Skip to main content
SpringerLink
Log in

Modeling of Online Social Network Policies Using an Attribute-Based Access Control Framework

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9478))

Included in the following conference series:

Abstract

People often share sensitive personal information through online social networks (OSNs) to keep in touch with their friends and families. Such sensitive information if leaked inadvertently to malicious third parties may have disastrous consequences on the lives of individuals. Access control policies need to be specified, analyzed, enforced, and managed in a simple manner for the regular OSN users. We demonstrate how this can be done. We first propose a simple model that captures the typical OSN features and show how to represent it using an Entity-Relationship Diagram. The numerous features of an OSN interact with each other in subtle ways – this makes it easy for the naïve user to make misconfiguration errors. Towards this end, we illustrate how our OSN model can be formalized in Alloy and its constraints adequately captured. Alloy has an embedded SAT solver which makes it amenable to analysis. We illustrate how potential misconfigurations caused by the user can be automatically detected by the SAT-solver. Finally, we show how OSN policies can be enforced, managed, and changed through Policy Machine which is an attribute-based access control framework.

R. France—Involved in the discussion of this work, but now deceased.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bennett, P.L., Ray, I., France, R.B.: Analysis of a relationship based access control model. In: C3S2E15 (2015)

    Google Scholar 

  2. Bruns, G., Fong, P.W.L., Siahaan, I., Huth, M.: Relationship-based access control: its expression and enforcement through hybrid logic. In: Bertino, E., Sandhu, R.S. (eds.) CODASPY. ACM (2012)

    Google Scholar 

  3. Carminati, B., Ferrari, E., Perego, A.: Enforcing access control in web-based social networks. ACM Trans. Inf. Syst. Secur. 13(1), 6:1–6:38 (2009)

    Article  Google Scholar 

  4. Cheng, Y., Park, J., Sandhu, R.S.: Relationship-based access control for online social networks: beyond user-to-user relationships. In: SocialCom/PASSAT, IEEE (2012)

    Google Scholar 

  5. Cheng, Y., Park, J., Sandhu, R.: A user-to-user relationship-based access control model for online social networks. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 8–24. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  6. Ferraiolo, W.J.D., Gavrila, S.: Policy machine: Features, architecture, and specification. Technical report, NIST, December 2012

    Google Scholar 

  7. Ferraiolo, D., Atluri, V., Gavrila, S.: The policy machine: a novel architecture and framework for access control policy specification and enforcement. J. Syst. Archit. 57(4), 412–424 (2011)

    Article  Google Scholar 

  8. Ferraiolo, D.F., Gavrila, S.I., Jansen, W.A.: Enabling an enterprise-wide, data-centric operating environment. IEEE Comput. 46(4), 94–96 (2013)

    Article  Google Scholar 

  9. Fong, P.W.L.: Relationship-based access control: protection model and policy language. In: Sandhu, R.S., Bertino, E. (eds.) CODASPY, pp. 191–202. ACM (2011)

    Google Scholar 

  10. Jackson, D.: Software Abstractions: Logic, Language, and Analysis. The MIT Press, Cambridge (2012)

    Google Scholar 

  11. Javed, Y., Shehab, M.: Access control policy misconfiguration detection in online social networks. In: SocialCom/PASSAT, pp. 544–549. IEEE, September 2013

    Google Scholar 

  12. Johnson, M.L., Egelman, S., Bellovin, S.M.: Facebook and privacy: it’s complicated. In: Cranor, L.F. (eds.) SOUPS, p. 9. ACM, July 2012

    Google Scholar 

  13. Madejski, M., Johnson, M.L., Bellovin, S.M.: A study of privacy settings errors in an online social network. In: PerCom Workshop, pp. 340–345. IEEE, March 2012

    Google Scholar 

  14. Squicciarini, A.C., Xu, A., Zhang, X.(L).: Cope: enabling collaborative privacy management in online social networks. J. Am. Soc. Inf. Sci. Technol. 62(3), 521–534 (2011)

    Google Scholar 

  15. Zhang, R.: Relation Based Access Control. Studies on the Semantic Web, vol. 5. IOS Press, Heidelberg (2010)

    MATH  Google Scholar 

  16. Zhang, R., Artale, A., Giunchiglia, F., Crispo, B.: Using description logics in relation based access control. In: Grau, B.C., Horrocks, I., Motik, B., Sattler, U. (eds.) Description Logics. CEUR Workshop Proceedings, vol. 477 (2009). CEUR-WS.org

  17. Zhang, R., Giunchiglia, F., Crispo, B., Song, L.: Relation-based access control: an access control model for context-aware computing environment. Wirel. Pers. Commun. 55(1), 5–17 (2010)

    Article  Google Scholar 

Download references

Acknowledgement

This work was is based on research sponsored by NIST under agreement number 70NANB14H059, by an internal grant from Colorado State University, and by NSF under award number CCF-1018711.

Author information

Authors and Affiliations

  1. Computer Science Department, Colorado State University, Fort Collins, CO, 80523, USA

    Phillipa Bennett, Indrakshi Ray & Robert France

Authors
  1. Phillipa Bennett
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Indrakshi Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Robert France
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Indrakshi Ray .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, Fairfax, Virginia, USA

    Sushil Jajoda

  2. Jadavpur University, Kolkata, India

    Chandan Mazumdar

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Bennett, P., Ray, I., France, R. (2015). Modeling of Online Social Network Policies Using an Attribute-Based Access Control Framework. In: Jajoda, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2015. Lecture Notes in Computer Science(), vol 9478. Springer, Cham. https://doi.org/10.1007/978-3-319-26961-0_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26961-0_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26960-3

  • Online ISBN: 978-3-319-26961-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation