skip to main content
research-article

Enforcing access control in Web-based social networks

Authors Info & Claims
Published:06 November 2009Publication History
Skip Abstract Section

Abstract

In this article, we propose an access control mechanism for Web-based social networks, which adopts a rule-based approach for specifying access policies on the resources owned by network participants, and where authorized users are denoted in terms of the type, depth, and trust level of the relationships existing between nodes in the network. Different from traditional access control systems, our mechanism makes use of a semidecentralized architecture, where access control enforcement is carried out client-side. Access to a resource is granted when the requestor is able to demonstrate being authorized to do that by providing a proof. In the article, besides illustrating the main notions on which our access control model relies, we present all the protocols underlying our system and a performance study of the implemented prototype.

Skip Supplemental Material Section

Supplemental Material

References

  1. Adomavicius, G. and Tuzhilin, A. 2005. Toward the next generation of recommender systems: A survey of the state-of-the-art and possible extensions. IEEE Trans. Knowl. Data Eng. 17, 6, 734--749. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Ali, B., Villegas, W., and Maheswaran, M. 2007. A trust-based approach for protecting user data in social networks. In Proceedings of the Conference of the Center for Advanced Studies on Collaborative Research (CASCON'07). ACM Press, New York, 288--293. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Avesani, P., Massa, P., and Tiella, R. 2005. A trust-enhanced recommender system application: Moleskiing. In Proceedings of the ACM Symposium on Applied Computing (SAC'05). ACM Press, New York, 1589--1593. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Berners-Lee, T., Connolly, D., Kagal, L., Scharf, Y., and Hendler, J. 2008. N3Logic: A logical framework for the World Wide Web. Theory Pract. Log. Program. 8, 3, 249--269. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Berteau, S. 2007. Facebook's misrepresentation of Beacon's threat to privacy: Tracking users who opt out or are not logged in. CA Security Advisor Research Blog. http://community.ca.com/blogs/securityadvisor/archive/2007/11/29/facebook-s-isrepresentation-ofbeacon-s-threat-to-privacy-tracking-users-who-opt-out-or-are-not-logged-in.aspx.Google ScholarGoogle Scholar
  6. Beth, T., Borcherding, M., and Klein, B. 1994. Valuation of trust in open networks. In Proceedings of the European Symposium on Research in Computer Security (ESORICS'94). Springer, Berlin, 3--18. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. D. 1999. The KeyNote trust management system version 2. IETF RFC 2704, Internet Engineering Task Force. http://www.ietf.org/rfc/rfc2704.txt.Google ScholarGoogle Scholar
  8. Blaze, M., Feigenbaum, J., and Strauss, M. 1998. Compliance checking in the PolicyMaker trust management system. In Proceedings of the 2nd International Conference on Financial Cryptography (FC'98). Springer, Berlin, 1439--1456. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Brickley, D. and Miller, L. 2007. FOAF vocabulary specification 0.91. Namespace Document. http://xmlns.com/foaf/0.1.Google ScholarGoogle Scholar
  10. Canadian Privacy Commission. 2007. Social Networking and Privacy. http://www.privcom.gc.ca/information/social/index_e.asp.Google ScholarGoogle Scholar
  11. Carminati, B. and Ferrari, E. 2008. Access control and privacy in Web-based social networks. Int. J. Web Inf. Syst. 4, 4, 395--415.Google ScholarGoogle ScholarCross RefCross Ref
  12. Carminati, B., Ferrari, E., and Perego, A. 2006. Rule-based access control for social networks. In On the Move to Meaningful Internet Systems: OTM'06 Workshops. Springer, Berlin, 1734--1744. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Chen, L. 2006. Facebook's feeds cause privacy concerns. The Amherst Student. http://halogen.note.amherst.edu/~astudent/2006--2007/issue02/news/01.html.Google ScholarGoogle Scholar
  14. Choi, H.-C., Kruk, S. R., Grzonkowski, S., Stankiewicz, K., Davis, B., and Breslin, J. G. 2006. Trust models for community-aware identity management. In Proceedings of the Identity, Reference, and the Web Workshop (IRW'06). http://www.ibiblio.org/hhalpin/irw2006/skruk.pdf.Google ScholarGoogle Scholar
  15. Cwm. 2006. Cwm--A General Purpose Data Processor for the Semantic Web. http://www.w3.org/2000/10/swap/doc/cwm.html.Google ScholarGoogle Scholar
  16. Davis, I. and Vitiello Jr, E. 2005. RELATIONSHIP: A vocabulary for describing relationships between people. Namespace Document. http://purl.org/vocab/relationship.Google ScholarGoogle Scholar
  17. Ding, L., Zhou, L., Finin, T. W., and Joshi, A. 2005. How the Semantic Web is being used: An analysis of FOAF documents. In Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS'05). IEEE, Los Alamitos, CA, 113c. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Ellison, C. M., Frantz, B., Lampson, B., Rivest, R. L., Thomas, B. M., and Ylönen, T. 1999. SPKI certificate theory. IETF RFC 2693, Internet Engineering Task Force. http://www.ietf.org/rfc/rfc2693.txt.Google ScholarGoogle Scholar
  19. EPIC. 2008a. Facebook Privacy Page. http://epic.org/privacy/facebook/.Google ScholarGoogle Scholar
  20. EPIC. 2008b. Social Networking Privacy. http://epic.org/privacy/socialnet/default.html.Google ScholarGoogle Scholar
  21. Federal Trade Commission. 2007. Social Networking Sites: A Parent's Guide. http://www.ftc.gov/bcp/edu/pubs/consumer/tech/tec13.shtm.Google ScholarGoogle Scholar
  22. Ferrari, E. and Thuraisingham, B. 2000. Secure database systems. In Advanced Database Technology and Design, M. Piattini and O. Diaz, Eds. Artech House, Norwood, MA, 353--403.Google ScholarGoogle Scholar
