Top

Published in:

2018 | OriginalPaper | Chapter

\(SoNeUCON_{ABC}Pro\): An Access Control Model for Social Networks with Translucent User Provenance

Authors : Lorena González-Manzano, Mark Slaymaker, Jose M. de Fuentes, Dimitris Vayenas

Published in: Security and Privacy in Communication Networks

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Web-Based Social Networks (WBSNs) are used by millions of people worldwide. While WBSNs provide many benefits, privacy preservation is a concern. The management of access control can help to assure data is accessed by authorized users. However, it is critical to provide sufficient flexibility so that a rich set of conditions may be imposed by users. In this paper we coin the term user provenance to refer to tracing users actions to supplement the authorisation decision when users request access. For example restricting access to a particular photograph to those which have “liked” the owners profile. However, such a tracing of actions has the potential to impact the privacy of users requesting access. To mitigate this potential privacy loss the concept of translucency is applied. This paper extends \(SoNeUCON_{ABC}\) model and presents \(SoNeUCON_{ABC}Pro\), an access control model which includes translucent user provenance. Entities and access control policies along with their enforcement procedure are formally defined. The evaluation demonstrates that the system satisfies the imposed goals and supports the feasibility of this model in different scenarios.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Situational Crime Prevention and the Mitigation of Cloud Computing Threats

next chapter SAFEDroid: Using Structural Features for Detecting Android Malwares

Available only for authorised users

http://aci.info/2014/07/12/the-data-explosion-in-2014-minute-by-minute-infographic/.

http://www.jonloomer.com/2012/05/06/history-of-facebook-changes/.

https://es-la.facebook.com/notes/radio-949/timeline/309814275719798/, last access June 2017.

http://www.pewresearch.org/fact-tank/2014/02/03/6-new-facts-about-facebook/, last access June 2017.

Although 2 sc would be a desirable threshold [22], we believe that the proposed limit is illustrative enough as it is the maximum acceptable upper limit.

The Advanced Distributed Learning (ADL) Initiative. Experience API, version 1.0.1 (2013). http://www.adlnet.org/wp-content/uploads/2013/10/xAPI_v1.0.1-2013-10-01.pdf. Accessed July 2016

Beato, F., Kohlweiss, M., Wouters, K.: Scramble! Your social network data. In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 211–225. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22263-4_12CrossRef

Buneman, P., Khanna, S., Tan, W.-C.: Data provenance: some basic issues. In: Kapoor, S., Prasad, S. (eds.) FSTTCS 2000. LNCS, vol. 1974, pp. 87–93. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44450-5_6CrossRef

Carminati, B., Ferrari, E.: Access control and privacy in web-based social networks. Int. J. Web Inf. Syst. 4, 395–415 (2008)CrossRef

Carminati, B., Ferrari, E., Perego, A.: Rule-based access control for social networks. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006, Part II. LNCS, vol. 4278, pp. 1734–1744. Springer, Heidelberg (2006). https://doi.org/10.1007/11915072_80CrossRef

Carminati, B., Ferrari, E., Perego, A.: Private relationships in social networks. In: ICDE, pp. 163–171. IEEE (2007)

Carminati, B., Ferrari, E., Perego, A.: Enforcing access control in web-based social networks. TISSEC 13(1), 6 (2009)CrossRef

Cheng, Y., Park, J., Sandhu, R.: Relationship-based access control for online social networks: beyond user-to-user relationships. In: SocialCom, pp. 646–655 (2012)

Cheng, Y., Bijon, K., Sandhu, R.: Extended ReBAC administrative models with cascading revocation and provenance support. In: SACMAT, pp. 161–170. ACM (2016)

10.

Cutillo, L.A., Molva, R., Strufe, T.: Safebook: a privacy-preserving online social network leveraging on real-life trust. IEEE Commun. Mag. 47(12), 94–101 (2009)CrossRef

11.

Danezis, G., Mittal, P.: Sybilinfer: detecting sybil nodes using social networks. In: NDSS (2009)

12.

Davidson, S.B., et al.: On provenance and privacy. In: EDBT/ICDT, pp. 3–10. ACM (2011)

13.

Fong, P.W.L., Siahaan, I.: Relationship-based access control policies and their policy languages. In: SACMAT, pp. 51–60. ACM (2011)

14.

Gilbert, E.: Designing social translucence over social networks. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2731–2740. ACM (2012)

15.

González-Manzano, L., González-Tablas, A.I., de Fuentes, J.M., Ribagorda, A.: \(SoNeUCON_{ABC}\), an expressive usage control model for web-based social networks. Comput. Secur. 43, 159–187 (2014)CrossRef

16.

Jahid, S., et al.: DECENT: a decentralized architecture for enforcing privacy in online social networks. In: PERCOM Workshops, pp. 326–332. IEEE (2012)

17.

Lalas, E., Papathanasiou, A., Lambrinoudakis, C.: Privacy and traceability in social networking sites. In: PCI, pp. 127–132. IEEE (2012)

18.

Li, J., et al.: Role based access control for social network sites. In: JCPC, pp. 389–394. IEEE (2009)

19.

Lynch, S.: The Agency “Cannot Survive Without Being More Transparent”. https://www.gsb.stanford.edu/insights/former-nsa-head-michael-hayden-agency-cannot-survive-without-being-more-transparent. Accessed July 2016 (2014)

20.

Masoumzadeh, A., Joshi, J.: OSNAC: an ontology-based access control model for social networking systems. In: SOCIALCOM, pp. 751–759. IEEE Computer Society (2010)

21.

Munckhof, C.V.D.: Content based access control in social network sites. Master’s thesis. Eindhoven University of Technology (2011)

22.

Nah, F.F.H.: A study on tolerable waiting time: how long are web users willing to wait? Behav. Inf. Technol. 23(3), 153–163 (2004)CrossRef

23.

Park, J., Nguyen, D., Sandhu, R.: On data provenance in group-centric secure collaboration. In: CollaborateCom, pp. 221–230. IEEE (2011)

24.

Park, J., Nguyen, D., Sandhu, R.: A provenance-based access control model. In: PST, pp. 137–144. IEEE (2012)

25.

Pei, J., Ye, X.: Towards policy retrieval for provenance based access control model. In: TrustCom, pp. 769–776. IEEE (2014)

26.

Power, D., Slaymaker, M., Simpson, A.: Conformance checking of dynamic access control policies. In: Qin, S., Qiu, Z. (eds.) ICFEM 2011. LNCS, vol. 6991, pp. 227–242. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24559-6_17CrossRef

27.

Sandhu, R.S., Samarati, P.: Access control: principle and practice. IEEE Commun. Mag. 32(9), 40–48 (1994)CrossRef

28.

Scowen, R.S.: Extended BNF-a generic base standard. Technical report, ISO/IEC 14977 (1998). http://www.cl.cam.ac.uk/mgk25/iso-14977.pdf

29.

Simcox, R.: Surveillance After Snowden: Effective Espionage in an Age of Transparency. The Henry Jackson Society, London (2015)

30.

ISO Standards. Date and time format - ISO 8601 (1988)

31.

Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10(05), 557–570 (2002)MathSciNetCrossRef

32.

Wei, W., et al.: Sybildefender: defend against sybil attacks in large social networks. In: INFOCOM, pp. 1951–1959. IEEE (2012)

33.

Yu, H., et al.: Sybilguard: defending against sybil attacks via social networks. ACM SIGCOMM Comput. Commun. Rev. 36, 267–278 (2006)CrossRef

34.

Zheng, Y., Wang, B., Lou, W., Hou, Y.T.: Privacy-preserving link prediction in decentralized online social networks. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015, Part II. LNCS, vol. 9327, pp. 61–80. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24177-7_4CrossRef

35.

Zhou, B., Pei, J.: Preserving privacy in social networks against neighborhood attacks. In: ICDE, pp. 506–515. IEEE (2008)

Title: : An Access Control Model for Social Networks with Translucent User Provenance
Authors: Lorena González-Manzano
Mark Slaymaker
Jose M. de Fuentes
Dimitris Vayenas
Publisher: Springer International Publishing
Book: Security and Privacy in Communication Networks
Print ISBN: 978-3-319-78815-9

Electronic ISBN: 978-3-319-78816-6

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-78816-6_17

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner