Access control models for online social networks

Social Network Engineering for Secure Web Data and Services

Volumn , Issue , 2013, Pages 32-65

  Sayaf, Rula ^a   Clarke, Dave ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

DATA PRIVACY; SOCIAL NETWORKING (ONLINE); SURVEYS;

ACCESS CONTROL MODELS; ACCESS TO RESOURCES; INFORMATION SYSTEMS SECURITY; ON-LINE SOCIAL NETWORKS; ONLINE SOCIAL NETWORKS (OSNS); PRIVACY ISSUE; PRIVACY VIOLATION; SECURITY AND PRIVACY PROTECTION;

ACCESS CONTROL;

EID: 84898374541     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.4018/978-1-4666-3926-3.ch003     Document Type: Chapter

References (143)

1. Abadi, M., Burrows, M., Lampson, B., & Plotkin, G. (1993). A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4), 706-734. doi:10.1145/155183.155225.
2. Abiteboul, S., Agrawal, R., Bernstein, P., Carey, M., Ceri, S., & Croft, B. (2005, May). The Lowell database research self-assessment. Communications of the ACM, 48(5), 111-118. doi:10.1145/1060710.1060718.
3. Acquisti, A., Carrara, E., Stutzman, F., Callas, J., Schimmer, K., & Nadjm, M. (2007). Security issues and recommendations for online social networks. ENISA.
4. Acquisti, A., & Grossklags, J. (2005). Privacy and rationality in individual decision-making. IEEE Security and Privacy, 3(1), 26-33. doi:10.1109/MSP.2005.22.
5. Ahmad, A., & Whitworth, B. (2011). Distributed access control for social networks. Information Assurance and Security (IAS) (pp. 68-73). IEEE. Alessandra, M., Kristen, L., & Eytan, A. (Last Updated April 2011.). The PVIZ comprehension tool for social network privacy settings. UM Tech Report #CSE-TR-570-11.
6. Ali, B., Villegas, W., & Maheswaran, M. (2007). A trust based approach for protecting user data in social networks. In Proceedings of the 2007 conference of the center for advanced studies on collaborative research (pp. 288-293). New York, NY, USA: ACM.
7. Anwar, M., & Fong, P. W. L. (2010). An access control model for Facebook-style social network systems (Tech. Rep. No. 2010-959-08). Department of Computer Science, University of Calgary, Calgary, Alberta, Canada.
8. Aringhieri, R., Damiani, E., Di Vimercati, S. D. C., Paraboschi, S., & Samarati, P. (2006, February). Fuzzy techniques for trust and reputation management in anonymous peer-to-peer systems: Special topic section on soft approaches to information retrieval and information access on the web. Journal of the American Society for Information Science and Technology, 57(4), 528-537. doi:10.1002/asi.20307.
9. Ashley, P. (2003). Enterprise privacy authorization language (EPAL 1.1). W3C Working Group. Retrieved March, 2012, from http://www.zurich. ibm.com/security/enterprise-privacy/epal/Specification/.
10. Australian broadcasting corporation (ABC). (2007, 29 October). ABC media watch, filleting facebook. Retrieved March, 2012, from http://www.abc.net.au/mediawatch/transcripts/s2074079.htm.
11. Baader, F., Calvanese, D., McGuinness, D., Nardi, D., & Patel-Schneider, P. (2003). The description logic handbook: Theory, implementation and applications. Cambridge University Press.
12. Baden, R., Bender, A., Spring, N., Bhattacharjee, B., & Starin, D. (2009). Persona: An online social network with user-defined privacy. In Proceedings of the ACM SIGCOMM 2009 conference on data communication (pp. 135-146). New York, NY, USA, ACM.
13. Baracaldo, N., López, C., Anwar, M., & Lewis, M. (2011). Simulating the effect of privacy concerns in online social networks (pp. 519-524). Information Reuse and Integration (IRI), IEEE International Conference.
