Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

IFIP Annual Conference on Data and Applications Security and Privacy

DBSec 2012: Data and Applications Security and Privacy XXVI pp 8–24Cite as

  1. Home
  2. Data and Applications Security and Privacy XXVI
  3. Conference paper
A User-to-User Relationship-Based Access Control Model for Online Social Networks

A User-to-User Relationship-Based Access Control Model for Online Social Networks

  • Yuan Cheng17,
  • Jaehong Park17 &
  • Ravi Sandhu17 
  • Conference paper
  • 2567 Accesses

  • 49 Citations

Part of the Lecture Notes in Computer Science book series (LNISA,volume 7371)

Abstract

Users and resources in online social networks (OSNs) are interconnected via various types of relationships. In particular, user-to-user relationships form the basis of the OSN structure, and play a significant role in specifying and enforcing access control. Individual users and the OSN provider should be allowed to specify which access can be granted in terms of existing relationships. We propose a novel user-to-user relationship-based access control (UURAC) model for OSN systems that utilizes regular expression notation for such policy specification. We develop a path checking algorithm to determine whether the required relationship path between users for a given access request exists, and provide proofs of correctness and complexity analysis for this algorithm.

Keywords

  • Access Control
  • Security
  • Social Networks

This work is supported by grants from the US National Science Foundation.

Download conference paper PDF

References

  1. Bruns, G., Fong, P.W., Siahaan, I., Huth, M.: Relationship-based access control: its expression and enforcement through hybrid logic. In: ACM CODASPY (2012)

    Google Scholar 

  2. Carminati, B., Ferrari, E., Heatherly, R., Kantarcioglu, M., Thuraisingham, B.: A semantic web based framework for social network access control. In: ACM SACMAT (2009)

    Google Scholar 

  3. Carminati, B., Ferrari, E., Heatherly, R., Kantarcioglu, M., Thuraisingham, B.: Semantic web-based social network access control. Computers and Security 30(2-3) (2011); Special Issue on Access Control Methods and Technologies

    Google Scholar 

  4. Carminati, B., Ferrari, E., Perego, A.: Rule-Based Access Control for Social Networks. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops, Part II. LNCS, vol. 4278, pp. 1734–1744. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  5. Carminati, B., Ferrari, E., Perego, A.: A decentralized security framework for web-based social networks. Int. Journal of Info. Security and Privacy 2(4) (2008)

    Google Scholar 

  6. Carminati, B., Ferrari, E., Perego, A.: Enforcing access control in web-based social networks. ACM Trans. Inf. Syst. Secur. 13(1) (2009)

    Google Scholar 

  7. Fong, P.W.L., Anwar, M., Zhao, Z.: A Privacy Preservation Model for Facebook-Style Social Network Systems. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 303–320. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  8. Fong, P.W.: Relationship-based access control: protection model and policy language. In: ACM CODASPY (2011)

    Google Scholar 

  9. Fong, P.W., Siahaan, I.: Relationship-based access control policies and their policy languages. In: ACM SACMAT (2011)

    Google Scholar 

  10. Gates, C.E.: Access control requirements for web 2.0 security and privacy. In: Proc. of Workshop on Web 2.0 Security and Privacy, W2SP 2007 (2007)

    Google Scholar 

  11. Kruk, S.R., Grzonkowski, S., Gzella, A., Woroniecki, T., Choi, H.-C.: D-FOAF: Distributed Identity Management with Access Rights Delegation. In: Mizoguchi, R., Shi, Z.-Z., Giunchiglia, F. (eds.) ASWC 2006. LNCS, vol. 4185, pp. 140–154. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  12. Masoumzadeh, A., Joshi, J.: Osnac: An ontology-based access control model for social networking systems. In: IEEE Social Computing, SocialCom (2010)

    Google Scholar 

  13. Park, J., Sandhu, R., Cheng, Y.: Acon: Activity-centric access control for social computing. In: Int. Conf. on Availability, Reliability and Security, ARES (2011)

    Google Scholar 

  14. Park, J., Sandhu, R., Cheng, Y.: A user-activity-centric framework for access control in online social networks. IEEE Internet Computing 15(5) (September-October 2011)

    Google Scholar 

  15. Rabin, M.O., Scott, D.: Finite automata and their decision problems. IBM J. Res. Dev. 3 (April 1959)

    Google Scholar 

  16. Thompson, K.: Programming techniques: Regular expression search algorithm. Commun. ACM 11 (June 1968)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Cyber Security, University of Texas at San Antonio, USA

    Yuan Cheng, Jaehong Park & Ravi Sandhu

Authors
  1. Yuan Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jaehong Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ravi Sandhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Télécom Bretagne, Campus de Rennes 2, rue de la Châtaigneraie, 35512, Cesson Sévigné Cedex, France

    Nora Cuppens-Boulahia, Frédéric Cuppens & Joaquin Garcia-Alfaro,  & 

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Cheng, Y., Park, J., Sandhu, R. (2012). A User-to-User Relationship-Based Access Control Model for Online Social Networks. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds) Data and Applications Security and Privacy XXVI. DBSec 2012. Lecture Notes in Computer Science, vol 7371. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31540-4_2

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-31540-4_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31539-8

  • Online ISBN: 978-3-642-31540-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature