Abstract
Data sharing and access control management is one of the issues still hindering the development of decentralized online social networks (DOSNs), which are now gaining more research attention with the recent developments in P2P computing, such as the secure public ledger–based protocols (Blockchains) for monetary systems. In a previous work, we proposed an initial audit–based model for access control in DOSNs. In this article, we focus on enhancing the audit strategies and the privacy issues emerging from records kept for audit purposes. We propose enhanced audit and collaboration strategies, for which experimental results, on a real online social network graph with simulated sharing behavior, show an improvement in the detection rate of bad behavior of more than 50% compared to the basic model. We also provide an analysis of the related privacy issues and discuss possible privacy-preserving alternatives.
- Davide Alberto Albertini and Barbara Carminati. 2014. Relationship-based information sharing in cloud-based decentralized social networks. In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy. ACM, New York, NY, 297--304. Google ScholarDigital Library
- Leila Bahri, Barbara Carminati, and Elena Ferrari. 2015. CARDS—collaborative audit and report data sharing for a-posteriori access control in DOSNs. In Proceedings of the 2015 IEEE 1st International Conference on Collaborative and Internet Computing (CIC’15). IEEE, Los Alamitos, CA. Google ScholarDigital Library
- Oleksandr Bodriagov, Gunnar Kreitz, and Sonja Buchegger. 2014. Access control in decentralized online social networks: Applying a policy-hiding cryptographic scheme and evaluating its performance. In Proceedings of the 2014 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops’14). IEEE, Los Alamitos, CA, 622--628.Google ScholarCross Ref
- Alexandra Boldyreva, Nathan Chenette, and Adam O'Neill. 2011. Order-preserving encryption revisited: Improved security analysis and alternative solutions. In Proceedings of the Annual Cryptology Conference. 578--595. Google ScholarDigital Library
- Sonja Buchegger, Doris Schiöberg, Le-Hung Vu, and Anwitaman Datta. 2009. PeerSoN: P2P social networking: Early experiences and insights. In Proceedings of the 2nd ACM EuroSys Workshop on Social Network Systems. ACM, New York, NY, 46--52. Google ScholarDigital Library
- Barbara Carminati, Elena Ferrari, and Andrea Perego. 2009. Enforcing access control in Web-based social networks. ACM Transactions on Information and System Security 13, 1, 6. Google ScholarDigital Library
- Barbara Carminati, Elena Ferrari, and Tran Hong Ngoc. 2013. SmartPay: A lightweight protocol to enforce trust preferences in mobile person-to-person payments. ASE Science Journal 2, 3, 1--13.Google Scholar
- Shihabur Rahman Chowdhury, Arup Raton Roy, Maheen Shaikh, and Khuzaima Daudjee. 2015. A taxonomy of decentralized online social networks. Peer-to-Peer Networking and Applications 8, 3, 367--383.Google ScholarCross Ref
- James Clause and Alessandro Orso. 2011. Camouflage: Automated anonymization of field data. In Proceedings of the 33rd International Conference on Software Engineering. ACM, New York, NY, 21--30. Google ScholarDigital Library
- Leucio Antonio Cutillo, Refik Molva, and Melek Önen. 2011. Safebook: A distributed privacy preserving online social network. In Proceedings of the 2011 IEEE International Symposium on a World of Wireless, Mobile, and Multimedia Networks (WoWMoM’11). IEEE, Los Alamitos, CA, 1--3. Google ScholarDigital Library
- Leucio Antonio Cutillo, Refik Molva, and Thorsten Strufe. 2009. Safebook: A privacy-preserving online social network leveraging on real-life trust. IEEE Communications Magazine 47, 12, 94--101. Google ScholarDigital Library
- Stan Damen, Jerry den Hartog, and Nicola Zannone. 2014. CollAC: Collaborative access control. In Proceedings of the 2014 International Conference on Collaboration Technologies and Systems (CTS’14). IEEE, Los Alamitos, CA.Google ScholarCross Ref
- M. A. C. Dekker and S. Etalle. 2007. Audit-based access control for electronic health records. Electronic Notes in Theoretical Computer Science 168, 221--236. Google ScholarDigital Library
- Josep Domingo-Ferrer. 2007. A public-key protocol for social networks with private relationships. In Proceedings of the International Conference on Modeling Decisions for Artificial Intelligence. 373--379. Google ScholarDigital Library
- Sandro Etalle and William H. Winsborough. 2007. A posteriori compliance control. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. ACM, New York, NY, 11--20. Google ScholarDigital Library
- Antonino Famulari and Artur Hecker. 2013. Mantle: A novel DOSN leveraging free storage and local software. In Advanced Infocomm Technology. Springer, 213--224.Google Scholar
- Elena Ferrari. 2010. Access Control in Data Management Systems. Morgan & Claypool. Google ScholarDigital Library
- Chung-Wei Hang, Yonghong Wang, and Munindar P. Singh. 2008. An adaptive probabilistic trust model and its evaluation. In Proceedings of the 7th International Joint Conference on Autonomous Agents and Multiagent Systems, Volume 3. 1485--1488. Google ScholarDigital Library
- Sonia Jahid, Shirin Nilizadeh, Prateek Mittal, Nikita Borisov, and Apu Kapadia. 2012. DECENT: A decentralized architecture for enforcing privacy in online social networks. In Proceedings of the 2012 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops’12). IEEE, Los Alamitos, CA, 326--332.Google ScholarCross Ref
