Distributed data usage control for web applications: A social network implementation

CODASPY'11 - Proceedings of the 1st ACM Conference on Data and Application Security and Privacy

Volumn , Issue , 2011, Pages 85-96

  Kumari, Prachi ^a   Pretschner, Alexander ^a   Peschla, Jonas ^b   Kuhn, Jens Michael ^b  

^a KARLSRUHE INSTITUTE OF TECHNOLOGY   (Germany)

^b Rheinland Pfälzische Technische Universität Kaiserslautern Landau   (Germany)

Author keywords

Data usage control; Mozilla Firefox extension; Privacy policies enforcement; Sticky policies; Web based social networking

Indexed keywords

DATA USAGE; MOZILLA; PRIVACY POLICIES ENFORCEMENT; STICKY POLICIES; WEB BASED;

DATA PRIVACY; WORLD WIDE WEB;

WEB BROWSERS;

EID: 79952779062     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1943513.1943526     Document Type: Conference Paper

References (53)

1. A. Pretschner, M. Hilty, and D. Basin. Distributed usage control. Commun. ACM, 49(9):39-44, 2006. (Pubitemid 44371759)
2. J. Park and R. Sandhu. The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur., 7(1):128-174, 2004.
3. D. Povey. Optimistic security: a new access control paradigm. In Proceedings of the 1999 workshop on New security paradigms, NSPW'99, pages 40-45. ACM, 2000.
4. R. Iannella (ed.). Open Digital Rights Language v1.1, 2008http://odrl.net/1.1/ODRL-11.pdf.
5. Multimedia framework (MPEG-21) - Part 5: Rights Expression Language, 2004. ISO/IEC standard 21000-5:2004.
6. P. Ashley, S. Hada, G. Karjoth, C. Powers, and M. Schunter. Enterprise Privacy Authorization Language (EPAL 1.2). IBM Technical Report, 2003. http://www.zurich.ibm.com/security/enterprise-privacy/epal/Specification/.
7. Open Mobile Alliance. DRM Rights Expression Language V2.1, 2008. http://www.openmobilealliance.org/Technical/release-program/drm-v2-1.aspx.
8. X. Zhang, J. Park, F. Parisi-Presicce, and R. Sandhu. A logical specification for usage control. In SACMAT'04: Proceedings of the ninth ACM symposium on Access control models and technologies, pages 1-10. ACM, 2004.
9. M. Hilty, A. Pretschner, D. Basin, C. Schaefer, and T. Walter. A policy language for distributed usage control. In Proc. ESORICS, pages 531-546, 2008.
10. N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The Ponder Policy Specification Language. In Proc. Workshop on Policies for Distributed Systems and Networks, pages 18-39, 1995.
11. W3C. The Platform for Privacy Preferences 1.1 (P3P1.1) Specification, 2005. http://www.w3.org/TR/2005/WD-P3P11-20050104/.
12. M. Harvan and A. Pretschner. State-based Usage Control Enforcement with Data Flow Tracking using System Call Interposition. In Proc. 3rd Intl. Conf. on Network and System Security, pages 373-380, 2009.
13. A. Pretschner, M. Buechler, M. Harvan, C. Schaefer, and T. Walter. Usage control enforcement with data ow tracking for x11. In Proc. 5th Intl. Workshop on Security and Trust Management, pages 124-137, 2009.
14. M. Dam, B. Jacobs, A. Lundblad, and F. Piessens. Security monitor inlining for multithreaded java. In Proc. ECOOP, pages pp. 546-569, 2009.
15. I. Ion, B. Dragovic, and B. Crispo. Extending the Java Virtual Machine to Enforce Fine-Grained Security Policies in Mobile Devices. In Proc. Annual Computer Security Applications Conference, pages 233-242. IEEE Computer Society, 2007.
16. L. Desmet, W. Joosen, F. Massacci, K. Naliuka, P. Philippaerts, F. Piessens, and D. Vanoverberghe. The S3MS.NET Run Time Monitor: Tool Demonstration. ENTCS, 253(5):153-159, 2009.
17. U. Erlingsson and F. Schneider. SASI enforcement of security policies: A retrospective. In Proc. New Security Paradigms Workshop, pages 87-95, 1999.
18. B. Yee, D. Sehr, G. Dardyk, J. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In Proc IEEE Symposium on Security and Privacy, pages 79-93, 2009.
19. G. Gheorghe, S. Neuhaus, and B. Crispo. xESB: An Enterprise Service Bus for Access and Usage Control Policy Enforcement. In Proc. Annual IFIP WG 11.11 International Conference on Trust Management, 2010.
20. M. Egele, C. Kruegel, E. Kirda, H. Yin, and D. Song. Dynamic spyware analysis. In Proceedings of USENIX Annual Technical Conference, June 2007.
21. Adobe livecycle rights management es. http://www.adobe.com/products/ livecycle/rightsmanagement/indepth.html, August 2010.
22. Microsoft. Windows Rights Management Services. http://www.microsoft.com/ windowsserver2008/en/us/ad-rms-overview.aspx, 2010.
23. A. Pretschner, M. Hilty, F. Schutz, C. Schaefer, and T. Walter. Usage control enforcement: Present and future. Security & Privacy, IEEE, 6(4):44-53, 2008.
