Visualizing Privacy Implications of Access Control Policies in Social Network Systems

  • Mohd Anwar
  • Philip W. L. Fong
  • Xue-Dong Yang
  • Howard Hamilton
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5939)


We hypothesize that, in a Facebook-style social network system, proper visualization of one’s extended neighbourhood could help the user understand the privacy implications of her access control policies. However, an unrestricted view of one’s extended neighbourhood may compromise the privacy of others. To address this dilemma, we propose a privacy-enhanced visualization tool, which approximates the extended neighbourhood of a user in such a way that policy assessment can still be conducted in a meaningful manner, while the privacy of other users is preserved.


Access Control Access Control Policy Access Control Model Social Graph Policy Assessment 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Goffman, E.: The Presentation of Self in Everyday Life. Anchor-Doubleday, New York (1961)Google Scholar
  2. 2.
    Patil, S., Kobsa, A.: Privacy as impression management. Technical Report UCI-ISR-03-13, Institute for Software Research, University of California - Irvine, Irvine, CA, USA (December 2003)Google Scholar
  3. 3.
    Fong, P.W.L., Anwar, M., Zhao, Z.: A privacy preservation model for Facebook-style social network systems. In: Proceedings of the 14th European Symposium on Research in Computer Security (ESORICS 2009), Saint Malo, France (September 2009)Google Scholar
  4. 4.
    Dennis, J.B., van Horn, E.C.: Programming semantics for multiprogrammed computations. Communications of the ACM 9(3), 143–155 (1966)zbMATHCrossRefGoogle Scholar
  5. 5.
    Miller, M.S., Yee, K.P., Shapiro, J.: Capability myths demolished. Technical Report SRL2003-02, System Research Lab, Department of Computer Science, The John Hopkins University, Baltimore, Maryland, USA (2003)Google Scholar
  6. 6.
    Faloutsos, M., Faloutsos, P., Faloutsos, C.: On power-law relationships of the internet topology. In: Proceedings of ACM Special Interest Group on Data Communications (SIGCOMM 1999), pp. 251–262 (1999)Google Scholar
  7. 7.
    Milgram, S.: The small world problem. Psychology Today 1, 60–67 (1967)Google Scholar
  8. 8.
    Chakrabarti, D., Faloutsos, C., Zhan, Y.: Visualization of large networks with min-cut plots, A-plots and R-MAT. International Journal of Human-Computer Studies 65, 434–445 (2007)CrossRefGoogle Scholar
  9. 9.
    Lamping, J., Rao, R.: The hyperbolic browser: A focus+context technique for visualizing large hierarchies. Journal of Visual Languages and Computing 7(1), 33–35 (1996)CrossRefGoogle Scholar
  10. 10.
    Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Lipton, R.J., Snyder, L.: A linear time algorithm for deciding subject security. Journal of the ACM 24(3), 455–464 (1977)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Li, N., Winsborough, W.H., Mitchell, J.C.: Beyond proof-of-compliance: Safety and availability analysis in trust management. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy, pp. 123–139 (2003)Google Scholar
  13. 13.
    Li, N., Tripunitara, M.V.: Security analysis in role-based access control. In: Ninth ACM Symposium on Access Control Models and Technologies (SACMAT 2004), pp. 126–135 (2004)Google Scholar
  14. 14.
    Freeman, L.C.: Visualizing social networks. Journal of Social Structure 1(1) (2000)Google Scholar
  15. 15.
    Heer, J., boyd, d.: Vizster: Visualizing online social networks. In: Proceeding of IEEE Symposium on Information Visualization, pp. 33–40 (2005)Google Scholar
  16. 16.
    Reeder, R.W., Bauer, L., Cranor, L.F., Reiter, M.K., Bacon, K., How, K., Strong, H.: Expandable grids for visualizing and authoring computer security policies. In: Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems (CHI 2008), pp. 1473–1482. ACM, New York (2008)CrossRefGoogle Scholar
  17. 17.
    Carminati, B., Ferrari, E., Perego, A.: Rule-based access control for social networks. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4278, pp. 1734–1744. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Carminati, B., Ferrari, E., Perego, A.: Private relationships in social networks. In: Proceedings of Workshops in Conjunction with the International Conference on Data Engineering – ICDE 2007, Istanbul, Turkey, pp. 163–171. Springer, Heidelberg (2007)Google Scholar
  19. 19.
    Carminati, B., Ferrari, E.: Privacy-aware collaborative access control in web-based social networks. In: Atluri, V. (ed.) DAS 2008. LNCS, vol. 5094, pp. 81–96. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Carminati, B., Ferrari, E., Perego, A.: Enforcing access control in web-based social networks. ACM Transactions on Information and System Security (to appear, 2009)Google Scholar
  21. 21.
    Carminati, B., Ferrari, E., Heatherly, R., Kantarcioglu, M., Thuraisingham, B.: A semantic web based framework for social network access control. In: SACMAT 2009: Proceedings of the 14th ACM symposium on Access control models and technologies, pp. 177–186. ACM, New York (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Mohd Anwar
    • 1
  • Philip W. L. Fong
    • 1
  • Xue-Dong Yang
    • 2
  • Howard Hamilton
    • 2
  1. 1.Department of Computer ScienceUniversity of CalgaryAlbertaCanada
  2. 2.Department of Computer ScienceUniversity of ReginaSaskatchewanCanada

Personalised recommendations