Privacy-Aware Access Control in Social Networks: Issues and Solutions

  • Barbara Carminati
  • Elena Ferrari
Part of the Advanced Information and Knowledge Processing book series (AI&KP)


Access control in online social networks (OSNs) is becoming an urgent need due to the amount of data managed by social networks and their sensitivity. Performing access control in a social network has many differences with respect to performing access control in a traditional data management system, in terms of both the policy language to support and the reference architecture for access control enforcement. Moreover, it is fundamental to also consider privacy issues connected to access control and to devise appropriate privacy-preserving access control systems. The aim of this chapter is to first discuss which are the requirements of privacy-aware access control to OSN resources and then to review the literature in view of the identified requirements. Finally, the chapter discusses future research directions in the field.


Access Control Policy Language Online Social Network Trust Level Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The work reported in this chapter is partially funded by the Italian MIUR under the ANONIMO project (PRIN-2007F9437X).


  1. 1.
    Ali B., Villegas W., and Maheswaran M. A trust based approach for protecting user data in social networks. In: Proceedings of the 2007 Conference of the Center for Advanced Studies on Collaborative research (CASCON’07), ACM, New York, NY, pp. 288–293, 2007.Google Scholar
  2. 2.
    Tootoonchian Y.G.A., Saroiu S., and Wolman A. Lockr: Better privacy for social networks. In: Proceedings of the T 5th ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), Rome, Italy, 2009.Google Scholar
  3. 3.
    Baden R., Bender A., Spring N., Bhattacharjee B., and Starin D. Persona: An online social network with user-defined privacy. In: Proceedings of the ACM SIGCOMM 2009 conference on Data communication, ACM, New York, NY, pp. 135–146, 2009.Google Scholar
  4. 4.
    Berteau S. Facebook’s misrepresentation of Beacon’s threat to privacy: Tracking users who opt out or are not logged in. CA Security Advisor Research Blog, March 2007, misrepresentation- of-beacon-s-threatto- privacy- tracking-users -who-opt -out-or-are-not-logged-in.aspx.
  5. 5.
    Bethencourt J., Sahai A., and Waters B. Ciphertext-policy attribute-based encryption. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, IEEE Computer Society , Washington, DC, pp. 321–334, 2007.Google Scholar
  6. 6.
    Bonneau J. and Preibusch S. The privacy jungle: On the market for data protection in social networks. In: The Eighth Workshop on the Economics of Information Security (WEIS 2009), 2009.Google Scholar
  7. 7.
    Carminati B. and Ferrari E. Enforcing relationships privacy through collaborative access control in web-based social networks. In: Proceedings of the 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing, IEEE CS Press, Washington, DC, November, 2009.Google Scholar
  8. 8.
    Carminati B., and Ferrari E. Privacy-aware collaborative access control in webbased social networks. In: Proceedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security, Springer, Berlin, pp. 81–96, 2008.Google Scholar
  9. 9.
    Carminati B., Ferrari E., Ramyond H., Kantarcioglu M., and Thuraisingham B. A semantic web based framework for social network access control. In: SACMAT ’09: Proceedings of the 14th ACM symposium on Access Control Models and Technologies, ACM, New York, NY, pp. 177–186, 2009.Google Scholar
  10. 10.
    Carminati B., Ferrari E., and Perego A. Rule-based access control for social networks. In: OTM 2006 Workshops, vol 2 LNCS 4278, Springer, Berlin, pp. 1734–1744, 2006.Google Scholar
  11. 11.
    Carminati B., Ferrari E., and Perego A. A decentralized security framework for web-based social networks. International Journal of Information Security and Privacy, 2(4):22–53, 2008.CrossRefGoogle Scholar
  12. 12.
    Carminati B., Ferrari E., and Perego A. Enforcing access control in web-based social networks. ACM Transactions on Information and System Security (TISSEC), 13(1):6, 2009.CrossRefGoogle Scholar
  13. 13.
