An Access Control Model for Data Security in Online Social Networks Based on Role and User Credibility

  • Nadav VolochEmail author
  • Priel Levy
  • Mor Elmakies
  • Ehud Gudes
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11527)


During the past decade Online Social Networks (OSN) privacy has been thoroughly studied in many aspects. Some of these privacy related aspects are trust and credibility involving the OSN user-data conveyed by different relationships in the network. One of OSN major problems is that users expose their information in a manner thought to be relatively private, or even partially public, to unknown and possibly unwanted entities, such as adversaries, social bots, fake users, spammers or data-harvesters. That is one of the reasons OSN have become a major source of information for companies, different organizations and personal users, possibly misusing it for personal or business gain. Preventing this information leakage is the target of many OSN privacy models, such as Access Control, Relationship based models, Trust based models and many others. In this paper we suggest a new Role and Trust based Access Control model, denoted here as RTBAC, in which roles, that manifest different permissions, are assigned to the users connected to the Ego-node (the user sharing the information), and in addition, every user is evaluated trust wise by several criteria, such as total number of friends, age of user account, and friendship duration. These role and trust assessments provide more precise and viable information sharing decisions and enable better privacy control in the social network.


Online Social Networks Privacy Access control Trust-based privacy models 


  1. 1.
    Sayaf, R., Clarke, D.: Access control models for online social networks. Social Network Engineering for Secure Web Data and Services, pp. 32–65 (2012)‏Google Scholar
  2. 2.
    Levy, S., Gudes, E., Gal-Oz, N.: Sharing-habits based privacy control in social networks. In: Ranise, S., Swarup, V. (eds.) DBSec 2016. LNCS, vol. 9766, pp. 217–232. Springer, Cham (2016). Scholar
  3. 3.
    Cheng, Y., Park, J., Sandhu, R.: An access control model for online social networks using user-to-user relationships. IEEE Trans. Dependable Secure Comput. 13(4), 424–436 (2016)CrossRefGoogle Scholar
  4. 4.
    Gudes, E., Voloch, N.: An information-flow control model for online social networks based on user-attribute credibility and connection-strength factors. In: Dinur, I., Dolev, S., Lodha, S. (eds.) CSCML 2018. LNCS, vol. 10879, pp. 55–67. Springer, Cham (2018). Scholar
  5. 5.
    Patil, V.T., Shyamasundar, R.K.: Undoing of privacy policies on Facebook. In: Livraga, G., Zhu, S. (eds.) DBSec 2017. LNCS, vol. 10359, pp. 239–255. Springer, Cham (2017). Scholar
  6. 6.
    Ranjbar, A., Maheswaran, M.: Using community structure to control information sharing in online social networks. Comput. Commun. 41, 11–21 (2014)CrossRefGoogle Scholar
  7. 7.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  8. 8.
    Lavi, T., Gudes, E.: Trust-based dynamic RBAC. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP) 2016, pp. 317–324 (2016)Google Scholar
  9. 9.
    Anwar, M., Zhao, Z., Fong, P.W.: An Access Control Model for Facebook-Style Social Network Systems. University of Calgary, Calgary (2010)Google Scholar
  10. 10.
    Cheng, Y., Park, J., Sandhu, R.: Relationship-based access control for online social networks: beyond user-to-user relationships. In: 2012 International Conference on Privacy, Security, Risk and Trust (PASSAT), and 2012 International Conference on Social Computing (SocialCom), pp. 646–655. IEEE (2012)Google Scholar
  11. 11.
    Fong, P.W.: Relationship-based access control: protection model and policy language. In: Proceedings of the first ACM Conference on Data and Application Security and Privacy, pp. 191–202. ACM (2011)‏Google Scholar
  12. 12.
    Crampton, J., Sellwood, J.: Path conditions and principal matching: a new approach to access control. In: Proceedings of the 19th ACM Symposium on Access Control Models and Technologies, pp. 187–198. ACM (2014)‏Google Scholar
  13. 13.
    Kumar, A., Rathore, N.C.: Relationship strength based access control in online social networks. In: Satapathy, S.C., Das, S. (eds.) Proceedings of First International Conference on Information and Communication Technology for Intelligent Systems: Volume 2. SIST, vol. 51, pp. 197–206. Springer, Cham (2016). Scholar
  14. 14.
    Ali, B., Villegas, W., Maheswaran, M.: A trust based approach for protecting user data in social networks. In: Proceedings of the 2007 Conference of the Center for Advanced Studies on Collaborative Research, pp. 288–293. IBM Corp. (2007)Google Scholar
  15. 15.
    Wang, H., Sun, L.: Trust-involved access control in collaborative open social networks. In: 2010 4th International Conference on Network and System Security (NSS), pp. 239–246. IEEE (2010)Google Scholar
  16. 16.
    Misra, G., Such, J.M., Balogun, H.: IMPROVE-identifying minimal PROfile VEctors for similarity-based access control. In: Trustcom/BigDataSE/ISPA, 2016 IEEE, pp. 868–875. IEEE (2016)Google Scholar
  17. 17.
  18. 18.
    Dunbar, R.I.: Do online social media cut through the constraints that limit the size of offline social networks? Roy. Soc. Open Sci. 3(1), 150292 (2016)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Zheng, X., Zeng, Z., Chen, Z., Yu, Y., Rong, C.: Detecting spammers on social networks. Neurocomputing 159, 27–34 (2015)CrossRefGoogle Scholar
  20. 20.
    Benesty, J., Chen, J., Huang, Y., Cohen, I.: Pearson correlation coefficient. In: Cohen, I., Huang, Y., Chen, J., Benesty, J. (eds.) Noise Reduction in Speech Processing, pp. 1–4. Springer, Heidelberg (2009). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Nadav Voloch
    • 1
    Email author
  • Priel Levy
    • 1
  • Mor Elmakies
    • 1
  • Ehud Gudes
    • 1
  1. 1.Ben-Gurion University of the NegevBeer-ShevaIsrael

Personalised recommendations