nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Relationship-Based Access Control for Resharing in Decentralized Online Social Networks

verfasst von : Richard Gay, Jinwei Hu, Heiko Mantel, Sogol Mazaheri

Erschienen in: Foundations and Practice of Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Decentralized online social networks (DOSNs) have adopted quite coarse-grained policies for sharing messages with friends of friends (i.e., resharing). They either forbid it completely or allow resharing of messages only without any possibility to constrain their subsequent distribution. In this article, we present a novel enforcement mechanism for securing resharing in DOSNs by relationship-based access control and user-determined privacy policies. Our mechanism supports resharing and offers users control over their messages after resharing. Moreover, it addresses the fact that DOSNs are run by multiple providers and honors users’ choices of which providers they trust. We clarify how our mechanism can be effectively implemented by a prototype for the DOSN Diaspora*. Our experimental evaluation shows that controlling privacy with our prototype causes only a rather small performance overhead.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Attribute-Based Encryption as a Service for Access Control in Large-Scale Organizations

Nächstes Kapitel Secure Protocol of ABAC Certificates Revocation and Delegation

Even the centralized OSN Facebook supports controlled resharing only with users with whom the message had been already shared with. The alternative in Facebook is uncontrolled sharing where users may arbitrarily reshare messages that they receive.

Available at http://www.mais.informatik.tu-darmstadt.de/CReDiC.html.

Albertini, D.A., Carminati, B.: Relationship-based information sharing in cloud-based decentralized social networks. In: 4th Conference on Data and Application Security and Privacy, pp. 297–304 (2014)

Bahri, L., Carminati, B., Ferrari, E.: CARDS - Collaborative audit and report data sharing for a-posteriori access control in DOSNs. In: IEEE Conference on Collaboration and Internet Computing, pp. 36–45. IEEE Computer Society (2015)

Beato, F., Conti, M., Preneel, B., Vettore, D.: VirtualFriendship: hiding interactions on online social networks. In: Conference on Communications and Network Security, pp. 328–336 (2014)

Beth, T., Borcherding, M., Klein, B.: Valuation of trust in open networks. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 1–18. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-58618-0_53 CrossRef

Bodriagov, O., Kreitz, G., Buchegger, S.: Access control in decentralized online social networks: applying a policy-hiding cryptographic scheme and evaluating its performance. In: 2014 International Conference on Pervasive Computing and Communication Workshops, pp. 622–628 (2014)

Bruns, G., Fong, P.W.L., Siahaan, I., Huth, M.: Relationship-based access control: its expression and enforcement through hybrid logic. In: 2nd Conference on Data and Application Security and Privacy, pp. 117–124 (2012)

Buchegger, S., Schiöberg, D., Vu, L.-H., Datta, A.: PeerSoN: P2P social networking: early experiences and insights. In: 2nd EuroSys Workshop on Social Network Systems, pp. 46–52 (2009)

Carminati, B., Ferrari, E., Perego, A.: Enforcing access control in web-based social networks. Trans. Inf. Syst. Secur. 13(1), 6:1–6:38 (2009)

Conti, M., Hasani, A., Crispo, B.: Virtual private social networks and a facebook implementation. Trans. Web 7(3), 14:1–14:31 (2013)

10.

Cutillo, L.A., Molva, R., Strufe, T.: Safebook: a privacy-preserving online social network leveraging on real-life trust. Commun. Mag. 47(12), 94–101 (2009)CrossRef

11.

Cutillo, L.A., Molva, R., Strufe, T.: Safebook: feasibility of transitive cooperation for privacy on a decentralized social network. In: 10th International Symposium on a World of Wireless, Mobile and Multimedia Networks, pp. 1–6 (2009)

12.

Datta, A., Buchegger, S., Vu, L.-H., Strufe, T., Rzadca, K.: Decentralized online social networks. In: Furht, B. (ed.) Handbook of Social Network Technologies and Applications, pp. 349–378. Springer, Boston (2010). https://doi.org/10.1007/978-1-4419-7142-5_17 CrossRef

13.

Fong, P.W.L.: Relationship-based access control: protection model and policy language. In: 1st Conference on Data and Application Security and Privacy, pp. 191–202 (2011)

14.

Fong, P.W.L., Anwar, M., Zhao, Z.: A privacy preservation model for facebook-style social network systems. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 303–320. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_19 CrossRef

15.

Gates, C.E.: Access control requirements for web 2.0 security and privacy. In: Workshop on Web 2.0 Security & Privacy (2007)

16.

Gay, R., Hu, J., Mantel, H.: CliSeAu: securing distributed Java programs by cooperative dynamic enforcement. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 378–398. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13841-1_21

17.

Golbeck, J.A.: Computing and applying trust in web-based social networks. Ph.D. thesis, University of Maryland (2005)

18.

Grippi, D., Salzberg, M., Sofaer, R., Zhitomirskiy, I.: The Diaspora* Project, February 2016. http://diasporafoundation.org/

19.

Hang, C., Wang, Y., Singh, M.P.: Operators for propagating trust and their evaluation in social networks. In: 8th International Joint Conference on Autonomous Agents and Multiagent Systems. vol. 2, pp. 1025–1032 (2009)

20.

Hu, H., Ahn, G., Jorgensen, J.: Multiparty access control for online social networks: model and mechanisms. IEEE Trans. Knowl. Data Eng. 25(7), 1614–1627 (2013)CrossRef

21.

Jøsang, A.: A subjective metric of authentication. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 329–344. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055873 CrossRef

22.

Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618–644 (2007)CrossRef

23.

Kruk, S.R., Grzonkowski, S., Gzella, A., Woroniecki, T., Choi, H.-C.: D-FOAF: distributed identity management with access rights delegation. In: Mizoguchi, R., Shi, Z., Giunchiglia, F. (eds.) ASWC 2006. LNCS, vol. 4185, pp. 140–154. Springer, Heidelberg (2006). https://doi.org/10.1007/11836025_15 CrossRef

24.

Kumari, P., Pretschner, A., Peschla, J., Kuhn, J.M.: Distributed data usage control for web applications: a social network implementation. In: 1st Conference on Data and Application Security and Privacy, pp. 85–96 (2011)

25.

Mao, H., Shuai, X., Kapadia, A.: Loose tweets: an analysis of privacy leaks on Twitter. In: 10th Annual ACM Workshop on Privacy in the Electronic Society, pp. 1–12 (2011)

26.

Mayer, R.C., Davis, J.H., Schoorman, F.D.: An integrative model of organizational trust. Acad. Manag. Rev. 20(3), 709–734 (1995)

27.

Oaks, S.: Java Performance - The Definitive Guide: Getting the Most Out of Your Code. O’Reilly, Sebastopol (2014)

28.

Paul, T., Famulari, A., Strufe, T.: A survey on decentralized online social networks. Comput. Netw. 75, 437–452 (2014)CrossRef

29.

Trivellato, D., Zannone, N., Etalle, S.: GEM: a distributed goal evaluation algorithm for trust management. Theory Pract. Logic Program. 14(3), 293–337 (2014)MathSciNetCrossRef

30.

Wampler, D.: Aquarium: AOP in Ruby. In: Aspect Oriented Software Development (2008)

Titel: Relationship-Based Access Control for Resharing in Decentralized Online Social Networks
verfasst von: Richard Gay
Jinwei Hu
Heiko Mantel
Sogol Mazaheri
Verlag: Springer International Publishing
Buch: Foundations and Practice of Security
Print ISBN: 978-3-319-75649-3

Electronic ISBN: 978-3-319-75650-9

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-75650-9_2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"