Abstract
Access control is the process by which authorized users are granted permission over resources. Access control models incorporate application requirements in their design and evolve with the applications. The rise of online social networks (OSN) like Facebook has posed new social requirements over the privacy of users’ data. This is partially due to the social structure of users and partially due to the complexity of OSN having millions of users interacting with each other. Currently, there are some access control models for OSN but they lack a systematical scheme to allocate and re-allocate rights over social objects and entities. This paper presents a rights allocation framework based on the characteristics of rights allocation in OSN and provides a reduction tree to design the model based on these properties. The proposed framework extends the availability of rights and can be used as a basis for different rights allocation models in online social networks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Karp, A.H., Haury, H., Davis, M.H.: From ABAC to ZBAC: The Evolution of Access Control Models. Technical Report HPL-2009-30, HP Labs (2009)
Trusted Computer Security Evaluation Criteria (TCSEC), DOD 5200.28-STD. Department of Defense (1985)
Ferraiolo, D., Kuhn, D.R.: Role-Based Access Control. In: NIST-NSA National (USA) Computer Security Conference, pp. 554–563 (1992)
Pujol, J.M., Sangüesa, R., Delgado, J.: Extracting Reputation in Multi Agent System by Means of Social Network Topology. In: International Joint Conference on Autonomous Agents and Multi-Agent Systems AAMAS 2002, Bologna, Italy, vol. 1, pp. 467–474 (2002)
Morchon, O.G., Wehrle, K.: Modular context aware access control for medical sensor networks. In: 15th ACM Symposium on Access Control Models and Technologies (SACMAT), USA (2010)
Thompson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A.: Certificate-based Access Control for Widely Distributed Resources. In: 8th Usenix Security Symposium, pp. 215–228 (August 1999)
Carminati, B., Ferrari, E., Perego, A.: Enforcing Access Control in Web-Based Social Networks. ACM Transactions on Information & System Security, TISSEC (2008)
Whitworth, B., Ahmad, A.: Socio-Technical System Design. In: Soegaard, M., Dam, R.F. (eds.) Encyclopedia of Human-Computer Interaction. The Interaction Design Foundation, Aarhus (2012)
Ahmad, A., Whitworth, B.: Distributed Access Control for Social Networks. In: International Conference of Information Assurance and Security (IAS), Malacca, Malaysia, December 5-8 (2011)
Ali, B., Villegas, W., Maheswaran, M.: A Trust Based Approach for Protecting User Data in Social Networks. In: Conference of The Center for Advanced Studies on Collaborative Research (CASCON 2007), pp. 288–293 (2007)
Tapiador, A., Carrera, D., SalvachĂşa, J.: Tie-RBAC: An Application of RBAC to Social Networks. In: Web 2.0 Security and Privacy, Oakland, California (2011)
Varadharajan, V., Allen, P., Black, S.: An Analysis of the Proxy Problem in Distributed systems. In: IEEE Symposium on Research in Security and Privacy, Oakland, CA (1991)
Gasser, M., McDermott, E.: An Architecture for practical Delegation in a Distributed System. In: IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA (1990)
Barka, E., Sandhu, R.: A Role-Based Delegation Model and Some Extensions. In: 23rd National Information Systems Security Conference (NISSC), USA, (2000)
Barka, E., Sandhu, R.: Framework for Role-Based Delegation Models. In: 16th Annual Computer Security Applications Conference (ACSAC), New Orleans, La, December 11–15, pp. 168–177. IEEE Computer Society Press, Los Alamitos (2000)
Tripunitara, M.V., Li, N.: Comparing the Expressive Power of Access Control Models. In: ACM Conference on Computer and Communications Security (CCS) (October 2004)
Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A Logical Framework For Reasoning About Access Control Models. ACM Transactions on Information and System Security 6(1), 71–127 (2003)
Kane, K., Browne, J.C.: On Classifying Access Control Implementations for Distributed Systems. In: ACM Symposium on Access Control Models and Technologies (SACMAT), USA (2006)
Ahmad, A., Whitworth, B.: Access Control Taxonomy for Social Networks. In: International Conference of Information Assurance and Security (IAS 2011), Malacca, Malaysia, December 5-8 (2011)
Whitworth, B., Janczewski, L., Ahmad, A.: A Logic of Creation in Online Social Networks. In: 2012 World Congress in Computer Science, Computer Engineering and Applied Computing (WORLDCOMP 2012), Las Vegas, Nevada, USA, July 16-19 (2012)
Ahmad, A., Whitworth, B., Janczewski, L.: More Choices, More Control: Extending Access Control by Meta-Rights Reallocation. In: IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2012), Liverpool, United Kingdom, June 25-27 (2012)
Ahmad, A., Whitworth, B., Janczewski, L.: Dynamic Rights Reallocation in Social Networks. In: International Information Security and Privacy Conference (IFIP SEC 2012), Heraklion, Crete, Greece, June 4-6 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ahmad, A., Whitworth, B., Janczewski, L. (2012). A Framework of Rights Allocation in Online Social Networks. In: Papasratorn, B., Charoenkitkarn, N., Lavangnananda, K., Chutimaskul, W., Vanijja, V. (eds) Advances in Information Technology. IAIT 2012. Communications in Computer and Information Science, vol 344. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35076-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-35076-4_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35075-7
Online ISBN: 978-3-642-35076-4
eBook Packages: Computer ScienceComputer Science (R0)