Skip to main content
SpringerLink
Log in

Privacy-Aware Access Control in Social Networks: Issues and Solutions

  • Chapter
  • First Online:
Book cover Privacy and Anonymity in Information Management Systems

Part of the book series: Advanced Information and Knowledge Processing ((AI&KP))

Abstract

Access control in online social networks (OSNs) is becoming an urgent need due to the amount of data managed by social networks and their sensitivity. Performing access control in a social network has many differences with respect to performing access control in a traditional data management system, in terms of both the policy language to support and the reference architecture for access control enforcement. Moreover, it is fundamental to also consider privacy issues connected to access control and to devise appropriate privacy-preserving access control systems. The aim of this chapter is to first discuss which are the requirements of privacy-aware access control to OSN resources and then to review the literature in view of the identified requirements. Finally, the chapter discusses future research directions in the field.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://en.wikipedia.org/wiki/Social_search

  2. 2.

    http://www.facebook.com/press/info.php?statistics

  3. 3.

    A more detailed analysis of privacy practices in 45 OSNs can be found in [6]

  4. 4.

    Trust computation is out of the scope of this chapter, we refer the interested reader to [18] for more details on this topic

  5. 5.

    This problem has been addressed also in [28], where an access control framework enabling users to specify how attributes have to be shared with third-party applications have been proposed

References

  1. Ali B., Villegas W., and Maheswaran M. A trust based approach for protecting user data in social networks. In: Proceedings of the 2007 Conference of the Center for Advanced Studies on Collaborative research (CASCON’07), ACM, New York, NY, pp. 288–293, 2007.

    Google Scholar 

  2. Tootoonchian Y.G.A., Saroiu S., and Wolman A. Lockr: Better privacy for social networks. In: Proceedings of the T 5th ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), Rome, Italy, 2009.

    Google Scholar 

  3. Baden R., Bender A., Spring N., Bhattacharjee B., and Starin D. Persona: An online social network with user-defined privacy. In: Proceedings of the ACM SIGCOMM 2009 conference on Data communication, ACM, New York, NY, pp. 135–146, 2009.

    Google Scholar 

  4. Berteau S. Facebook’s misrepresentation of Beacon’s threat to privacy: Tracking users who opt out or are not logged in. CA Security Advisor Research Blog, March 2007, http://community.ca.com/blogs/securityadvisor/archive/2007/11/29/facebook-s- misrepresentation- of-beacon-s-threatto- privacy- tracking-users -who-opt -out-or-are-not-logged-in.aspx.

  5. Bethencourt J., Sahai A., and Waters B. Ciphertext-policy attribute-based encryption. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, IEEE Computer Society , Washington, DC, pp. 321–334, 2007.

    Google Scholar 

  6. Bonneau J. and Preibusch S. The privacy jungle: On the market for data protection in social networks. In: The Eighth Workshop on the Economics of Information Security (WEIS 2009), 2009.

    Google Scholar 

  7. Carminati B. and Ferrari E. Enforcing relationships privacy through collaborative access control in web-based social networks. In: Proceedings of the 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing, IEEE CS Press, Washington, DC, November, 2009.

    Google Scholar 

  8. Carminati B., and Ferrari E. Privacy-aware collaborative access control in webbased social networks. In: Proceedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security, Springer, Berlin, pp. 81–96, 2008.

    Google Scholar 

  9. Carminati B., Ferrari E., Ramyond H., Kantarcioglu M., and Thuraisingham B. A semantic web based framework for social network access control. In: SACMAT ’09: Proceedings of the 14th ACM symposium on Access Control Models and Technologies, ACM, New York, NY, pp. 177–186, 2009.

    Google Scholar 

  10. Carminati B., Ferrari E., and Perego A. Rule-based access control for social networks. In: OTM 2006 Workshops, vol 2 LNCS 4278, Springer, Berlin, pp. 1734–1744, 2006.

    Google Scholar 

  11. Carminati B., Ferrari E., and Perego A. A decentralized security framework for web-based social networks. International Journal of Information Security and Privacy, 2(4):22–53, 2008.

    Article  Google Scholar 

  12. Carminati B., Ferrari E., and Perego A. Enforcing access control in web-based social networks. ACM Transactions on Information and System Security (TISSEC), 13(1):6, 2009.

    Article  Google Scholar 

  13. Chen L. Facebook’s feeds cause privacy concerns. The Amherst Student, October 2006, http://halogen.note.amherst.edu/∼astudent/2006–2007/issue02/news/01.html.

    Google Scholar 

  14. Domingo-Ferrer J., Viejo A., Sebé F., and González-Nicolás Í. Privacy homomorphisms for social networks with private relationships. Computer Networks, 52(15):3007–3016, 2008.

    Article  MATH  Google Scholar 

  15. Elahi N., Chowdhury M.M.R., and Noll J. Semantic access control in web based communities. In: ICCGI ’08: Proceedings of the 2008 the Third International Multi-Conference on Computing in the Global Information Technology (ICCGI 2008), IEEE Computer Society, Washington, DC, pp. 131–136, 2008.

