Abstract
Decentralized online social networks (DOSNs) have adopted quite coarse-grained policies for sharing messages with friends of friends (i.e., resharing). They either forbid it completely or allow resharing of messages only without any possibility to constrain their subsequent distribution. In this article, we present a novel enforcement mechanism for securing resharing in DOSNs by relationship-based access control and user-determined privacy policies. Our mechanism supports resharing and offers users control over their messages after resharing. Moreover, it addresses the fact that DOSNs are run by multiple providers and honors users’ choices of which providers they trust. We clarify how our mechanism can be effectively implemented by a prototype for the DOSN Diaspora*. Our experimental evaluation shows that controlling privacy with our prototype causes only a rather small performance overhead.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Even the centralized OSN Facebook supports controlled resharing only with users with whom the message had been already shared with. The alternative in Facebook is uncontrolled sharing where users may arbitrarily reshare messages that they receive.
- 2.
Available at http://www.mais.informatik.tu-darmstadt.de/CReDiC.html.
References
Albertini, D.A., Carminati, B.: Relationship-based information sharing in cloud-based decentralized social networks. In: 4th Conference on Data and Application Security and Privacy, pp. 297–304 (2014)
Bahri, L., Carminati, B., Ferrari, E.: CARDS - Collaborative audit and report data sharing for a-posteriori access control in DOSNs. In: IEEE Conference on Collaboration and Internet Computing, pp. 36–45. IEEE Computer Society (2015)
Beato, F., Conti, M., Preneel, B., Vettore, D.: VirtualFriendship: hiding interactions on online social networks. In: Conference on Communications and Network Security, pp. 328–336 (2014)
Beth, T., Borcherding, M., Klein, B.: Valuation of trust in open networks. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 1–18. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-58618-0_53
Bodriagov, O., Kreitz, G., Buchegger, S.: Access control in decentralized online social networks: applying a policy-hiding cryptographic scheme and evaluating its performance. In: 2014 International Conference on Pervasive Computing and Communication Workshops, pp. 622–628 (2014)
Bruns, G., Fong, P.W.L., Siahaan, I., Huth, M.: Relationship-based access control: its expression and enforcement through hybrid logic. In: 2nd Conference on Data and Application Security and Privacy, pp. 117–124 (2012)
Buchegger, S., Schiöberg, D., Vu, L.-H., Datta, A.: PeerSoN: P2P social networking: early experiences and insights. In: 2nd EuroSys Workshop on Social Network Systems, pp. 46–52 (2009)
Carminati, B., Ferrari, E., Perego, A.: Enforcing access control in web-based social networks. Trans. Inf. Syst. Secur. 13(1), 6:1–6:38 (2009)
Conti, M., Hasani, A., Crispo, B.: Virtual private social networks and a facebook implementation. Trans. Web 7(3), 14:1–14:31 (2013)
Cutillo, L.A., Molva, R., Strufe, T.: Safebook: a privacy-preserving online social network leveraging on real-life trust. Commun. Mag. 47(12), 94–101 (2009)
Cutillo, L.A., Molva, R., Strufe, T.: Safebook: feasibility of transitive cooperation for privacy on a decentralized social network. In: 10th International Symposium on a World of Wireless, Mobile and Multimedia Networks, pp. 1–6 (2009)
Datta, A., Buchegger, S., Vu, L.-H., Strufe, T., Rzadca, K.: Decentralized online social networks. In: Furht, B. (ed.) Handbook of Social Network Technologies and Applications, pp. 349–378. Springer, Boston (2010). https://doi.org/10.1007/978-1-4419-7142-5_17
Fong, P.W.L.: Relationship-based access control: protection model and policy language. In: 1st Conference on Data and Application Security and Privacy, pp. 191–202 (2011)
Fong, P.W.L., Anwar, M., Zhao, Z.: A privacy preservation model for facebook-style social network systems. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 303–320. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_19
Gates, C.E.: Access control requirements for web 2.0 security and privacy. In: Workshop on Web 2.0 Security & Privacy (2007)
Gay, R., Hu, J., Mantel, H.: CliSeAu: securing distributed Java programs by cooperative dynamic enforcement. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 378–398. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13841-1_21
Golbeck, J.A.: Computing and applying trust in web-based social networks. Ph.D. thesis, University of Maryland (2005)
Grippi, D., Salzberg, M., Sofaer, R., Zhitomirskiy, I.: The Diaspora* Project, February 2016. http://diasporafoundation.org/
Hang, C., Wang, Y., Singh, M.P.: Operators for propagating trust and their evaluation in social networks. In: 8th International Joint Conference on Autonomous Agents and Multiagent Systems. vol. 2, pp. 1025–1032 (2009)
Hu, H., Ahn, G., Jorgensen, J.: Multiparty access control for online social networks: model and mechanisms. IEEE Trans. Knowl. Data Eng. 25(7), 1614–1627 (2013)
Jøsang, A.: A subjective metric of authentication. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 329–344. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055873
Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618–644 (2007)
Kruk, S.R., Grzonkowski, S., Gzella, A., Woroniecki, T., Choi, H.-C.: D-FOAF: distributed identity management with access rights delegation. In: Mizoguchi, R., Shi, Z., Giunchiglia, F. (eds.) ASWC 2006. LNCS, vol. 4185, pp. 140–154. Springer, Heidelberg (2006). https://doi.org/10.1007/11836025_15
Kumari, P., Pretschner, A., Peschla, J., Kuhn, J.M.: Distributed data usage control for web applications: a social network implementation. In: 1st Conference on Data and Application Security and Privacy, pp. 85–96 (2011)
Mao, H., Shuai, X., Kapadia, A.: Loose tweets: an analysis of privacy leaks on Twitter. In: 10th Annual ACM Workshop on Privacy in the Electronic Society, pp. 1–12 (2011)
Mayer, R.C., Davis, J.H., Schoorman, F.D.: An integrative model of organizational trust. Acad. Manag. Rev. 20(3), 709–734 (1995)
Oaks, S.: Java Performance - The Definitive Guide: Getting the Most Out of Your Code. O’Reilly, Sebastopol (2014)
Paul, T., Famulari, A., Strufe, T.: A survey on decentralized online social networks. Comput. Netw. 75, 437–452 (2014)
Trivellato, D., Zannone, N., Etalle, S.: GEM: a distributed goal evaluation algorithm for trust management. Theory Pract. Logic Program. 14(3), 293–337 (2014)
Wampler, D.: Aquarium: AOP in Ruby. In: Aspect Oriented Software Development (2008)
Acknowledgments
We thank the anonymous reviewers for their comments and thank Sarah Ereth for her feedback at an early stage of this work. This work was partially funded by CASED (www.cased.de) and by the DFG (German research foundation) under the project FM-SecEng in the Computer Science Action Program (MA 3326/1-3).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Gay, R., Hu, J., Mantel, H., Mazaheri, S. (2018). Relationship-Based Access Control for Resharing in Decentralized Online Social Networks. In: Imine, A., Fernandez, J., Marion, JY., Logrippo, L., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2017. Lecture Notes in Computer Science(), vol 10723. Springer, Cham. https://doi.org/10.1007/978-3-319-75650-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-75650-9_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-75649-3
Online ISBN: 978-3-319-75650-9
eBook Packages: Computer ScienceComputer Science (R0)