Privacy-Aware Collaborative Access Control in Web-Based Social Networks

  • Barbara Carminati
  • Elena Ferrari
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5094)


Access control over resources shared by social network users is today receiving growing attention due to the widespread use of social networks not only for recreational but also for business purposes. In a social network, access control is mainly regulated by the relationships established by social network users. An important issue is therefore to devise privacy-aware access control mechanisms able to perform a controlled sharing of resources by, at the same time, satisfying privacy requirements of social network users wrt their relationships. In this paper, we propose a solution to this problem, which enforces access control through a collaboration of selected nodes in the network. The use of cryptographic and digital signature techniques ensures that relationship privacy is guaranteed during the collaborative process. In the paper, besides giving the protocols to enforce collaborative access control we discuss their robustness against the main security threats.


Privacy-preserving data management Web-based Social Networks Collaborative access control 


  1. 1.
    Staab, S., Domingos, P., Mika, P., Golbeck, J., Ding, L., Finin, T.W., Joshi, A., Nowak, A., Vallacher, R.R.: Social networks applied. IEEE Intelligent Systems 20(1), 80–93 (2005)CrossRefGoogle Scholar
  2. 2.
    Chen, L.: Facebook’s feeds cause privacy concerns. the amherst student (October 2006),
  3. 3.
    Berteau, S.: Facebook’s misrepresentation of beacon’s threat to privacy: Tracking users who opt out or are not logged in. Security Advisor Research Blog (2007),
  4. 4.
    Canadian Privacy Commission: Social networking and privacy (2007),
  5. 5.
    EPIC: Social networking privacy (2008),
  6. 6.
    Federal Trade Commission: Social networking sites: A parents guide (2007),
  7. 7.
    Hogben, G.: Security issues and recommendations for online social networks. Position Paper 1, European Network and Information Security Agency (ENISA) (2007),
  8. 8.
    Carminati, B., Ferrari, E., Perego, A.: Private relationships in social networks. In: ICDE 2007 Workshops Proceedings, pp. 163–171. IEEE CS Press, Los Alamitos (2007)Google Scholar
  9. 9.
    Backstrom,C.D.L., Kleinberg, L.: Wherefore art thou r3579x? anonymized social networks, hidden patterns, and structural steganography. In: Proceedings of the World Wide Web Conference (2007)Google Scholar
  10. 10.
    Frikken, K.B., Golle, P.: Private social network analysis: How to assemble pieces of a graph privately. In: Proceedings of the 5th ACM Workshop on Privacy in Electronic Society (WPES 2006), pp. 89–98 (2006)Google Scholar
  11. 11.
    Hay, M., Miklau, G., Jensen, D., Weis, P., Srivastava, S.: Anonymizing social networks. Technical Report 07-19, University of Massachusetts Amherst, Computer Science Department (2007)Google Scholar
  12. 12.
    Zheleva, E., Getoor, L.: Preserving the privacy of sensitive relationships in graph data. In: Proceedings of the 1st ACM SIGKDD International Workshop on Privacy, Security, and Trust in KDD (PinKDD 2007) (2007)Google Scholar
  13. 13.
    Hart, R.J.M., Stent, A.: More content - less control: access control in the web 2.0. In: Proceedings of the Web 2.0 Security and Privacy Workshop (2007)Google Scholar
  14. 14.
    Carminati, B., Ferrari, E., Perego, A.: Rule-Based Access Control for Social Networks. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4278, pp. 1734–1744. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Stallings, W.: Network security essentials: applications and standards. Prentice Hall, Englewood Cliffs (2000)Google Scholar
  16. 16.
  17. 17.
    McAfee, A.: Enterprise 2.0: The dawn of emergent collaboration. MITSloan Management Review 47(3), 21–28 (2006)Google Scholar
  18. 18.
    Cederquist, J., Corin, R., Dekker, M., Etalle, S., den Hartog, J., Lenzini, G.: Audit-based compliance control. International Journal of Information Security 6(2-3), 133–151 (2007)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Barbara Carminati
    • 1
  • Elena Ferrari
    • 1
  1. 1.Department of Computer Science and CommunicationUniversity of InsubriaVareseItaly

Personalised recommendations