14. Bauer, L., Ligatti, J., & Walker, D. (2005, June). Composing security policies with Polymer. SIGPLAN Notices, 40, 305-314. doi:10.1145/1064978.1065047.
15. Bedi, R., Wadhai, V.M., Sugandhi, R., & Mirajkar, A.(2005). Watermarking social networking relational data using non-numeric attribute. International Journal of Computer Science 9.
16. Bell, D. E., & LaPadula, L. J. (1973). Secure computer systems: Volume I - Mathematical foundations, Volume II - A mathematical model, Volume III - A refinement of the mathematical model (No. MTR-2547).
17. Benantar, M. (2006). Access control systems: Security, identity management and trust models (Benantar, M., Ed.). Springer.
18. Berendt, B., Gunther, O., & Spiekermann, S. (2005, April). Privacy in e-commerce: Stated preferences vs. actual behavior. Communications of the ACM, 48, 101-106. doi:10.1145/1053291.1053295.
19. Bethencourt, J., Sahai, A., & Waters, B. (2007). Ciphertext-policy attribute-based encryption. In IEEE symposium on security and privacy (pp. 321-334). IEEE Computer Society.
20. Blaze, M., Feigenbaum, J., & Lacy, J. (1996). Decentralized trust management. In Proceedings of the 1996 IEEE symposium on security and privacy (pp. 164-173). Washington, DC, USA: IEEE Computer Society.
21. Bonatti, P., De Capitani Di Vimercati, S., & Samarati, P. (2002). An algebra for composing access control policies. ACM Transactions on Information and System Security, 5(1), 1-35. doi:10.1145/504909.504910.
22. Brickell, J., & Shmatikov, V. (2008). The cost of privacy: Destruction of data-mining utility in anonymized data publishing. In Li, Y., Liu, B., & Sarawagi, S. (Eds.), KDD (pp. 70-78). ACM. doi:10.1145/1401890.1401904.
23. Brickley, D., & Miller, L. (2007). FOAF Vocabulary Specification 0.91. Retrieved March, 2012, from http://xmlns.com/foaf/spec/20071002.html (Computer software manual No. November).
24. Brickley, D., & Miller, L. (2010, January). FOAF Vocabulary Specification 0.97 (Namespace document). Retrieved March, 2012, from http://xmlns. com/foaf/spec/20100101.html.
25. Cain, J., Scott, D. R., & Akers, P. (2009, October). Pharmacy students' Facebook activity and opinions regarding accountability and e-professionalism. American Journal of Pharmaceutical Education, 73(6), 104. doi:10.5688/aj7306104.
26. Cankaya, H. C. (2011). Access control lists. In van Tilborg, H. C. A., & Jajodia, S. (Eds.), Encyclopedia of cryptography and security (2nd ed., pp. 9-12). Springer.
27. Carminati, B., Ferrari, E., Heatherly, R., Kantarcioglu, M., & Thuraisingham, B. (2009). A semantic web based framework for social network access control. In Proceedings of the 14th ACM symposium on access control models and technologies (pp. 177-186). New York, NY, USA: ACM.
28. Carminati, B., Ferrari, E., & Perego, A. (2006a). The REL-X vocabulary. OWL Vocabulary. Retrieved March, 2012, from http://www.dicom. uninsubria.it/andrea.perego/vocs/relx.owl.
29. Carminati, B., Ferrari, E., & Perego, A. (2006b). Rule-based access control for social networks. In On the Move to Meaningful Internet Systems 2006: OTM Workshops (2), (pp. 1734-1744). Springer.
30. Castrucci, A., Martinelli, F., Mori, P., & Roperti, F. (2008). Enhancing Java-ME security support with resource usage monitoring. In Proceedings of the 10th international conference on information and communications security, 5308 (pp. 256-266). Berlin, Germany: Springer-Verlag.
31. Chang, E., Li, C., Wang, J., Mork, P., & Wiederhold, G. (1999). Searching near-replicas of images via clustering. In Proc. SPIE symposium of voice, video, and data communications (pp. 281-292).
