research-article

Enhanced Audit Strategies for Collaborative and Accountable Data Sharing in Social Networks

Authors:
Leila Bahri

Royal Institute of Technology, Stockholm, Sweden

Royal Institute of Technology, Stockholm, Sweden
View Profile

,
Barbara Carminati

University of Insubria, Varese, Italy

University of Insubria, Varese, Italy
View Profile

,
Elena Ferrari

University of Insubria, Varese, Italy

University of Insubria, Varese, Italy
View Profile

,
Andrea Bianco

University of Insubria, Varese, Italy

University of Insubria, Varese, Italy
View Profile

Authors Info & Claims

ACM Transactions on Internet Technology Volume 18 Issue 4Article No.: 44pp 1–19https://doi.org/10.1145/3134439

Published:24 April 2018Publication History

ACM Transactions on Internet Technology

Abstract

Data sharing and access control management is one of the issues still hindering the development of decentralized online social networks (DOSNs), which are now gaining more research attention with the recent developments in P2P computing, such as the secure public ledger–based protocols (Blockchains) for monetary systems. In a previous work, we proposed an initial audit–based model for access control in DOSNs. In this article, we focus on enhancing the audit strategies and the privacy issues emerging from records kept for audit purposes. We propose enhanced audit and collaboration strategies, for which experimental results, on a real online social network graph with simulated sharing behavior, show an improvement in the detection rate of bad behavior of more than 50% compared to the basic model. We also provide an analysis of the related privacy issues and discuss possible privacy-preserving alternatives.

