1st International ICST Workshop on Security in Opportunistic and Social Networks

Research Article

On the need for user-defined fine-grained access control policies for social networking applications

  • @INPROCEEDINGS{10.1145/1461469.1461470,
        author={Andrew Simpson},
        title={On the need for user-defined fine-grained access control policies for social networking applications},
        proceedings={1st International ICST Workshop on Security in Opportunistic and Social Networks},
        publisher={ACM},
        proceedings_a={SOSOC},
        year={2008},
        month={9},
        keywords={social networks privacy access control},
        doi={10.1145/1461469.1461470}
    }
    
  • Andrew Simpson
    Year: 2008
    On the need for user-defined fine-grained access control policies for social networking applications
    SOSOC
    ACM
    DOI: 10.1145/1461469.1461470
Andrew Simpson1,*
  • 1: Oxford University Computing Laboratory Wolfson Building, Parks Road, Oxford OX1 3QD United Kingdom
*Contact email: Andrew.simpson@comlab.ox.ac.uk

Abstract

The increasing popularity in social network web sites is giving rise to new classes of security and privacy concerns. The effective management of these threats will require a three-pronged approach, involving a combination of social, legal and technical solutions. At the heart of the issue is the notion of emph{trust}: in sharing personal data, individuals are placing their trust not only in those responsible for these sites, but in other members of their virtual communities. In this paper we draw parallels with the issues of data sharing and trust that have arisen in the e-* (by which we mean e-Science, e-Research, e-Health, e-Business, etc.) arenas. Specifically, we concern ourselves with authorisation, and argue that members of such social networks should have the opportunity to construct fine-grained access control policies that meet their particular requirements and circumstances, and, in addition, should be able to observe appropriate audit information.