A User-to-User Relationship-Based Access Control Model for Online Social Networks

  • Yuan Cheng
  • Jaehong Park
  • Ravi Sandhu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7371)


Users and resources in online social networks (OSNs) are interconnected via various types of relationships. In particular, user-to-user relationships form the basis of the OSN structure, and play a significant role in specifying and enforcing access control. Individual users and the OSN provider should be allowed to specify which access can be granted in terms of existing relationships. We propose a novel user-to-user relationship-based access control (UURAC) model for OSN systems that utilizes regular expression notation for such policy specification. We develop a path checking algorithm to determine whether the required relationship path between users for a given access request exists, and provide proofs of correctness and complexity analysis for this algorithm.


Access Control Security Social Networks 


  1. 1.
    Bruns, G., Fong, P.W., Siahaan, I., Huth, M.: Relationship-based access control: its expression and enforcement through hybrid logic. In: ACM CODASPY (2012)Google Scholar
  2. 2.
    Carminati, B., Ferrari, E., Heatherly, R., Kantarcioglu, M., Thuraisingham, B.: A semantic web based framework for social network access control. In: ACM SACMAT (2009)Google Scholar
  3. 3.
    Carminati, B., Ferrari, E., Heatherly, R., Kantarcioglu, M., Thuraisingham, B.: Semantic web-based social network access control. Computers and Security 30(2-3) (2011); Special Issue on Access Control Methods and TechnologiesGoogle Scholar
  4. 4.
    Carminati, B., Ferrari, E., Perego, A.: Rule-Based Access Control for Social Networks. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops, Part II. LNCS, vol. 4278, pp. 1734–1744. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Carminati, B., Ferrari, E., Perego, A.: A decentralized security framework for web-based social networks. Int. Journal of Info. Security and Privacy 2(4) (2008)Google Scholar
  6. 6.
    Carminati, B., Ferrari, E., Perego, A.: Enforcing access control in web-based social networks. ACM Trans. Inf. Syst. Secur. 13(1) (2009)Google Scholar
  7. 7.
    Fong, P.W.L., Anwar, M., Zhao, Z.: A Privacy Preservation Model for Facebook-Style Social Network Systems. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 303–320. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Fong, P.W.: Relationship-based access control: protection model and policy language. In: ACM CODASPY (2011)Google Scholar
  9. 9.
    Fong, P.W., Siahaan, I.: Relationship-based access control policies and their policy languages. In: ACM SACMAT (2011)Google Scholar
  10. 10.
    Gates, C.E.: Access control requirements for web 2.0 security and privacy. In: Proc. of Workshop on Web 2.0 Security and Privacy, W2SP 2007 (2007)Google Scholar
  11. 11.
    Kruk, S.R., Grzonkowski, S., Gzella, A., Woroniecki, T., Choi, H.-C.: D-FOAF: Distributed Identity Management with Access Rights Delegation. In: Mizoguchi, R., Shi, Z.-Z., Giunchiglia, F. (eds.) ASWC 2006. LNCS, vol. 4185, pp. 140–154. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Masoumzadeh, A., Joshi, J.: Osnac: An ontology-based access control model for social networking systems. In: IEEE Social Computing, SocialCom (2010)Google Scholar
  13. 13.
    Park, J., Sandhu, R., Cheng, Y.: Acon: Activity-centric access control for social computing. In: Int. Conf. on Availability, Reliability and Security, ARES (2011)Google Scholar
  14. 14.
    Park, J., Sandhu, R., Cheng, Y.: A user-activity-centric framework for access control in online social networks. IEEE Internet Computing 15(5) (September-October 2011)Google Scholar
  15. 15.
    Rabin, M.O., Scott, D.: Finite automata and their decision problems. IBM J. Res. Dev. 3 (April 1959)Google Scholar
  16. 16.
    Thompson, K.: Programming techniques: Regular expression search algorithm. Commun. ACM 11 (June 1968)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Yuan Cheng
    • 1
  • Jaehong Park
    • 1
  • Ravi Sandhu
    • 1
  1. 1.Institute for Cyber SecurityUniversity of Texas at San AntonioUSA

Personalised recommendations