32. Chen, F., & Sandhu, R. (1995). Constraints for RBAC. In 1st ACM workshop on role-based access control (pp. 39-46). ACM.
33. Chen, H., & Li, N. (2006). Constraint generation for separation of duty. In Proceedings of the eleventh ACM symposium on access control models and technologies (pp. 130-138). New York, NY, USA: ACM.
34. Chinaei, A. H., Barker, K. & Tompa, K. (2009). Comparison of access control administration models. Ubiquitous Communication and Computing Journal (UBICC), 4(3).
35. Clark, D. D., & Wilson, D. R. (1987). A comparison of commercial and military computer security policies. In Proc. Symposium on Security and Privacy 1987 (IEEE Press), 184-193.
36. Clarke, D., Elien, J.-E., Ellison, C., Fredette, M., Morcos, A., & Rivest, R. L. (2002, February). Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 9(4), 285-322.
37. Clarke, E. H. (1971). Multipart pricing of public goods. Star, 11(1), 17-33.
38. Covington, M. J., Long, W., Srinivasan, S., Dev, A. K., Ahamad, M., & Abowd, G. D. (2001). Securing context-aware applications using environment roles. In SACMAT '01: Proceedings of the sixth ACM symposium on access control models and technologies (pp. 10-20). New York, NY, USA: ACM Press.
39. Crescenzo, G., & Lipton, R. J. (2009). Social network privacy via evolving access control. In Proceedings of the 4th international conference on wireless algorithms, systems, and applications (pp. 551-560). Berlin, Germany: Springer-Verlag.
40. Cutillo, L., Molva, R., & Strufe, T. (2009). Safebook: A privacy-preserving online social network leveraging on real-life trust. Communications Magazine, IEEE, 47(12), 94-101. doi:10.1109/MCOM.2009.5350374.
41. De Capitani Di Vimercati, S., Foresti, S., Jajodia, S., & Samarati, P. (2007). Access control policies and languages in open environments. In Secure Data Management in Decentralized Systems (pp. 21-58). Springer. doi:10.1007/978-0-387-27696-0_2.
42. Debatin, B., Lovejoy, J. P., Horn, A.-K., & Hughes, B. N. (2009). Facebook and online privacy: Attitudes, behaviors, and unintended consequences. Journal of Computer-Mediated Communication, 15(1), 83-108. doi:10.1111/j.1083-6101.2009.01494.x.
43. Dennis, J. B., & Van Horn, E. C. (1966). Programming semantics for multi-programmed computations. Communications of the ACM, 9(3), 143-155. doi:10.1145/365230.365252.
44. Didriksen, T. (1997). Rule based database access control: A practical approach. In Proceedings of the second ACM workshop on role-based access control (pp. 143-151). New York, NY: ACM.
45. Donath, J., & Boyd, D. (2004). Public displays of connection. BT Technology Journal, 22, 71-82. doi:10.1023/B:BTTJ.0000047585.06264.cc.
46. Dwyer, C., Hiltz, S. R., & Passerini, K. (2007). Trust and privacy concern within social networking sites: A comparison of Facebook and Myspace. In Hoxmeier, J. A., & Hayne, S. (Eds.), AMCIS (p. 339). Association for Information Systems.
47. Erlingsson, U., & Irm, F. B. S. (2000). IRM enforcement of java stack inspection. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, 246-255. IEEE.
48. Facebook. (2011). Website. Retrieved March, 2012, from http://www.facebook.com.
49. Facebook Stat. Page. (2011). Website. Retrieved March, 2012, from http://www.socialtechnologyreview. com/articles/50-facebook-stats-everymarketer-should-know.
50. Feigenbaum, L., Herman, I., Hongsermeier, T., Neumann, E., & Stephens, S. (2007, December). The semantic web in action. Scientific American, 297, 90-97. doi:10.1038/scientificamerican1207-90.
