^a  

^a UNIVERSITY OF INSUBRIA   (Italy)

Author keywords

Access control; Semantic Web; Social networks

Indexed keywords

ACCESS CONTROL MECHANISM; ACCESS CONTROL MODELS; ACCESS POLICIES; AUTHORIZED USERS; PERFORMANCE STUDY; RULE-BASED APPROACH; SOCIAL NETWORKS; TRUST LEVEL;

BEHAVIORAL RESEARCH; INTERNET PROTOCOLS; SECURITY SYSTEMS; SEMANTIC WEB; SEMANTICS;

ACCESS CONTROL;

EID: 70350406398     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/1609956.1609962     Document Type: Article

References (40)

1. ADOMAVICIUS, G. AND TUZHILIN, A. 2005. Toward the next generation of recommender systems: A survey of the state-of-the-art and possible extensions. IEEE Trans. Knowl. Data Eng. 17, 6, 734-749.
2. ALI, B., VILLEGAS, W., AND MAHESWARAN, M. 2007. A trust-based approach for protecting user data in social networks. In Proceedings of the Conference of the Center for Advanced Studies on Collaborative Research (CASCON'07). ACM Press, New York, 288-293.
3. AVESANI, P., MASSA, P., AND TIELLA, R. 2005. A trust-enhanced recommender system application: Moleskiing. In Proceedings of the ACMSymposium on Applied Computing (SAC'05). ACM Press, New York, 1589-1593.
4. BERNERS-LEE, T., CONNOLLY, D., KAGAL, L., SCHARF, Y., AND HENDLER, J. 2008. N3Logic: A logical framework for the World Wide Web. Theory Pract. Log. Program. 8, 3, 249-269.
5. BERTEAU, S. 2007. Facebook's misrepresentation of Beacon's threat to privacy: Tracking users who opt out or are not logged in. CA Security Advisor Research Blog. http://community.ca.com/blogs/securityadvisor/archive/2007/11/29/ facebook-s-isrepresentationofbeacon- s-threat-to-privacy-tracking-users-who-opt- out-or-are-not-logged-in.aspx.
6. BETH, T.,BORCHERDING, M., ANDKLEIN,B. 1994. Valuation of trust in open networks. In Proceedings of the European Symposium on Research in Computer Security (ESORICS'94). Springer, Berlin, 3-18.
7. BLAZE, M., FEIGENBAUM, J., IOANNIDIS, J., AND KEROMYTIS, A. D. 1999. The KeyNote trust management system version 2. IETF RFC 2704, Internet Engineering Task Force. http://www.ietf.org/rfc/rfc2704.txt.
8. BLAZE, M., FEIGENBAUM, J., AND STRAUSS, M. 1998. Compliance checking in the PolicyMaker trust management system. In Proceedings of the 2nd International Conference on Financial Cryptography (FC'98). Springer, Berlin, 1439-1456.
9. BRICKLEY, D. AND MILLER, L. 2007. FOAF vocabulary specification 0.91. Namespace Document. http://xmlns.com/foaf/0.1.
10. CANADIAN PRIVACY COMMISSION. 2007. Social Networking and Privacy. http://www.privcom.gc.ca/information/social/index e.asp.
11. CARMINATI, B. AND FERRARI, E. 2008. Access control and privacy in Web-based social networks. Int. J. Web Inf. Syst. 4, 4, 395-415.
12. CARMINATI, B., FERRARI, E., AND PEREGO, A. 2006. Rule-based access control for social networks. In On the Move to Meaningful Internet Systems: OTM'06 Workshops. Springer, Berlin, 1734-1744.
13. CHEN, L. 2006. Facebook's feeds cause privacy concerns. The Amherst Student. http://halogen.note.amherst.edu/~astudent/2006-2007/issue02/news/01. html.
14. CHOI, H.-C., KRUK, S. R., GRZONKOWSKI, S., STANKIEWICZ, K., DAVIS, B., AND BRESLIN, J. G. 2006. Trust models for community-aware identity management. In Proceedings of the Identity, Reference, and the Web Workshop (IRW'06). http://www.ibiblio.org/hhalpin/irw2006/skruk.pdf.
15. CWM. 2006. Cwm-A General Purpose Data Processor for the Semantic Web. http://www.w3.org/ 2000/10/swap/doc/cwm.html.
16. DAVIS, I. AND VITIELLO JR, E. 2005. RELATIONSHIP: A vocabulary for describing relationships between people. Namespace Document. http://purl.org/vocab/relationship.
17. DING, L., ZHOU, L., FININ, T. W., AND JOSHI, A. 2005. How the Semantic Web is being used: An analysis of FOAF documents. In Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS'05). IEEE, Los Alamitos, CA, 113c.
18. ELLISON, C. M., FRANTZ, B., LAMPSON, B., RIVEST, R. L., THOMAS, B. M., AND YLÖNEN, T. 1999. SPKI certificate theory. IETF RFC 2693, Internet Engineering Task Force. http://www.ietf. org/rfc/rfc2693.txt.
19. EPIC. 2008a. Facebook Privacy Page. http://epic.org/privacy/facebook/.
20. EPIC. 2008b. Social Networking Privacy. http://epic.org/privacy/ socialnet/default.html.
21. FEDERAL TRADE COMMISSION. 2007. Social Networking Sites: A Parent's Guide. http://www.ftc. gov/bcp/edu/pubs/consumer/tech/tec13.shtm.
22. FERRARI, E. AND THURAISINGHAM, B. 2000. Secure database systems. In Advanced Database Technology and Design, M. Piattini and O. Diaz, Eds. Artech House, Norwood, MA, 353-403.
23. GARFINKEL, S. 1996. PGP: Pretty Good Privacy. O'Reilly & Associates, Sebastopol, CA.
24. GOLBECK, J. A. 2005. Computing and applying trust in Web-based social networks. Ph.D. thesis, Graduate School of the University of Maryland, College Park.
25. GOLBECK, J. A. AND HENDLER, J. 2006. Inferring binary trust relationships in Web-based social networks. ACM Trans. Inter. Tech. 6, 4, 497-529. (Pubitemid 44893437)
26. HART, M., JOHNSON, R., AND STENT, A. 2007. More content-less control: Access control in the Web 2.0. In Proceedings of the Web 2.0 Security & Privacy Workshop (W2SP'07). http://seclab.cs.rice.edu/w2sp/2007/papers/paper- 193-z 6706.pdf.
27. HOGBEN, G. 2007. Security issues and recommendations for online social networks. ENISA Position Paper 1, European Network and Information Security Agency. http://www.enisa.europa. eu/doc/pdf/deliverables/enisa pp social networks.pdf.
28. HORROCKS, I., PATEL-SCHNEIDER, P. F., BOLEY, H., TABET, S., GROSOF, B., AND DEAN, M. 2004. SWRL: A Semantic Web rule language combining OWL and RuleML. W3C Member Submission, World Wide Web Consortium. http://www.w3.org/Submission/ SWRL.
29. JøSANG, A. 1999. An algebra for assessing trust in certification chains. In Proceedings of the Network and Distributed System Security Symposium (NDSS'99). http://www.isoc. org/isoc/conferences/ndss/99/proceedings/papers/ josang.pdf
30. JøSANG, A., GRAY, E., AND KINATEDER, M. 2006. Simplification and analysis of transitive trust networks. Web Intell. Agent Syst. 4, 2, 139-161.
31. JøSANG, A., ISMAIL, R., AND BOYD, C. 2007. A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43, 2, 618-644.
32. KAMVAR, S. D., SCHLOSSER, M. T., AND GARCIA-MOLINA, H. 2003. The Eigentrust algorithm for reputation management in P2P networks. In Proceedings of 12th International Conference on World Wide Web (WWW'03). ACM, New York, 640-651.
33. KLEINBERG, J. 2000. The small-world phenomenon: An algorithmic perspective. In Proceedings of the 32nd Annual ACMSymposium on Theory of Computing (STOC'00). ACM, New York, 163-170.
34. KRUK, S. R., GRZONKOWSKI, S., CHOI, H.-C., WORONIECKI, T., AND GZELLA, A. 2006. D-FOAF: Distributed identity management with access rights delegation. In Proceedings of the Asian Semantic Web Conference (ASWC'06). Springer, Berlin, 140-154.
35. MARTEL, C. AND NGUYEN, V. 2004. Analyzing Kleinberg's (and other) small-world models. In Proceedings of the 23rd Annual ACMSymposium on Principles of Distributed Computing (PODC'04). ACM, 179-188.
36. REITER, M. K. AND STUBBLEBINE, S. G. 1997. Toward acceptable metrics of authentication. In Proceedings of the IEEE Symposium on Security and Privacy (SP'97). IEEE, Los Alamitos, CA, 10-20.
37. SHAMIR, A. 1979. How to share a secret. Comm. ACM 22, 11, 612-613.
38. WATTS, D. J. 2003. Small Worlds: The Dynamics of Networks between Order and Randomness. Princeton University Press, Princeton, NJ.
39. WEITZNER, D. J., HENDLER, J., BERNERS-LEE, T., AND CONNOLLY, D. 2006. Creating a policy-aware Web: Discretionary, rule-based access for the World Wide Web. In Web & Information Security, E. Ferrari and B. Thuraisingham, Eds. IDEA Group Publishing, Hershey, PA, 1-31.
40. XIONG, L. AND LIU, L. 2004. PeerTrust: Supporting reputation-based trust for peer-to-peer electronic communities. IEEE Trans. Knowl. Data Eng. 16, 7, 843-857.