- Audun Jøsang. 2013. Subjective Logic. Technical Report. University of Oslo.Google Scholar
- Audun Jøsang, Ross Hayward, and Simon Pope. 2006. Trust network analysis with subjective logic. In Proceedings of the 29th Australasian Computer Science Conference, Volume 48. 85--94. Google ScholarDigital Library
- Sepandar D. Kamvar, Mario T. Schlosser, and Hector Garcia-Molina. 2003. The Eigentrust algorithm for reputation management in P2P networks. In Proceedings of the 12th International Conference on World Wide Web. ACM, New York, NY, 640--651. Google ScholarDigital Library
- Guanfeng Liu, Yan Wang, and Mehmet A. Orgun. 2011b. Trust transitivity in complex social networks. In Proceedings of the 25th AAAI Conference on Artificial Intelligence. 1222--1229. Google ScholarDigital Library
- Yining Liu, Keqiu Li, Yingwei Jin, Yong Zhang, and Wenyu Qu. 2011a. A novel reputation computation model based on subjective logic for mobile ad hoc networks. Future Generation Computer Systems 27, 5, 547--554. Google ScholarDigital Library
- Tahir Maqsood, Osman Khalid, Rizwana Irfan, Sajjad A. Madani, and Samee U. Khan. 2016. Scalability issues in online social networks. ACM Computing Surveys 49, 2, 40. Google ScholarDigital Library
- Htoo Aung Maw, Hannan Xiao, Bruce Christianson, and James A. Malcolm. 2016. BTG-AC: Break-the-glass access control model for medical data in wireless sensor networks. IEEE Journal of Biomedical and Health Informatics 20, 3, 763--774.Google ScholarCross Ref
- Satoshi Nakamoto. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. Retrieved March 14, 2018, from https://bitcoin.org/bitcoin.pdf.Google Scholar
- Keshnee Padayachee and Jan H. P. Eloff. 2009. Adapting usage control as a deterrent to address the inadequacies of access controls. Computers and Security 28, 7, 536--544. Google ScholarDigital Library
- Moses L. Pava. 2013. Auditing: Accounting. Retrieved March 14, 2018, from http://www.britannica.com/EBchecked/topic/42575/auditing.Google Scholar
- Siani Pearson and Marco Casassa Mont. 2011. Sticky policies: An approach for managing privacy across multiple parties. Computer 44. 9, 60--68. Google ScholarDigital Library
- Raluca Ada Popa, Frank H. Li, and Nickolai Zeldovich. 2013. An ideal-security protocol for order-preserving encoding. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP’13). IEEE, Los Alamitos, CA, 463--477. Google ScholarDigital Library
- Siraj Raval. 2016. Decentralized Applications: Harnessing Bitcoin’s Blockchain Technology. O’Reilly Media. Google ScholarDigital Library
- Cliff Saran. 2014. Tim Berners-Lee: Data Sharing Needs Accountability. Retrieved March 14, 2018, from http://www.computerweekly.com/news/2240232292/Tim-Berners-Lee-Data-sharing-needs-accountability.Google Scholar
- Li Shu and William Weinstein. 2007. Camouflage of network traffic to resist attack. US Patent 7,171,493.Google Scholar
- Antonino Simone, Boris Škorić, and Nicola Zannone. 2012. Flow-based reputation: More than just ranking. International Journal of Information Technology and Decision Making 11, 03, 551--578.Google ScholarCross Ref
- Boris Škorić, Sebastiaan J. A. de Hoogh, and Nicola Zannone. 2016. Flow-based reputation with uncertainty: Evidence-based subjective logic. International Journal of Information Security 15, 4, 381--402. Google ScholarDigital Library
- Yonghong Wang, Chung-Wei Hang, and Munindar P. Singh. 2011. A probabilistic approach for maintaining trust based on evidence. Journal of Artificial Intelligence Research 40, 1, 221--267. Google ScholarDigital Library
- Daniel J. Weitzner, Harold Abelson, Tim Berners-Lee, Joan Feigenbaum, James Hendler, and Gerald Jay Sussman. 2008. Information accountability. Communications of the ACM 51, 6, 82--87. Google ScholarDigital Library
- Diana Wildschut. 2017. The need for citizen science in the transition to a sustainable peer-to-peer-society. Futures 91, 46--52.Google ScholarCross Ref
Index Terms
- Enhanced Audit Strategies for Collaborative and Accountable Data Sharing in Social Networks
Recommendations
Trust me, I'm accountable: trust and accountability online
CHI EA '99: CHI '99 Extended Abstracts on Human Factors in Computing SystemsWe live in an increasingly wired world. According to Robert Putnam, people are spending less time in persistent personal face to face interactions and more time in pursuits such as watching TV and using the Internet. At the same time, independently ...
Strategies for Encouraging Sharing in Social Networks for Professionals
IHC '16: Proceedings of the 15th Brazilian Symposium on Human Factors in Computing SystemsThe use of Online Social Networks (OSNs) has brought many challenges to its users. One of them is the compromise between the disclosure of personal information and privacy. In this work, we used the Semiotic Inspection Method (SIM) to analyze two OSNs ...
Dapping into the Fediverse: Analyzing What’s Trending on Mastodon Social
Social, Cultural, and Behavioral ModelingAbstractSocial media has changed the way we consume information daily. Most social media sites are centralized, meaning they are owned by a single entity, e.g., Facebook, Twitter, and YouTube. However, recently other forms of social media sites known as ...
Comments