7th International Conference on Collaborative Computing: Networking, Applications and Worksharing

Research Article

Collaborative Access Control in On-line Social Networks

Download737 downloads
  • @INPROCEEDINGS{10.4108/icst.collaboratecom.2011.247109,
        author={Barbara Carminati and Elena Ferrari},
        title={Collaborative Access Control in On-line Social Networks},
        proceedings={7th International Conference on Collaborative Computing: Networking, Applications and Worksharing},
        publisher={IEEE},
        proceedings_a={COLLABORATECOM},
        year={2012},
        month={4},
        keywords={social networks collaborative security policies collaborative access control},
        doi={10.4108/icst.collaboratecom.2011.247109}
    }
    
  • Barbara Carminati
    Elena Ferrari
    Year: 2012
    Collaborative Access Control in On-line Social Networks
    COLLABORATECOM
    ICST
    DOI: 10.4108/icst.collaboratecom.2011.247109
Barbara Carminati1,*, Elena Ferrari1
  • 1: University of Insubria
*Contact email: barbara.carminati@uninsubria.it

Abstract

Topology-based access control is today a de-facto standard for protecting resources in On-line Social Networks (OSNs) both within the research community and commercial OSNs. According to this paradigm, authorization constraints specify the relationships (and possibly their depth and trust level) that should occur between the requestor and the resource owner to make the first able to access the required resource. In this paper, we show how topology-based access control can be enhanced by exploiting the collaboration among OSN users, which is the essence of any OSN. The need of user collaboration during access control enforcement arises by the fact that, different from traditional settings, in most OSN services users can reference other users in resources (e.g., a user can be tagged to a photo), and therefore it is generally not possible for a user to control the resources published by another user. For this reason, we introduce collaborative security policies, that is, access control policies identifying a set of collaborative users that must be involved during access control enforcement. Moreover, we discuss how user collaboration can also be exploited for policy administration and we present an architecture on support of collaborative policy enforcement.