Multiparty access control for online social networks: Model and mechanisms

IEEE Transactions on Knowledge and Data Engineering

Volumn 25, Issue 7, 2013, Pages 1614-1627

  Hu, Hongxin ^a   Ahn, Gail Joon ^b   Jorgensen, Jan ^b  

^a DELAWARE STATE UNIVERSITY   (United States)

^b ARIZONA STATE UNIVERSITY   (United States)

Author keywords

multiparty access control; policy specification and management; security model; Social network

Indexed keywords

ACCESS CONTROL MODELS; LOGICAL REPRESENTATIONS; ON-LINE SOCIAL NETWORKS; ONLINE SOCIAL NETWORKS (OSNS); POLICY SPECIFICATION; SECURITY AND PRIVACY ISSUES; SECURITY MODEL; SOCIAL NETWORKS;

SOCIAL NETWORKING (ONLINE);

ACCESS CONTROL;

EID: 84878326313     PISSN: 10414347     EISSN: None     Source Type: Journal    
DOI: 10.1109/TKDE.2012.97     Document Type: Article

References (41)

1. Facebook Developers, http://developers.facebook.com/, 2013.
2. Facebook Privacy Policy, http://www.facebook.com/policy.php/, 2013.
3. Facebook Statistics, http://www.facebook.com/press/info. php?statistics, 2013.
4. Google+ Privacy Policy, http://http://www.google.com/intl/en/+/policy/, 2013.
5. The Google+ Project, https://plus.google.com, 2013.
6. G. Ahn and H. Hu, "Towards Realizing a Formal RBAC Model in Real Systems," Proc. 12th ACM Symp. Access Control Models and Technologies, pp. 215-224, 2007. (Pubitemid 47287492)
7. G. Ahn, H. Hu, J. Lee, and Y. Meng, "Representing and Reasoning about Web Access Control Policies," Proc. IEEE 34th Ann. Computer Software and Applications Conf. (COMPSAC), pp. 137-146, 2010.
8. A. Besmer and H.R. Lipford, "Moving beyond Untagging: Photo Privacy in a Tagged World," Proc. 28th Int'l Conf. Human Factors in Computing Systems, pp. 1563-1572, 2010.
9. L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda, "All Your Contacts Are Belong to Us: Automated Identity theft Attacks on Social Networks," Proc. 18th Int'l Conf. World Wide Web, pp. 551-560, 2009.
10. B. Carminati and E. Ferrari, "Collaborative Access Control in OnLine Social Networks," Proc. Seventh Int'l Conf. Collaborative Computing: Networking, Applications and Worksharing (Collaborate-Com), pp. 231-240, 2011.
11. B. Carminati, E. Ferrari, and A. Perego, "Rule-Based Access Control for Social Networks," Proc. Int'l Conf. On the Move to Meaningful Internet Systems, pp. 1734-1744, 2006. (Pubitemid 44891736)
12. B. Carminati, E. Ferrari, and A. Perego, "Enforcing Access Control in Web-Based Social Networks," ACM Trans. Information and System Security, vol. 13, no. 1, pp. 1-38, 2009.
13. E. Carrie, "Access Control Requirements for Web 2.0 Security and Privacy," Proc. Workshop Web 2.0 Security & Privacy (W2SP), 2007.
14. J. Choi, W. De Neve, K. Plataniotis, and Y. Ro, "Collaborative Face Recognition for Improved Face Annotation in Personal Photo Collections Shared on Online Social Networks," IEEE Trans. Multimedia, vol. 13, no. 1, pp. 14-28, Feb. 2011.
15. J. Douceur, "The Sybil Attack," Proc. Int'l Workshop Peer-to-Peer Systems, pp. 251-260, 2002.
16. P. Fong, "Preventing Sybil Attacks by Privilege Attenuation: A Design Principle for Social Network Systems," Proc. IEEE Symp. Security and Privacy (SP), pp. 263-278, 2011.
17. P. Fong, "Relationship-Based Access Control: Protection Model and Policy Language," Proc. First ACM Conf. Data and Application Security and Privacy, pp. 191-202, 2011.
18. P. Fong, M. Anwar, and Z. Zhao, "A Privacy Preservation Model for Facebook-Style Social Network Systems," Proc. 14th European Conf. Research in Computer Security, pp. 303-320, 2009.
19. J. Golbeck, "Computing and Applying Trust in Web-Based Social Networks," PhD thesis, Univ. of Maryland at College Park, College Park, MD, USA, 2005.
20. M. Harrison, W. Ruzzo, and J. Ullman, "Protection in Operating Systems," Comm. ACM, vol. 19, no. 8, pp. 461-471, 1976.
