A Decentralized Security Framework for Web-Based Social Networks

International Journal of Information Security and Privacy (IJISP)

Volumn 2, Issue 4, 2008, Pages 22-53

  Carminati, Barbara ^a   Ferrari, Elena ^a   Perego, Andrea ^a  

^a UNIVERSITY OF INSUBRIA   (Italy)

Author keywords

Access control; Data security; Digital Segnature; Encryption; Internet Privacy; Internet Trust; Social Networks

Indexed keywords

EID: 85001842932     PISSN: 19301650     EISSN: 19301669     Source Type: Journal    
DOI: 10.4018/jisp.2008100102     Document Type: Article

References (25)

1. Agarwal, S., Sprick, B., & Wortmann, S. (2004). Credential-based access control for Semantic Web services. In AAAI spring symposium - Semantic Web services. Retrieved from, http://www.aifb.unikarl-sruhe.de/WBS/sag/papers/Agarwal_Sprick_Wort-mannCredentialBasedAccessControlForSemantic-WebServices-AAAI_SS_SWS-04.pdf
2. Backstrom, L., Dwork, C., & Kleinberg, J. (2007). Wherefore art thou R3579X? Anonymized social networks, hidden patterns, and structural steganography. In Proceedings of the World Wide Web conference 2007.
3. Barnes, S. B. (2006, September). A privacy paradox: Social networking in the United States. First Monday, 11(9). Retrieved from, http://www.firstmonday. org/issues/issue11_9/barnes
4. Bertino, E., & Sandhu, R. (2005). Database security— Concepts, approaches, and challenges. IEEE Trans. Dependable Secur. Comput., 2(1), pp. 2-19.
5. Brickley, D., & Miller, L. (2005, July). FOAF vocabulary specifcation (RDF Vocabulary Specifcation). Retrieved on XXX from, http://xmlns. com/foaf/0.1
6. Carminati, B., Ferrari, E., & Perego, A. (2006). Rule-based access control for social networks. In R. Meersman, Z. Tari, P. Herrero, et al. (Eds.), OTM 2006 workshops proceedings (pp. 1734-1744). Springer-Verlag.
7. Carminati, B., Ferrari, E., & Perego, A. (2007). Private relationships in social networks. In ICDE 2007 workshop proceedings (pp. 163-171). IEEE CS Press.
8. Carminati, B., Ferrari, E., & Perego, A. (2008). Security and privacy in social networks. In M. Khosrow-Pour (Ed.), The encyclopedia of information science and technology, 2nd edition. Hershey, PA: IGI Publishing. (To appear)
9. Cranor, L., Dobbs, B., Egelman, S., Hogben, G., Humphrey, J., Langheinrich, M., et al. (2006, November). The Platform for Privacy Preferences 1.1 (P3P1.1) specifcation (W3C Working Group Note). World Wide Web Consortium. Retrieved from, http://www. w3.org/TR/P3P11/
10. Cranor, L., Langheinrich, M., & Marchiori, M. (2002, April). A P3P Preference Exchange Language 1.0 (APPEL1.0) (W3C Working Draft). World Wide Web Consortium. Retrieved from, http://www. w3.org/TR/P3P-preferences/
11. Davis, I., & Vitiello Jr., E. (2005, August). RELATIONSHIP: A vocabulary for describing relationships between people (RDF Vocabulary Specifcation). Retrieved from, http://vocab.org/relationship/
12. Ding, L., Zhou, L., Finin, T., & Joshi, A. (2005). How the Semantic Web is being used: An analysis of FOAF documents. In Proceedings of the 38th annual Hawaii international conference on system sciences (HICSS'05) (p. 113.3). IEEE CS Press.
13. Ferraiolo, D. F., Kuhn, D. R., & Chandramouli, R. (Eds.). (2003). Role-based access control. Norwood MA: Artech House Publishers.
14. Fitzpatrick, B. (2005, July). OpenID 1.1 (Technical Specifcation). OpenID. Retrieved from, http://www. openid.net/specs.bml
15. Gates, C. E. (2007). Access control requirements for Web 2.0 security and privacy. In Proceedings of the Web 2.0 security & privacy 2007 workshop. Retrieved from, http://seclab.cs.rice.edu/w2sp/2007/ papers/paper-205-z_708.pdf
16. Golbeck, J. A. (2004). The Trust ontology (OWL Vocabulary). Retrieved from, http://trust.mindswap. org/ont/trust.owl
17. Hart, M., Johnson, R., & Stent, A. (2007). More content—less control: Access control in the Web 2.0. In Proceedings of the Web 2.0 security & privacy 2007 workshop. Retrieved from, http://seclab.cs.rice. edu/w2sp/2007/papers/paper-193-z_6706.pdf
18. Hay, M., Miklau, G., Jensen, D., Weis, P., & Srivastava, S. (2007, March). Anonymizing social networks (Tech. Rep. No. 07–19). University of Massachusetts Amherst, Computer Science Department. Retrieved from, http://www.cs.umass.edu/~mhay/papers/hayet-al-tr_0719.pdf
19. Palomar, E., Estevez-Tapiador, J. M., Hernandez-Castro, J. C., & Ribagorda, A. (2006). Certifcate-based access control in pure P2P networks. In Proceedings of the 6th IEEE international conference on peer-to-peer computing (P2P'06) (pp. 177-184). IEEE CS Press.
20. Staab, S., Domingos, P., Mika, P., Golbeck, J., Ding, L., Finin, T. W., et al. (2005). Social networks applied. IEEE Intelligent Systems, 20(1), 80-93.
21. Thompson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., & Essiari, A. (1999). Certifcate based access control for widely distributed resources. In Proceedings of the 8th USENIX security symposium. Retrieved from, http://dsd.lbl.gov/~mrt/papers/AkentiUsenixSec.pdf
22. Wang, D. W., Liau, C. J., & Hsu, Sheng,T. (2006). Privacy protection in social network data disclosure based on granular computing. In Proceedings of the 2006 IEEE international conference on fuzzy systems (HICSS'05) (pp. 997–1003). IEEE CS.
23. Watts, D. J. (2003). Small worlds: The dynamics of networks between order and randomness. Princeton, NJ: Princeton University Press.
24. Weitzner, D. J., Hendler, J., Berners-Lee, T., & Connolly, D. (2006). Creating a policy-aware Web: Discretionary, rule-based access for the World Wide Web. In E. Ferrari & B. M. Thuraisingham (Eds.), Web and information security (pp. 1-31). Hershey, PA: IDEA Group Publishing.
25. Winslett, M., Ching, N., Jones, V. E., & Slepchin, I. (1997). Using digital credentials on the World Wide Web. Journal of Computer Security, 5(3), pp. 255-266.