24. P. Kumari. Requirements analysis for privacy in social networks. 8th International Workshop for Technical, Economic and Legal Aspects of Business Models for Virtual Goods, Namur, 2010.
25. A. Acquisti and R. Gross. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. In Privacy Enhancing Technologies Workshop (PET), Robinson College, Cambridge, United Kingdom, June 2006.
26. C. Dwyer and S. Hiltz. Trust and privacy concern within social networking sites: A comparison of Facebook and MySpace. In Proceedings of the Thirteenth Americas Conference on Information Systems, Keystone, Colorado, USA, August 2007.
27. J. Grimmelmann. Facebook and the Social Dynamics of Privacy. Legal Studies, New York Law School, 7:33-34, 2008/2009.
28. L. Edwards and I. Brown. Data Control and Social Networking: Irreconcilable Ideas? In A. Matwyshyn, editor, Harboring data: Information security, law, and the corporation. Stanford University Press, 2009.
29. K. Williams, A. Boyd, S. Densten, R. Chin, D. Diamond, and C. Morgenthaler. Social Networking Privacy Behaviors and Risks. Seidenberg School of CSIS, Pace University, USA, 2009.
30. C. Yeung, I. Liccardi, K. Lu, O. Seneviratne, and T. Berners-Lee. Decentralization: The future of online social networking. In W3C Workshop on the Future of Social Networking Position Papers, 2009.
31. The friend of a friend (foaf) project. http://www.foaf-project.org/docs, September 2010.
32. A. Cutillo, R. Molva, and T. Strufe. Privacy preserving social networking through decentralization. In WONS'09: Proceedings of the Sixth international conference on Wireless On-Demand Network Systems and Services, pages 133-140. IEEE Press, 2009.
33. Safebook publications. http://www.safebook.us/publications.html, September 2010.
34. Peerson: Privacy-preserving p2p social networks. http://www.peerson.net, September 2010.
35. D. Kalofonos, Z. Antoniou, F. Reynolds, M. Van-Kleek, J. Strauss, and P. Wisner. MyNet: a Platform for Secure P2P Personal and Social Networking Services. In 6th IEEE International Conference on Pervasive Computing and Communications (PERCOM'08), Hong-Kong, China, March 2008.
36. Z. Antoniou and D. Kalofonos. User-Centered Design of a Secure P2P Personal and Social Networking Platform. In 3rd IASTED International Conference on Human-Computer Interaction (IASTED-HCI'08), Innsbruck, Austria, March 2008.
37. K. Gollu, S. Saroiu, and A. Wolman. A Social Networking-Based Access Control Scheme for Personal Content. In 21st ACM Symposium on Operating Systems Principles (SOSP'07), Stevenson, Washington, October 2007.
38. A. Tootoonchian, K. Gollu, S. Saroiu, Y. Ganjali, and A. Wolman. Lockr: Social Access Control for Web 2.0. In First ACM SIGCOMM Workshop on Online Social Networks (WOSN), Seattle, WA, August 2008.
39. B. Carminati, E. Ferrari, and A. Perego. Enforcing access control in web-based social networks. ACM Trans. Inf. Syst. Secur., 13(1):1-38, 2009.
40. Website of the Scramble! project. http://www.primelife.eu/results/ opensource/39-scramble, September 2010.
41. Website of the clique project. http://clique.primelife.eu/, September 2010.
42. F. Beato, M. Kohlweiss, and K. Wouters. Enforcing access control in social networks. In Proc. Hot Pets, 2009.
43. B. Berg and R. Leenes. Audience segregation in social network sites. In Proceedings for Social Com2010/PASSAT2010.IEEE, pages 1111-1117, 2010.
44. S. Kruk, S. Grzonkowski, A. Gzella, T. Woroniecki, and H. Choi. D-foaf: Distributed identity management with access rights delegation. In Proc. Asian Semantic Web Conference 2006, 2006.
45. FOAFRealm. Foafrealm project site. http://www.foafrealm.org/Jul 2010.
46. Mozilla's add-on repository AMO. https://addons.mozilla.org/July 2010.
47. The tabulator extension. http://dig.csail.mit.edu/2007/tab, September 2010.
48. J. Peschla. Data usage control for a web application: The client. Bachelor's thesis, University of Kaiserslautern, July 2010.
49. Browser market share. http://marketshare.hitslink.com/browser-market- share.aspx?qprid=0&qptimeframe=M&qpsp=138&qpnp=1, September 2010.
50. Phpizabi homepage. http://www.phpizabi.net/September 2010.
51. A. Pretschner, M. Hilty, D. Basin, C. Schaefer, and T. Walter. Mechanisms for Usage Control. In Proc. ACM Symposium on Information, Computer & Communication Security, pages 240-245, 2008.
52. MASTER consortium. MASTER Deliverable 5.1.1: Security Enforcement Language. http://www.master-fp7.eu/, April 2010.
53. Mozilla's plugin documentation. https://developer.mozilla.org/en/Plugins, May 2010.