21. H. Hu and G. Ahn, "Enabling Verification and Conformance Testing for Access Control Model," Proc. 13th ACM Symp. Access Control Models and Technologies, pp. 195-204, 2008.
22. H. Hu and G. Ahn, "Multiparty Authorization Framework for Data Sharing in Online Social Networks," Proc. 25th Ann. IFIP WG 11.3 Conf. Data and Applications Security and Privacy, pp. 29-43, 2011.
23. H. Hu, G. Ahn, and K. Kulkarni, "Anomaly Discovery and Resolution in Web Access Control Policies," Proc. 16th ACM Symp. Access Control Models and Technologies, pp. 165-174, 2011.
24. H. Hu, G.-J. Ahn, and J. Jorgensen, "Enabling Collaborative Data Sharing in Google+.," Technical Report ASU-SCIDSE-12-1, http://sefcom.asu.edu/mpac/mpac+.pdf, Apr. 2012.
25. H. Hu, G.-J. Ahn, and J. Jorgensen, "Detecting and Resolving Privacy Conflicts for Collaborative Data Sharing in Online Social Networks," Proc. 27th Ann. Computer Security Applications Conf, pp. 103-112, 2011.
26. H. Hu, G.-J. Ahn, and K. Kulkarni, "Detecting and Resolving Firewall Policy Anomalies," IEEE Trans. Dependable and Secure Computing, vol. 9, no. 3, pp. 318-331, May 2012.
27. L. Jin, H. Takabi, and J. Joshi, "Towards Active Detection of Identity Clone Attacks on Online Social Networks," Proc. First ACM Conf. Data and Application Security and Privacy, pp. 27-38, 2011.
28. S. Kruk, S. Grzonkowski, A. Gzella, T. Woroniecki, and H. Choi, "D-FOAF: Distributed Identity Management with Access Rights Delegation," Proc. Asian Semantic Web Conf. (ASWC), pp. 140-154, 2006. (Pubitemid 44608591)
29. L. Lam and C.Y. Suen, "Application of Majority Voting to Pattern Recognition: An Analysis of Its Behavior and Performance," IEEE Trans. Systems, Man and Cybernetics, Part A: Systems and Humans, vol. 27, no. 5, pp. 553-568, Sept. 1997. (Pubitemid 127770722)
30. N. Li, J. Mitchell, and W. Winsborough, "Beyond Proof-of-Compliance: Security Analysis in Trust Management," J. ACM, vol. 52, no. 3, pp. 474-514, 2005. (Pubitemid 43078378)
31. N. Li, Q. Wang, W. Qardaji, E. Bertino, P. Rao, J. Lobo, and D. Lin, "Access Control Policy Combining: Theory Meets Practice," Proc. 14th ACM Symp. Access Control Models and Technologies, pp. 135-144, 2009.
32. V. Lifschitz, "What Is Answer Set Programming?" Proc. AAAI Conf. Artificial Intelligence, pp. 1594-1597, 2008.
33. V. Marek and M. Truszczynski, "Stable Models and an Alternative Logic Programming Paradigm," The Logic Programming Paradigm: A 25-Year Perspective, pp. 375-398, Springer-Verlag, 1999.
34. A. Mislove, B. Viswanath, K. Gummadi, and P. Druschel, "You Are Who You Know: Inferring User Profiles in Online Social Networks," Proc. Third ACM Int'l Conf. Web Search and Data Mining, pp. 251-260, 2010.
35. B. Qureshi, G Min, and D. Kouvatsos, "Collusion Detection and Prevention with Fire+ Trust and Reputation Model," Proc. IEEE 10th Int'l Conf. Computer and Information Technology (CIT), pp. 2548-2555, 2010.
36. A. Squicciarini, M. Shehab, and F. Paci, "Collective Privacy Management in Social Networks," Proc. 18th Int'l Conf. World Wide Web, pp. 521-530, 2009.
37. A. Squicciarini, S. Sundareswaran, D. Lin, and J. Wede, "A3p: Adaptive Policy Prediction for Shared Images over Popular Content Sharing Sites," Proc. 22nd ACM Conf. Hypertext and Hypermedia, pp. 261-270, 2011.
38. E. Staab and T. Engel, "Collusion Detection for Grid Computing," Proc. Ninth IEEE/ACM Int'l Symp. Cluster Computing and the Grid, pp. 412-419, 2009.
39. B. Viswanath, A. Post, K. Gummadi, and A. Mislove, "An Analysis of Social Network-Based Sybil Defenses," ACM SIGCOMM Computer Comm. Rev., vol. 40, pp. 363-374, 2010.
40. G. Wondracek, T. Holz, E. Kirda, and C. Kruegel, "A Practical Attack to De-Anonymize Social Network Users," Proc. IEEE Symp. Security and Privacy, pp. 223-238, 2010.
41. E. Zheleva and L. Getoor, "To Join or Not to Join: The Illusion of Privacy in Social Networks with Mixed Public and Private User Profiles," Proc. 18th Int'l Conf. World Wide Web, pp. 531-540, 2009.