Barbara Carminati
ABSTRACT
The existence of on-line social networks that include person specific information creates interesting opportunities for various applications ranging from marketing to community organization. On the other hand, security and privacy concerns need to be addressed for creating such applications. Improving social network access control systems appears as the first step toward addressing the existing security and privacy concerns related to on-line social networks. To address some of the current limitations, we propose an extensible fine grained access control model based on semantic web tools. In addition, we propose authorization, admin and filtering policies that depend on trust relationships among various users, and are modeled using OWL and SWRL. Besides describing the model, we present the architecture of the framework in its support.
- B. Ali, W. Villegas, and M. Maheswaran. A trust based approach for protecting user data in social networks. In 2007 Conference of the Center for Advanced Studies on Collaborative research (CASCON'07), pages 288--293, 2007. Google Scholar
Digital Library
- S. Berteau. Facebook's misrepresentation of Beacon's threat to privacy: Tracking users who opt out or are not logged in. CA Security Advisor Research Blog, Mar. 2007.Google Scholar
- D. Brickley and L. Miller. FOAF vocabulary specification 0.91. RDF Vocabulary Specification, Nov. 2007. Available at http://xmlns.com/foaf/0.1.Google Scholar
- B. Carminati, E. Ferrari, and A. Perego. Enforcing Access Control in Web-based Social Networks. ACM Transactions on Information & System Security, 2008. To appear, 4(3):191--233, 2001. Google ScholarDigital Library
- B. Carminati, E. Ferrari, and A. Perego. Security and privacy in social networks. In M. Khosrow-Pour, editor, Encyclopedia of Information Science and Technology, 2nd Edition, volume VII, pages 3369--3376. IGI Publishing, Sept. 2008.Google Scholar
- H.-C. Choi, S. R. Kruk, S. Grzonkowski, K. Stankiewicz, B. Davis, and J. G. Breslin. Trust models for community aware identity management. In Identity, Reference, and the Web Workshop (IRW 2006), 2006. Available at: http://www.ibiblio.org/hhalpin/irw2006/skruk.pdf.Google Scholar
- N. Elahi, M. M. R. Chowdhury, and J. Noll. Semantic access control in web based communities. In ICCGI '08: Proceedings of the 2008 The Third International Multi-Conference on Computing in the Global Information Technology (iccgi 2008), pages 131--136, Washington, DC, USA, 2008. IEEE Computer Society. Google ScholarDigital Library
- T. W. Finin, A. Joshi, L. Kagal, J. Niu, R. S. Sandhu, W. H. Winsborough, and B. M. Thuraisingham. Rowlbac: representing role based access control in owl. In SACMAT, pages 73--82, 2008. Google ScholarDigital Library
- I. Horrocks, P. F. Patel-Schneider, H. Boley, S. Tabet, B. Grosof, and M. Dean. SWRL: A Semantic Web rule language combining OWL and RuleML. W3C Member Submission, World Wide Web Consortium, May 2004. Available at: http://www.w3.org/Submission/SWRL.Google Scholar
- S. R. Kruk, S. Grzonkowski, H.-C. Choi, T. Woroniecki, and A. Gzella. D-FOAF: Distributed identity management with access rights delegation. In Proceedings of the 1st Asian Semantic Web Conference (ASWC 2006), LNCS 4185, pages 140--154. Springer Verlag, 2006. Google ScholarDigital Library
- P. Mika. Social Networks and the Semantic Web, volume 5 of Semantic Web And Beyond Computing for Human Experience. Springer, 2007. Google ScholarDigital Library
- G. Tonti, J. Bradshaw, R. Jeffers, R. Montanari, N. Suri, and A. Uszok. Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder. 2003.Google Scholar
- World Wide Web Consortium. Defining n-ary relations on the semantic web, 2006. Available at:http://www.w3.org/TR/swbp-n-aryRelations/.Google Scholar
- World Wide Web Consortium. Status for resource description framework (rdf) model and syntax specification. Available at: http://www.w3.org/1999/.status/PR-rdf-syntax-19990105/status.Google Scholar
- M. I. Yague, M. del-mar Gallardo, and A. MaÜna. Semantic access control model: A formal specification. In ESORICS 2005, pages 24--43, 2005. Google ScholarDigital Library
Index Terms
- A semantic web based framework for social network access control
Recommendations
Enforcing access control in Web-based social networks
In this article, we propose an access control mechanism for Web-based social networks, which adopts a rule-based approach for specifying access policies on the resources owned by network participants, and where authorized users are denoted in terms of ...
Attribute-Aware Relationship-Based Access Control for Online Social Networks
DBSec 2014: Proceedings of the 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy XXVIII - Volume 8566Relationship-based access control ReBAC has been adopted as themost prominent approach for access control in online social networks OSNs, where authorization policies are typically specified in terms of relationships of certain types and/or depth ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Comments