    Chen L. Facebook’s feeds cause privacy concerns. The Amherst Student, October 2006,∼astudent/2006–2007/issue02/news/01.html.Google Scholar
  14. 14.
    Domingo-Ferrer J., Viejo A., Sebé F., and González-Nicolás Í. Privacy homomorphisms for social networks with private relationships. Computer Networks, 52(15):3007–3016, 2008.zbMATHCrossRefGoogle Scholar
  15. 15.
    Elahi N., Chowdhury M.M.R., and Noll J. Semantic access control in web based communities. In: ICCGI ’08: Proceedings of the 2008 the Third International Multi-Conference on Computing in the Global Information Technology (ICCGI 2008), IEEE Computer Society, Washington, DC, pp. 131–136, 2008.Google Scholar
  16. 16.
    EPIC. Social networking privacy, February 2008,, 2008. Accessed date: 07/06/2010.
  17. 17.
    Fong P.W.L., Anwar M.M., and Zhao Z. A privacy preservation model for facebook-style social network systems. In: Proceedings of the 14th European Symposium on Research in Computer Security (ESORICS 2009), Saint-Malo, France, September 21–23, 2009.Google Scholar
  18. 18.
    Golbeck J.A. Computing and applying trust in web-based social networks. PhD thesis, College Park, MD (Chair-Hendler, James), 2005.Google Scholar
  19. 19.
    Gollu K.K., Saroiu S., and Wolman A. A social networking-based access control scheme for personal content. In: Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP 07), Skamania Lodge Stevenson, WA, USA, 2007.Google Scholar
  20. 20.
    Horrocks I., Patel-Schneider P.F., Boley H., Tabet S., Grosof B., and Dean M. SWRL: A semantic web rule language combining OWL and RuleML. W3C Member Submission, World Wide Web Consortium, May 2004,
  21. 21.
    Liu K., Das K., Grandison T., and Kargupta H. Privacy-preserving data analysis on graphs and social networks. In: Next Generation Data Mining (eds. H. Kargupta, J. Han, P. Yu, R. Motwani, and V. Kumar), CRC Press, Boca Raton, FL, pp. 419–437, 2008.Google Scholar
  22. 22.
    Lucas M.M. and Borisov N. Flybynight: mitigating the privacy risks of social networking. In: Proceedings of the 7th ACM workshop on Privacy in the electronic society, ACM, New York, NY, pp. 1–8, 2008Google Scholar
  23. 23.
    Au Yeung C.M., Liccardi I., Lu K., Seneviratne O., and Berners- Lee T. Decentralization: The future of online social networking. In: W3C Workshop on the Future of Social Networking, Barcelona, January 2009.Google Scholar
  24. 24.
    Mezzour, G., Perrig A., Gligor V., and Papadimitratos P. Privacy-Preserving Relationship Path Discovery in Social Networks. In: Computer Science; Vol. 5888 Proceedings of the 8th International Conference on Cryptology and Network Security (CANS 2009), December 2009.Google Scholar
  25. 25.
    Mika P. Social Networks and the Semantic Web (Semantic Web and Beyond). Springer, New York, NY, 1st edition, 2007.Google Scholar
  26. 26.
    Nin J., Carminati B., Ferrari E., and Torra V. Computing reputation for collaborative private networks. In: COMPSAC ’09: Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference, IEEE Computer Society, Washington, DC, pp. 246–253, 2009.Google Scholar
  27. 27.
    Shamir A. How to share a secret. Communications of the ACM, 22(11):612–613, 1979.MathSciNetzbMATHCrossRefGoogle Scholar
  28. 28.
    Shehab M., Squicciarini A.C., and Ahn G-J. Beyond user-to-user access control for online social networks. In: ICICS ’08: Proceedings of the 10th International Conference on Information and Communications Security, Springer, Berlin, pp. 174–189, 2008.Google Scholar
  29. 29.
    Tootoonchian A., Gollu K.K., Saroiu S., Ganjali Y., and Wolman A. Lockr: social access control for web 2.0. In: Proceedings of the First Workshop on Online Social Networks, ACM, New York, NY, pp. 43–48, 2008.Google Scholar
  30. 30.
    Villegas W., Ali B., and Maheswaran M. An access control scheme for protecting personal data. In: Proceedings of the 2008 Sixth Annual Conference on Privacy, Security and Trust, IEEE Computer Society, Washington, DC, pp. 24–35, USA, 2008.Google Scholar

Copyright information

© Springer London 2010

Authors and Affiliations

  1. 1.Department di Informatica e ComunicazioneUniversità degli Studi dell’InsubriaVareseItaly

Personalised recommendations