51. Finin, T., Ding, L., Zhou, L., & Joshi, A. (2005). Social networking on the semantic web. The Learning Organization, 12(5). doi:10.1108/09696470510611384.
52. Fong, P. W. L. (2011). Relationship-based access control: protection model and policy language. In Proceedings of the first ACM conference on data and application security and privacy (pp. 191-202). New York, NY, USA: ACM.
53. Fong, P. W. L., & Siahaan, I. (2011). Relationshipbased access control policies and their policy languages. In Proceedings of the 16th ACM symposium on access control models and technologies (pp. 51-60). New York, NY, USA: ACM.
54. Gates, C. (2007). Access control requirements for Web 2.0 Security and Privacy. IEEE Web, 2, 2-4.
55. Giunchiglia, F., Marchese, M., & Zaihrayeu, I. (2005). Towards a theory of formal classification (Tech. Rep.). University of Trento.
56. Giunchiglia, F., Zhang, R., & Crispo, B. (2008). RELBAC: Relation based access control. In Proceedings of the 2008 fourth international conference on semantics, knowledge and grid (pp. 3-11). Washington, DC, USA: IEEE Computer Society.
57. Golbeck, J. (2006). Combining provenance with trust in social networks for semantic web content filtering. In IPAW'06 (p. 101-108). Springer.
58. Golbeck, J. (2009). Trust and nuanced profile similarity in online social networks. TWEB, 3(4). ACM.
59. Granovetter, M. S. (1973, January). The strength of weak ties. JSTOR. American Journal of Sociology, 78(6), 1360-1380. doi:10.1086/225469.
60. Gross, R., & Acquisti, A. (2005). Information revelation and privacy in online social networks. In Proceedings of the 2005 ACM workshop on privacy in the electronic society (pp. 71-80). New York, NY: ACM.
61. Groves, T. (1973). Incentives in teams. Econometrica, 41, 617-631. doi:10.2307/1914085.
62. Hafez Ninggal, M. I., & Abawajy, J. (2011). Attack vector analysis and privacy-preserving social network data publishing. Trust, Security and Privacy in Computing and Communications (TrustCom) (pp. 847-852). IEEE.
63. Hamlen, K. W., Morrisett, G., & Schneider, F. B. (2006). Computability classes for enforcement mechanisms. ACM Transactions on Programming Languages and Systems, 28(1), 175-205. doi:10.1145/1111596.1111601.
64. Havlena, W. J., & DeSarbo, W. S. (1991). On the measurement of perceived consumer risk. Decision Sciences, 22(4), 927-939. doi:10.1111/j.1540-5915.1991.tb00372.x.
65. Hogben, G. (2008). Security issues and recommendations for online social networks (Tech. Rep.). European Network and Information Security Agency.
66. Hu, H., Gail-Joon, A., & Jan, J. (2012). Enabling collaborative data sharing in Google+ (Tech. Rep.). Arizona State University.
67. Jahid, S., Mittal, P., & Borisov, N. (2011). EASiER: Encryption-based access control in social networks with efficient revocation. In Proceedings of the 6th ACM symposium on information, computer and communications security (pp. 411-415). ACM.
68. Kessler, V. (1992). On the Chinese wall model. In Proceedings of the second European symposium on research in computer security (pp. 41-54). London, UK: Springer-Verlag.
69. Kruk, S. (2004). FOAF-realm-control your friends' access to the resource. FOAF Workshop proceedings 186. Retrieved March, 2012, from http://www.w3.org/2001/sw/Europe/events/foafgalway/papers/fp/foaf realm/.
70. Kruk, S., Grzonkowski, S., Gzella, A., Woroniecki, T., & Choi, H. (2006). D-FOAF: Distributed identity management with access rights delegation. The Semantic Web-ASWC 2006(4), 140-154.
71. Lampson, B. (1974). Protection. ACM SIGOPS Operating Systems Review, 8(1), 18-24. doi:10.1145/775265.775268.
72. Levien, R. (2009). Attack-resistant trust metrics. In Computing with social trust (pp. 121-132). Springer. doi:10.1007/978-1-84800-356-9_5.