  23. Garfinkel, S. 1996. PGP: Pretty Good Privacy. O'Reilly&Associates, Sebastopol, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Golbeck, J. A. 2005. Computing and applying trust in Web-based social networks. Ph.D. thesis, Graduate School of the University of Maryland, College Park. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Golbeck, J. A. and Hendler, J. 2006. Inferring binary trust relationships in Web-based social networks. ACM Trans. Inter. Tech. 6, 4, 497--529. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Hart, M., Johnson, R., and Stent, A. 2007. More content—less control: Access control in the Web 2.0. In Proceedings of the Web 2.0 Security&Privacy Workshop (W2SP'07). http://seclab.cs.rice.edu/w2sp/2007/papers/paper-193-z_6706.pdf.Google ScholarGoogle Scholar
  27. Hogben, G. 2007. Security issues and recommendations for online social networks. ENISA Position Paper 1, European Network and Information Security Agency. http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_pp_social_networks.pdf.Google ScholarGoogle Scholar
  28. Horrocks, I., Patel-Schneider, P. F., Boley, H., Tabet, S., Grosof, B., and Dean, M. 2004. SWRL: A Semantic Web rule language combining OWL and RuleML. W3C Member Submission, World Wide Web Consortium. http://www.w3.org/Submission/SWRL.Google ScholarGoogle Scholar
  29. Jøsang, A. 1999. An algebra for assessing trust in certification chains. In Proceedings of the Network and Distributed System Security Symposium (NDSS'99). http://www.isoc.org/isoc/conferences/ndss/99/proceedings/papers/josang.pdf.Google ScholarGoogle Scholar
  30. Jøsang, A., Gray, E., and Kinateder, M. 2006. Simplification and analysis of transitive trust networks. Web Intell. Agent Syst. 4, 2, 139--161. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Jøsang, A., Ismail, R., and Boyd, C. 2007. A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43, 2, 618--644. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Kamvar, S. D., Schlosser, M. T., and Garcia-Molina, H. 2003. The Eigentrust algorithm for reputation management in P2P networks. In Proceedings of 12th International Conference on World Wide Web (WWW'03). ACM, New York, 640--651. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Kleinberg, J. 2000. The small-world phenomenon: An algorithmic perspective. In Proceedings of the 32nd Annual ACM Symposium on Theory of Computing (STOC'00). ACM, New York, 163--170. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Kruk, S. R., Grzonkowski, S., Choi, H.-C., Woroniecki, T., and Gzella, A. 2006. D-FOAF: Distributed identity management with access rights delegation. In Proceedings of the Asian Semantic Web Conference (ASWC'06). Springer, Berlin, 140--154. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Martel, C. and Nguyen, V. 2004. Analyzing Kleinberg's (and other) small-world models. In Proceedings of the 23rd Annual ACM Symposium on Principles of Distributed Computing (PODC'04). ACM, 179--188. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Reiter, M. K. and Stubblebine, S. G. 1997. Toward acceptable metrics of authentication. In Proceedings of the IEEE Symposium on Security and Privacy (SP'97). IEEE, Los Alamitos, CA, 10--20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Shamir, A. 1979. How to share a secret. Comm. ACM 22, 11, 612--613. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Watts, D. J. 2003. Small Worlds: The Dynamics of Networks between Order and Randomness. Princeton University Press, Princeton, NJ. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Weitzner, D. J., Hendler, J., Berners-Lee, T., and Connolly, D. 2006. Creating a policy-aware Web: Discretionary, rule-based access for the World Wide Web. In Web&Information Security, E. Ferrari and B. Thuraisingham, Eds. IDEA Group Publishing, Hershey, PA, 1--31.Google ScholarGoogle Scholar
  40. Xiong, L. and Liu, L. 2004. PeerTrust: Supporting reputation-based trust for peer-to-peer electronic communities. IEEE Trans. Knowl. Data Eng. 16, 7, 843--857. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Enforcing access control in Web-based social networks

                  Recommendations

                  Comments

                  Login options

                  Check if you have access through your login credentials or your institution to get full access on this article.

                  Sign in

                  Full Access

                  • Published in

                    cover image ACM Transactions on Information and System Security
                    ACM Transactions on Information and System Security  Volume 13, Issue 1
                    October 2009
                    289 pages
                    ISSN:1094-9224
                    EISSN:1557-7406
                    DOI:10.1145/1609956
                    Issue’s Table of Contents

                    Copyright © 2009 ACM

                    Publisher

                    Association for Computing Machinery

                    New York, NY, United States

                    Publication History

                    • Published: 6 November 2009
                    • Accepted: 1 August 2008
                    • Revised: 1 April 2008
                    • Received: 1 March 2007
                    Published in tissec Volume 13, Issue 1

                    Permissions

                    Request permissions about this article.

                    Request Permissions

                    Check for updates

                    Qualifiers

                    • research-article
                    • Research
                    • Refereed

                  PDF Format

                  View or Download as a PDF file.

                  PDF

                  eReader

                  View online with eReader.

                  eReader
                  About Cookies On This Site

                  We use cookies to ensure that we give you the best experience on our website.

                  Learn more

                  Got it!