Abstract
Access control over resources shared by social network users is today receiving growing attention due to the widespread use of social networks not only for recreational but also for business purposes. In a social network, access control is mainly regulated by the relationships established by social network users. An important issue is therefore to devise privacy-aware access control mechanisms able to perform a controlled sharing of resources by, at the same time, satisfying privacy requirements of social network users wrt their relationships. In this paper, we propose a solution to this problem, which enforces access control through a collaboration of selected nodes in the network. The use of cryptographic and digital signature techniques ensures that relationship privacy is guaranteed during the collaborative process. In the paper, besides giving the protocols to enforce collaborative access control we discuss their robustness against the main security threats.
Chapter PDF
Similar content being viewed by others
References
Staab, S., Domingos, P., Mika, P., Golbeck, J., Ding, L., Finin, T.W., Joshi, A., Nowak, A., Vallacher, R.R.: Social networks applied. IEEE Intelligent Systems 20(1), 80–93 (2005)
Chen, L.: Facebook’s feeds cause privacy concerns. the amherst student (October 2006), http://halogen.note.amherst.edu/~astudent/2006-2007/issue02/news/01.html
Berteau, S.: Facebook’s misrepresentation of beacon’s threat to privacy: Tracking users who opt out or are not logged in. Security Advisor Research Blog (2007), http://community.ca.com/blogs/securityadvisor/archive/2007/11/29/facebook-s-misrepresentation-of-beacon-s-threat-to-privacy-tracking-users-who-opt-out-or-are-not-logged-in.aspx
Canadian Privacy Commission: Social networking and privacy (2007), http://www.privcom.gc.ca/information/social/index_e.asp
EPIC: Social networking privacy (2008), http://epic.org/privacy/socialnet/default.html
Federal Trade Commission: Social networking sites: A parents guide (2007), http://www.ftc.gov/bcp/edu/pubs/consumer/tech/tec13.shtm
Hogben, G.: Security issues and recommendations for online social networks. Position Paper 1, European Network and Information Security Agency (ENISA) (2007), http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_pp_social_networks.pdf
Carminati, B., Ferrari, E., Perego, A.: Private relationships in social networks. In: ICDE 2007 Workshops Proceedings, pp. 163–171. IEEE CS Press, Los Alamitos (2007)
Backstrom,C.D.L., Kleinberg, L.: Wherefore art thou r3579x? anonymized social networks, hidden patterns, and structural steganography. In: Proceedings of the World Wide Web Conference (2007)
Frikken, K.B., Golle, P.: Private social network analysis: How to assemble pieces of a graph privately. In: Proceedings of the 5th ACM Workshop on Privacy in Electronic Society (WPES 2006), pp. 89–98 (2006)
Hay, M., Miklau, G., Jensen, D., Weis, P., Srivastava, S.: Anonymizing social networks. Technical Report 07-19, University of Massachusetts Amherst, Computer Science Department (2007)
Zheleva, E., Getoor, L.: Preserving the privacy of sensitive relationships in graph data. In: Proceedings of the 1st ACM SIGKDD International Workshop on Privacy, Security, and Trust in KDD (PinKDD 2007) (2007)
Hart, R.J.M., Stent, A.: More content - less control: access control in the web 2.0. In: Proceedings of the Web 2.0 Security and Privacy Workshop (2007)
Carminati, B., Ferrari, E., Perego, A.: Rule-Based Access Control for Social Networks. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4278, pp. 1734–1744. Springer, Heidelberg (2006)
Stallings, W.: Network security essentials: applications and standards. Prentice Hall, Englewood Cliffs (2000)
OpenSocial, G.: Opensocial api v0.7, http://code.google.com/apis/opensocial/articles/persistence.html
McAfee, A.: Enterprise 2.0: The dawn of emergent collaboration. MITSloan Management Review 47(3), 21–28 (2006)
Cederquist, J., Corin, R., Dekker, M., Etalle, S., den Hartog, J., Lenzini, G.: Audit-based compliance control. International Journal of Information Security 6(2-3), 133–151 (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Carminati, B., Ferrari, E. (2008). Privacy-Aware Collaborative Access Control in Web-Based Social Networks. In: Atluri, V. (eds) Data and Applications Security XXII. DBSec 2008. Lecture Notes in Computer Science, vol 5094. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70567-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-70567-3_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70566-6
Online ISBN: 978-3-540-70567-3
eBook Packages: Computer ScienceComputer Science (R0)