73. Leyla, B., Thorsten, S., Davide, B., & Engin, K. (2009, April). All your contacts are belong to us: Automated identity theft attacks on social networks. In 18th international world wide web conference. ACM.
74. Li, N., Grosof, B. N., & Feigenbaum, J. (2003, February). Delegation logic: A logic-based approach to distributed authorization. ACM Transactions on Information and System Security, 6(1), 128-171. doi:10.1145/605434.605438.
75. Li, N., Mitchell, J. C., & Winsborough, W. H. (2002). Design of a role-based trust-management framework. In Proceedings of the 2002 IEEE symposium on security and privacy (pp. 114-130). Washington, DC, USA: IEEE Computer Society.
76. Li, T., & Li, N. (2009). On the tradeoff between privacy and utility in data publishing. In Elder, J. F. IV, Fogelman-Soulie, F., Flach, P. A., & Zaki, M. (Eds.), KDD (pp. 517-526). ACM. doi:10.1145/1557019.1557079.
77. Ligatti, J., Bauer, L., & Walker, D. (2005). Enforcing non-safety security policies with program monitors. Computer Security ESORICS, 3679, 355-373.
78. Lipford, H. R., Besmer, A., & Watson, J. (2008). Understanding privacy settings in Facebook with an audience view. In Proceedings of the 1st conference on usability, psychology, and security (pp. 2:1-2:8). Berkeley, CA, USA: USENIX Association.
79. Maheswaran, M., Tang, H. C., & Ghunaim, A. (2007). Towards a gravity-based trust model for social networking systems. In Proceedings of the 27th international conference on distributed computing systems workshops (pp. 24-24). Washington, DC, USA: IEEE Computer Society.
80. Majeski, M., Johnson, M., & Bellovin, S. M. (2011). The failure of online social network privacy settings (Tech. Rep. No. CUCS-010-11). Department of Computer Science, Columbia University.
81. Mas-Colell, A., Whinston, M. D., & Green, J. R. (1995). Microeconomic theory - chapter 23. Oxford University Press. Hardcover.
82. Masoumzadeh, A., & Joshi, J. (2010). OSNAC: An ontology-based access control model for social networking systems. In Proceedings of the 2010 IEEE second international conference on social computing (pp. 751-759). Washington, DC, USA: IEEE Computer Society.
83. Mika, P. (2005). Ontologies are us: A unified model of social networks and semantics. In Gil, Y., Motta, E., Benjamins, V. R., & Musen, M. A. (Eds.), The Semantic Web - ISWC 2005 (pp. 522-536). Springer. doi:10.1007/11574620_38.
84. Miller, M. S., Yee, K.-P., & Shapiro, J. (2011). Capability myths demolished (Tech. Rep.). Systems Research Laboratory, Johns Hopkins University. Retrieved March, 2012, from http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf.
85. Mont, M. C., Pearson, S., & Bramhall, P. (2003). Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. 14th International Workshop on Database and Expert Systems Applications (DEXA'03), September 1-5, 2003, Prague, Czech Republic, (pp. 377-382). IEEE Computer Society.
86. Naor, D., Naor, M., & Lotspiech, J. B. (2001). Revocation and tracing schemes for stateless receivers. Advances in Cryptology-CRYPTO 2001 (pp. 41-62). Springer.
87. Naor, M., & Pinkas, B. (2001). Efficient trace and revoke schemes. In Proceedings of the 4th international conference on Financial Cryptography, 9(6), 1-20. London, UK: Springer-Verlag.
88. New Myspace and Facebook worms target social networks. (2008). Website. Retrieved March, 2012, from http://www.darknet.org.uk/2008/08/new-myspace-and-facebook-worm-target-socialnetworks/.
89. Ni, Q., Bertino, E., Lobo, J., Brodie, C., Karat, C.-M., Karat, J. et al. (2010, July). Privacy-aware role-based access control. ACM Transactions of Information System Security, 13(3), 24:1-24:31.
90. Norberg, P. A., Horne, D. R., & Horne, D. A. (2007). The privacy paradox: Personal information disclosure intentions versus behaviors. The Journal of Consumer Affairs, 41(1), 100-126. doi:10.1111/j.1745-6606.2006.00070.x.
91. Oasis committee. XACML 2.0 specification. (2012). Website. Retrieved March, 2012, from http://www.oasisopen.org/committees/tchome. php?wgabbrev= xacmlXACML20.
92. Peter, J. P., Tarpey, S., & Lawrence, X. (1975, June). A comparative analysis of three consumer decision strategies. The Journal of Consumer Research, 2(1), 29-37. doi:10.1086/208613.
93. Rodriguez, E., Rodriguez, V., Carreras, A., & Delgado, J. (2009). A digital rights management approach to privacy in online social networks. In Workshop on privacy and protection in web-based social networks (within ICAIL'09), Barcelona, Spain, 2009. IDT Series, vol. 3, ISSN 2013-5017.
94. Rosenblum, D. (2007, May-June). What anyone can know: The privacy risks of social networking sites. Security Privacy, IEEE, 5(3), 40-49. doi:10.1109/MSP.2007.75.
95. Samarati, P., & Vimercati, S. D. C. D. (2000). Access control: Policies, models, and mechanisms. In R. Focardi & R. Gorrieri (Eds.), FOSAD (LNCS Vol. 2171, p. 137-196). Springer.
96. Samarati, P., & Vimercati, S. D. C. D. (2001). Access control: Policies, models, and mechanisms. In Revised versions of lectures given during the IFIP WG 1.7 international school on foundations of security analysis and design on foundations of security analysis and design: Tutorial lectures, 2171 (pp. 137-196). London, UK: Springer-Verlag.
97. Sandhu, R., Bhamidipati, V., & Munawer, Q. (1999). The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security, 2(1), 105-135. doi:10.1145/300830.300839.
98. Schaad, A. (2001). Detecting conflicts in a rolebased delegation model. Seventeenth Annual Computer Security Applications Conference, 117-126. IEEE Comput. Soc.
99. Shamir, A. (1979, November). How to share a secret. Communications of the ACM, 22(11), 612-613. doi:10.1145/359168.359176.
100. Shen, H.-B., & Hong, F. (2006). An attribute-based access control model for web services. In Proceedings of the seventh international conference on parallel and distributed computing, applications and technologies (pp. 74-79). Washington, DC, USA: IEEE Computer Society.
101. Simon, H. A. (1982). Models of bounded rationality. Trustme: Anonymous management of trust relationships in decentralized P2P systems. In N. Shahmehri, R. L. Graham, & G. Caronni (Eds.), Peer-to-peer computing (p. 142-149). IEEE Computer Society.
102. Spiekermann, S., Grossklags, J., & Berendt, B. (2001). E-privacy in 2nd generation E-commerce: Privacy preferences versus actual behavior. World Wide Web Internet And Web Information Systems, 38-47.
103. Squicciarini, A., Trombetta, A., Bhargav-Spantzel, A., & Bertino, E. (2007). K-anonymous attribute-based access control. E. International Conference on Information and Computer Security (ICICS'07).
104. Squicciarini, A. C., Shehab, M., & Wede, J. (2010, June). Privacy policies for shared content in social network sites. The VLDB Journal, 19(6), 777-796. doi:10.1007/s00778-010-0193-7.
105. Squicciarini, A. C., & Sundareswaran, S. (2009, December). Web-traveler policies for images on social networks. World Wide Web (Bussum), 12, 461-484. doi:10.1007/s11280-009-0070-8.
106. Sweeney, L. (2002, October). K-anonymity: A model for protecting privacy. International Journal of Uncertainty. Fuzziness and Knowledge-Based Systems, 10, 557-570. doi:10.1142/S0218488502001648.
107. Tang, Y., Mao, C., Lai, H., & Zhu, J. (2009, December). Role based access control for social network sites. 2009 Joint Conferences on Pervasive Computing (JCPC), 389-394.
108. Tapiador, A., Carrera, D., & Joaquin, S. (2011). Tie-RBAC: An application of RBAC to social networks. Web 2.0 security and privacy. Oakland, California.
109. The Google+ project. (2011). Website. Retrieved March, 2012, from https://plus.google.com.
110. The state of social media 2011: Social is the new normal. (2012). Website. Retrieved March, 2012, from http://www.briansolis.com/2011/10/http://www.briansolis.com/2011/10/state-of-socialmedia-2011/.
111. Thomas, R. K. (1997). Team-based access control (TMAC): A primitive for applying role-based access controls in collaborative environments. In Second ACM workshop on role-based access control (pp. 13-19). ACM.
112. Thomas, R. K., & Sandhu, R. S. (1994). Conceptual foundations for a model of task-based authorizations. In 7th IEEE computer security foundations workshop (pp. 66-79). IEEE Computer Society Press.
113. Thomas, R. K., & Sandhu, R. S. (1998). Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In Proceedings of the IFIP TC11 WG11.3 eleventh international conference on database security xi: Status and prospects (pp. 166-181). London, UK: Chapman & Hall, Ltd.
114. Tolone, W., Ahn, G.-J., Pai, T., & Hong, S.-P. (2005). Access control in collaborative systems. ACM Computing Surveys, 37(1), 29-41. doi:10.1145/1057977.1057979.
115. Tuunainen, V. K., Pitkanen, O., & Hovi, M. (2009). Users' awareness of privacy on online social networking sites - case Facebook. 22nd Bled eConference eEnablement: Facilitating an Open, Effective and Representative eSociety. Slovenia: Bled.
116. United States Department of Defense. (1983). Trusted Computer System Evaluation Criteria (Orange Book). D. of Defense.
117. Verhanneman, T., Piessens, F., De Win, B., & Joosen, W. (2005). Uniform application-level access control enforcement of organization wide policies. In Proceedings of the 21st annual computer security applications conference (pp. 431-440). Washington, DC, USA: IEEE Computer Society.
118. Villegas, W., Ali, B., & Maheswaran, M. (2008). An access control scheme for protecting personal data. In Proceedings of the 2008 sixth annual conference on privacy, security and trust (pp. 24-35). Washington, DC, USA: IEEE Computer Society.
119. W3C. (2009a). Status for resource description framework (RDF) model and syntax specification. Retrieved March, 2012, from http://www. w3.org/1999/status/PR-rdf-syntax-19990105/status.
120. W3C. (2009b). W3C semantic web activity. Retrieved March, 2012, from http://www. w3.org/2001/sw/.
121. Wang, C., & Leung, H.-F. (2004). A secure and private Clarke tax voting protocol without trusted authorities. In Proceedings of the 6th international conference on electronic commerce (pp. 556-565). New York, NY, USA: ACM.
122. Wang, H., & Sun, L. (2010). Trust-involved access control in collaborative open social networks. In Proceedings of the 2010 fourth international conference on network and system security (pp. 239-246). Washington, DC, USA: IEEE Computer Society.
123. Weeks, S. (2001). Understanding trust management systems. In Proceedings of the 2001 IEEE symposium on security and privacy (pp. 94-105). Washington, DC, USA: IEEE Computer Society.
124. Weitzner, D. J., Hendler, J., Berners-Lee, T., & Connolly, D. (2006). Creating a policy-aware web: Discretionary, rule-based access for the world wide web. In Ferrari, E., & Thuraisingham, B. (Eds.), Web and information security (pp. 1-31). Idea Group Inc. doi:10.4018/978-1-59140-588-7. ch001.
125. Wong, C. K., Gouda, M. G., & Lam, S. S. (1998). Secure group communications using key graphs. ACM SIGCOMM Computer Communication Review, 28(4), 68-79. doi:10.1145/285243.285260.
