LAMP - Label-Based Access-Control for More Privacy in Online Social Networks

  • Leila BahriEmail author
  • Barbara Carminati
  • Elena Ferrari
  • William Lucia
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9895)


Access control in Online Social Networks (OSNs) is generally approached with a relationship-based model. This limits the options in expressing privacy preferences to only the types of relationships users establish in the OSN. Moreover, current proposals do not address the privacy of dependent information types, such as comments or likes, at their atomic levels of ownership. Rather, the privacy of these data elements is holistically dependent on the aggregate object they belong to. To overcome this, we propose LAMP, a model that deploys fine grained label-based access control for information sharing in OSNs. Users in LAMP assign customized labels to their friends and to all types of their information; whereas access requests are evaluated by security properties carefully designed to establish orders between requestor’s and information’s labels. We prove the correctness of the suggested model, and we perform performance experiments based on different access scenarios simulated on a real OSN graph. We also performed a preliminary usability study that compared LAMP to Facebook privacy settings.


Label-based Access Control Online Social Networks (OSN) Facebook Privacy Settings Privacy Preferences Shared Copy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bahri, L., Carminati, B., Ferrari, E., Lucia, W.: Technical report: Lamp - label-based access control for more privacy in online social networks (2016).
  2. 2.
    Carminati, B., Ferrari, E., Perego, A.: Enforcing access control in web-based social networks. ACM Trans. Inf. System Secur. (TISSEC) 13(1), 6 (2009)zbMATHGoogle Scholar
  3. 3.
    Caviglione, L., Coccoli, M., Merlo, A.: A taxonomy-based model of security and privacy in online social networks. Int. J. Comput. Sci. Eng. 9(4), 325–338 (2014)CrossRefGoogle Scholar
  4. 4.
    Cheng, Y., Park, J., Sandhu, R.: Relationship-based access control for online social networks: beyond user-to-user relationships. In: Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Conference on Social Computing (SocialCom), pp. 646–655. IEEE (2012)Google Scholar
  5. 5.
    Ferrari, E.: Access Control in Data Management Systems. Synthesis Lectures on Data Management, Morgan & Claypool Publishers (2010).
  6. 6.
    Fong, P.W., Siahaan, I.: Relationship-based access control policies and their policy languages. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, pp. 51–60. ACM (2011)Google Scholar
  7. 7.
    Gao, H., Hu, J., Huang, T., Wang, J., Chen, Y.: Security issues in online social networks. IEEE Internet Comput. 15(4), 56–63 (2011)CrossRefGoogle Scholar
  8. 8.
    Hu, H., Ahn, G.J., Jorgensen, J.: Multiparty access control for online social networks: model and mechanisms. IEEE Trans. Knowl. Data Eng. 25(7), 1614–1627 (2013)CrossRefGoogle Scholar
  9. 9.
    Hu, H., Ahn, G.J., Zhao, Z., Yang, D.: Game theoretic analysis of multiparty access control in online social networks. In: Proceedings of the 19th ACM Symposium on Access Control Models and Technologies, pp. 93–102. ACM (2014)Google Scholar
  10. 10.
    Madejski, M., Johnson, M.L., Bellovin, S.M.: The failure of online social network privacy settings. Columbia University Academic Commons (2011)Google Scholar
  11. 11.
    Masoumzadeh, A., Joshi, J.: Osnac: an ontology-based access control model for social networking systems. In: 2010 IEEE Second International Conference on Social Computing (SocialCom), pp. 751–759. IEEE (2010)Google Scholar
  12. 12.
    Mehregan, P., Fong, P.W.L.: Design patterns for multiple stakeholders in social computing. In: Atluri, V., Pernul, G. (eds.) DBSec 2014. LNCS, vol. 8566, pp. 163–178. Springer, Heidelberg (2014)Google Scholar
  13. 13.
    ORACLE: Label security administrator’s guide. Accessed 29 May 2015
  14. 14.
    Pang, J., Zhang, Y.: A new access control scheme for facebook-style social networks. Comput. Secur. 54, 44–59 (2015)CrossRefGoogle Scholar
  15. 15.
    Squicciarini, A.C., Xu, H., Zhang, X.L.: Cope: Enabling collaborative privacy management in online social networks. J. Am. Soc. Inform. Sci. Technol. 62(3), 521–534 (2011)Google Scholar
  16. 16.
    Such, J.M., Rovatsos, M.: Privacy policy negotiation in social media. arXiv preprint (2014). arXiv:1412.5278

Copyright information

© IFIP International Federation for Information Processing 2016

Authors and Affiliations

  • Leila Bahri
    • 1
    Email author
  • Barbara Carminati
    • 1
  • Elena Ferrari
    • 1
  • William Lucia
    • 1
  1. 1.DiSTAInsubria UniversityVareseItaly

Personalised recommendations