References

Davide Alberto Albertini and Barbara Carminati. 2014. Relationship-based information sharing in cloud-based decentralized social networks. In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy. ACM, New York, NY, 297--304. Google ScholarDigital Library
Leila Bahri, Barbara Carminati, and Elena Ferrari. 2015. CARDS—collaborative audit and report data sharing for a-posteriori access control in DOSNs. In Proceedings of the 2015 IEEE 1st International Conference on Collaborative and Internet Computing (CIC’15). IEEE, Los Alamitos, CA. Google ScholarDigital Library
Oleksandr Bodriagov, Gunnar Kreitz, and Sonja Buchegger. 2014. Access control in decentralized online social networks: Applying a policy-hiding cryptographic scheme and evaluating its performance. In Proceedings of the 2014 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops’14). IEEE, Los Alamitos, CA, 622--628.Google ScholarCross Ref
Alexandra Boldyreva, Nathan Chenette, and Adam O'Neill. 2011. Order-preserving encryption revisited: Improved security analysis and alternative solutions. In Proceedings of the Annual Cryptology Conference. 578--595. Google ScholarDigital Library
Sonja Buchegger, Doris Schiöberg, Le-Hung Vu, and Anwitaman Datta. 2009. PeerSoN: P2P social networking: Early experiences and insights. In Proceedings of the 2nd ACM EuroSys Workshop on Social Network Systems. ACM, New York, NY, 46--52. Google ScholarDigital Library
Barbara Carminati, Elena Ferrari, and Andrea Perego. 2009. Enforcing access control in Web-based social networks. ACM Transactions on Information and System Security 13, 1, 6. Google ScholarDigital Library
Barbara Carminati, Elena Ferrari, and Tran Hong Ngoc. 2013. SmartPay: A lightweight protocol to enforce trust preferences in mobile person-to-person payments. ASE Science Journal 2, 3, 1--13.Google Scholar
Shihabur Rahman Chowdhury, Arup Raton Roy, Maheen Shaikh, and Khuzaima Daudjee. 2015. A taxonomy of decentralized online social networks. Peer-to-Peer Networking and Applications 8, 3, 367--383.Google ScholarCross Ref
James Clause and Alessandro Orso. 2011. Camouflage: Automated anonymization of field data. In Proceedings of the 33rd International Conference on Software Engineering. ACM, New York, NY, 21--30. Google ScholarDigital Library
Leucio Antonio Cutillo, Refik Molva, and Melek Önen. 2011. Safebook: A distributed privacy preserving online social network. In Proceedings of the 2011 IEEE International Symposium on a World of Wireless, Mobile, and Multimedia Networks (WoWMoM’11). IEEE, Los Alamitos, CA, 1--3. Google ScholarDigital Library
Leucio Antonio Cutillo, Refik Molva, and Thorsten Strufe. 2009. Safebook: A privacy-preserving online social network leveraging on real-life trust. IEEE Communications Magazine 47, 12, 94--101. Google ScholarDigital Library
Stan Damen, Jerry den Hartog, and Nicola Zannone. 2014. CollAC: Collaborative access control. In Proceedings of the 2014 International Conference on Collaboration Technologies and Systems (CTS’14). IEEE, Los Alamitos, CA.Google ScholarCross Ref
M. A. C. Dekker and S. Etalle. 2007. Audit-based access control for electronic health records. Electronic Notes in Theoretical Computer Science 168, 221--236. Google ScholarDigital Library
Josep Domingo-Ferrer. 2007. A public-key protocol for social networks with private relationships. In Proceedings of the International Conference on Modeling Decisions for Artificial Intelligence. 373--379. Google ScholarDigital Library
Sandro Etalle and William H. Winsborough. 2007. A posteriori compliance control. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. ACM, New York, NY, 11--20. Google ScholarDigital Library
Antonino Famulari and Artur Hecker. 2013. Mantle: A novel DOSN leveraging free storage and local software. In Advanced Infocomm Technology. Springer, 213--224.Google Scholar
Elena Ferrari. 2010. Access Control in Data Management Systems. Morgan & Claypool. Google ScholarDigital Library
Chung-Wei Hang, Yonghong Wang, and Munindar P. Singh. 2008. An adaptive probabilistic trust model and its evaluation. In Proceedings of the 7th International Joint Conference on Autonomous Agents and Multiagent Systems, Volume 3. 1485--1488. Google ScholarDigital Library
Sonia Jahid, Shirin Nilizadeh, Prateek Mittal, Nikita Borisov, and Apu Kapadia. 2012. DECENT: A decentralized architecture for enforcing privacy in online social networks. In Proceedings of the 2012 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops’12). IEEE, Los Alamitos, CA, 326--332.Google ScholarCross Ref
Audun Jøsang. 2013. Subjective Logic. Technical Report. University of Oslo.Google Scholar
Audun Jøsang, Ross Hayward, and Simon Pope. 2006. Trust network analysis with subjective logic. In Proceedings of the 29th Australasian Computer Science Conference, Volume 48. 85--94. Google ScholarDigital Library
Sepandar D. Kamvar, Mario T. Schlosser, and Hector Garcia-Molina. 2003. The Eigentrust algorithm for reputation management in P2P networks. In Proceedings of the 12th International Conference on World Wide Web. ACM, New York, NY, 640--651. Google ScholarDigital Library
Guanfeng Liu, Yan Wang, and Mehmet A. Orgun. 2011b. Trust transitivity in complex social networks. In Proceedings of the 25th AAAI Conference on Artificial Intelligence. 1222--1229. Google ScholarDigital Library
Yining Liu, Keqiu Li, Yingwei Jin, Yong Zhang, and Wenyu Qu. 2011a. A novel reputation computation model based on subjective logic for mobile ad hoc networks. Future Generation Computer Systems 27, 5, 547--554. Google ScholarDigital Library
Tahir Maqsood, Osman Khalid, Rizwana Irfan, Sajjad A. Madani, and Samee U. Khan. 2016. Scalability issues in online social networks. ACM Computing Surveys 49, 2, 40. Google ScholarDigital Library
Htoo Aung Maw, Hannan Xiao, Bruce Christianson, and James A. Malcolm. 2016. BTG-AC: Break-the-glass access control model for medical data in wireless sensor networks. IEEE Journal of Biomedical and Health Informatics 20, 3, 763--774.Google ScholarCross Ref
Satoshi Nakamoto. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. Retrieved March 14, 2018, from https://bitcoin.org/bitcoin.pdf.Google Scholar
Keshnee Padayachee and Jan H. P. Eloff. 2009. Adapting usage control as a deterrent to address the inadequacies of access controls. Computers and Security 28, 7, 536--544. Google ScholarDigital Library
Moses L. Pava. 2013. Auditing: Accounting. Retrieved March 14, 2018, from http://www.britannica.com/EBchecked/topic/42575/auditing.Google Scholar
Siani Pearson and Marco Casassa Mont. 2011. Sticky policies: An approach for managing privacy across multiple parties. Computer 44. 9, 60--68. Google ScholarDigital Library
Raluca Ada Popa, Frank H. Li, and Nickolai Zeldovich. 2013. An ideal-security protocol for order-preserving encoding. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP’13). IEEE, Los Alamitos, CA, 463--477. Google ScholarDigital Library
Siraj Raval. 2016. Decentralized Applications: Harnessing Bitcoin’s Blockchain Technology. O’Reilly Media. Google ScholarDigital Library
Cliff Saran. 2014. Tim Berners-Lee: Data Sharing Needs Accountability. Retrieved March 14, 2018, from http://www.computerweekly.com/news/2240232292/Tim-Berners-Lee-Data-sharing-needs-accountability.Google Scholar
Li Shu and William Weinstein. 2007. Camouflage of network traffic to resist attack. US Patent 7,171,493.Google Scholar
Antonino Simone, Boris Škorić, and Nicola Zannone. 2012. Flow-based reputation: More than just ranking. International Journal of Information Technology and Decision Making 11, 03, 551--578.Google ScholarCross Ref
Boris Škorić, Sebastiaan J. A. de Hoogh, and Nicola Zannone. 2016. Flow-based reputation with uncertainty: Evidence-based subjective logic. International Journal of Information Security 15, 4, 381--402. Google ScholarDigital Library
Yonghong Wang, Chung-Wei Hang, and Munindar P. Singh. 2011. A probabilistic approach for maintaining trust based on evidence. Journal of Artificial Intelligence Research 40, 1, 221--267. Google ScholarDigital Library
Daniel J. Weitzner, Harold Abelson, Tim Berners-Lee, Joan Feigenbaum, James Hendler, and Gerald Jay Sussman. 2008. Information accountability. Communications of the ACM 51, 6, 82--87. Google ScholarDigital Library
Diana Wildschut. 2017. The need for citizen science in the transition to a sustainable peer-to-peer-society. Futures 91, 46--52.Google ScholarCross Ref

Index Terms

Recommendations

Trust me, I'm accountable: trust and accountability online
CHI EA '99: CHI '99 Extended Abstracts on Human Factors in Computing Systems

We live in an increasingly wired world. According to Robert Putnam, people are spending less time in persistent personal face to face interactions and more time in pursuits such as watching TV and using the Internet. At the same time, independently ...
Read More
Strategies for Encouraging Sharing in Social Networks for Professionals
IHC '16: Proceedings of the 15th Brazilian Symposium on Human Factors in Computing Systems

The use of Online Social Networks (OSNs) has brought many challenges to its users. One of them is the compromise between the disclosure of personal information and privacy. In this work, we used the Semiotic Inspection Method (SIM) to analyze two OSNs ...
Read More
Dapping into the Fediverse: Analyzing What’s Trending on Mastodon Social
Social, Cultural, and Behavioral Modeling
Abstract
Social media has changed the way we consume information daily. Most social media sites are centralized, meaning they are owned by a single entity, e.g., Facebook, Twitter, and YouTube. However, recently other forms of social media sites known as ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Internet Technology Volume 18, Issue 4
Special Issue on Computational Ethics and Accountability, Special Issue on Economics of Security and Privacy and Regular Papers
November 2018
348 pages
ISSN:1533-5399
EISSN:1557-6051
DOI:10.1145/3210373
Editor:
Munindar P. Singh
Department of Computer Science, North Carolina State University
Issue’s Table of Contents
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Accepted: 1 August 2018
- Published: 24 April 2018
- Revised: 1 August 2017
- Received: 1 January 2017
Published in toit Volume 18, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Apriori access control
accountability
decentralized social networks
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 3
  Total Citations
  View Citations
- 406
  Total Downloads
- Downloads (Last 12 months)24
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Enhanced Audit Strategies for Collaborative and Accountable Data Sharing in Social Networks

ACM Transactions on Internet Technology

Abstract

References

Cited By

Index Terms

Recommendations

Trust me, I'm accountable: trust and accountability online

Strategies for Encouraging Sharing in Social Networks for Professionals

Dapping into the Fediverse: Analyzing What’s Trending on Mastodon Social