126. Xiong, L., & Liu, L. (2004, July 8-10). Peertrust: Supporting reputation-based trust for peer-to-peer electronic communities. IEEE Transactions on Knowledge and Data Engineering, 16(7), 843-857. doi:10.1109/TKDE.2004.1318566.
127. Abdessalem, T., & Dhia, I. B. (2011). A reachability-based access control model for online social networks. In Databases and social networks (pp. 31-36). New York, NY, USA: ACM. doi:10.1145/1996413.1996419.
128. Beato, F., Kohlweiss, M., & Wouters, K. (2009). Enforcing access control in social network sites. Hot Topics in Privacy Enhancing Technologies (HotPETS), 1-11.
129. Carminati, B., & Ferrari, E. (2008). Access control and privacy in web-based social networks. Access Control and Privacy in Web-based Social Networks, 4(4), 395-415. Emerald Group Publishing Limited.
130. Carreras, A., Rodriguez, E., & Delgado, J. (2009). Using XACML for access control in social networks. In W3C workshop on access control application scenarios.
131. Chong, C., Corin, R., Doumen, J., & Etalle, S. (2006). License script: A logical language for digital rights management. Annales des Télécommunications, 61(3), 284-331. doi:10.1007/BF03219910.
132. Danezis, G. (2009). Inferring privacy policies for social networking services. In Proceedings of the 2nd ACM workshop on security and artificial intelligence (pp. 5-10). New York, NY, USA: ACM.
133. Debatin, B., Lovejoy, J. P., Horn, A.-K., & Hughes, B. N. (2009). Facebook and online privacy: Attitudes, behaviors, and unintended consequences. Journal of Computer-Mediated Communication, 15(1), 83-108. doi:10.1111/j.1083-6101.2009.01494.x.
134. Erlingsson, U., & Schneider, F. B. (2000). SASI enforcement of security policies: A retrospective. In Proceedings of the 1999 workshop on new security paradigms (pp. 87-95). New York, NY, USA: ACM.
135. Fernandez, E. B., Marin, C., & Petrie, M. M. L. (2010). Handbook of social network technologies and applications. Social Networks, 569-582.
136. Giunchiglia, F., Zhang, R., & Crispo, B. (2009). Ontology driven community access control. In 1st workshop on trust and privacy on the social and semantic Web Spot2009. Citeseer.
137. Joshi, J. B. D., Bertino, E., Latif, U., & Ghafoor, A. (2005). A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering, 17, 4-23. doi:10.1109/TKDE.2005.1.
138. Lazarsfeld, P. F., & Merton, R. K. (1954). Friendship as a social process: A substantive and methodological analysis. In Berger, M., Abel, T., & Page, C. (Eds.), Freedom and control in modern society (pp. 18-66). New York: Van Nostrand.
139. Ligatti, J., Bauer, L., & Walker, D. (2005). Enforcing non-safety security policies with program monitors. Computer Security ESORICS 2005. LNCS, 3679, 355-373.
140. Nasirifard, P. (2007). Context-aware access control for collaborative working environments based on semantic social networks. In Proceedings of the Doctorial Consortium Workshop at Sixth International and Interdisciplinary Conference on Modeling and Using Context (Context'07), Roskilde, Denmark, 2007.
141. Palen, L., & Dourish, P. (2003). Unpacking "privacy" for a networked world. In Proceedings of the SIGCHI conference on human factors in computing systems (pp. 129-136). New York, NY, USA: ACM.
142. Park, J., Sandhu, R., & Cheng, Y. (2011). Useractivity centric framework for access control in online social networks. IEEE Internet Computing, 1-9.
143. Squicciarini, A., Paci, F., & Sundareswaran, S. (2010). PriMa: An effective privacy protection mechanism for social networks. In Proceedings of the 5th ACM symposium on information, computer and communications security (pp. 320-323). ACM.