    Google Scholar 

  16. EPIC. Social networking privacy, February 2008, http://epic.org/privacy/socialnet/default.html, 2008. Accessed date: 07/06/2010.

  17. Fong P.W.L., Anwar M.M., and Zhao Z. A privacy preservation model for facebook-style social network systems. In: Proceedings of the 14th European Symposium on Research in Computer Security (ESORICS 2009), Saint-Malo, France, September 21–23, 2009.

    Google Scholar 

  18. Golbeck J.A. Computing and applying trust in web-based social networks. PhD thesis, College Park, MD (Chair-Hendler, James), 2005.

    Google Scholar 

  19. Gollu K.K., Saroiu S., and Wolman A. A social networking-based access control scheme for personal content. In: Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP 07), Skamania Lodge Stevenson, WA, USA, 2007.

    Google Scholar 

  20. Horrocks I., Patel-Schneider P.F., Boley H., Tabet S., Grosof B., and Dean M. SWRL: A semantic web rule language combining OWL and RuleML. W3C Member Submission, World Wide Web Consortium, May 2004, http://www.w3.org/Submission/SWRL.

  21. Liu K., Das K., Grandison T., and Kargupta H. Privacy-preserving data analysis on graphs and social networks. In: Next Generation Data Mining (eds. H. Kargupta, J. Han, P. Yu, R. Motwani, and V. Kumar), CRC Press, Boca Raton, FL, pp. 419–437, 2008.

    Google Scholar 

  22. Lucas M.M. and Borisov N. Flybynight: mitigating the privacy risks of social networking. In: Proceedings of the 7th ACM workshop on Privacy in the electronic society, ACM, New York, NY, pp. 1–8, 2008

    Google Scholar 

  23. Au Yeung C.M., Liccardi I., Lu K., Seneviratne O., and Berners- Lee T. Decentralization: The future of online social networking. In: W3C Workshop on the Future of Social Networking, Barcelona, January 2009.

    Google Scholar 

  24. Mezzour, G., Perrig A., Gligor V., and Papadimitratos P. Privacy-Preserving Relationship Path Discovery in Social Networks. In: Computer Science; Vol. 5888 Proceedings of the 8th International Conference on Cryptology and Network Security (CANS 2009), December 2009.

    Google Scholar 

  25. Mika P. Social Networks and the Semantic Web (Semantic Web and Beyond). Springer, New York, NY, 1st edition, 2007.

    Google Scholar 

  26. Nin J., Carminati B., Ferrari E., and Torra V. Computing reputation for collaborative private networks. In: COMPSAC ’09: Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference, IEEE Computer Society, Washington, DC, pp. 246–253, 2009.

    Google Scholar 

  27. Shamir A. How to share a secret. Communications of the ACM, 22(11):612–613, 1979.

    Article  MathSciNet  MATH  Google Scholar 

  28. Shehab M., Squicciarini A.C., and Ahn G-J. Beyond user-to-user access control for online social networks. In: ICICS ’08: Proceedings of the 10th International Conference on Information and Communications Security, Springer, Berlin, pp. 174–189, 2008.

    Google Scholar 

  29. Tootoonchian A., Gollu K.K., Saroiu S., Ganjali Y., and Wolman A. Lockr: social access control for web 2.0. In: Proceedings of the First Workshop on Online Social Networks, ACM, New York, NY, pp. 43–48, 2008.

    Google Scholar 

  30. Villegas W., Ali B., and Maheswaran M. An access control scheme for protecting personal data. In: Proceedings of the 2008 Sixth Annual Conference on Privacy, Security and Trust, IEEE Computer Society, Washington, DC, pp. 24–35, USA, 2008.

    Google Scholar 

Download references

Acknowledgments

The work reported in this chapter is partially funded by the Italian MIUR under the ANONIMO project (PRIN-2007F9437X).

Author information

Authors and Affiliations

  1. Department di Informatica e Comunicazione, Università degli Studi dell’Insubria, Via Mazzini 5, 21100, Varese, Italy

    Barbara Carminati & Elena Ferrari

Authors
  1. Barbara Carminati
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elena Ferrari
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Barbara Carminati .

Editor information

Editors and Affiliations

  1. Dept. Arquitectura de Computadors, Universitat Politècnica de Catalunya, Campus de la UAB s/n, Barcelona, 08034, Spain

    Jordi Nin

  2. Dept. Matematica Aplicada IV, Universitat Politècnica de Catalunya, C. Jordi Girona 1-3, Barcelona, 08034, Spain

    Javier Herranz

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer London

About this chapter

Cite this chapter

Carminati, B., Ferrari, E. (2010). Privacy-Aware Access Control in Social Networks: Issues and Solutions. In: Nin, J., Herranz, J. (eds) Privacy and Anonymity in Information Management Systems. Advanced Information and Knowledge Processing. Springer, London. https://doi.org/10.1007/978-1-84996-238-4_9

Download citation

  • DOI: https://doi.org/10.1007/978-1-84996-238-4_9

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-84996-237-7

  • Online ISBN: 978-1-84996-238-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation