Towards provenance and risk-awareness in social computing
Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems
Preserving user privacy from third-party applications in online social networks
Proceedings of the 22nd international conference on World Wide Web companion
Relational abstraction in community-based secure collaboration
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
On protection in federated social computing systems
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
User-to-user (U2U) relationship-based access control has become the most prevalent approach for modeling access control in online social networks (OSNs), where authorization is typically made by tracking the existence of a U2U relationship of particular type and/or depth between the accessing user and the resource owner. However, today's OSN applications allow various user activities that cannot be controlled by using U2U relationships alone. In this paper, we develop a relationship-based access control model for OSNs that incorporates not only U2U relationships but also user-to-resource (U2R) and resource-to-resource (R2R) relationships. Furthermore, while most access control proposals for OSNs only focus on controlling users' normal usage activities, our model also captures controls on users' administrative activities. Authorization policies are defined in terms of patterns of relationship paths on social graph and the hop count limits of these path. The proposed policy specification language features hop count skipping of resource-related relationships, allowing more flexibility and expressive power. We also provide simple specifications of conflict resolution policies to resolve possible conflicts among authorization policies.