Analyzing web access control policies
Proceedings of the 16th international conference on World Wide Web
A semantic web based framework for social network access control
Proceedings of the 14th ACM symposium on Access control models and technologies
Enforcing access control in Web-based social networks
ACM Transactions on Information and System Security (TISSEC)
EXAM: a comprehensive environment for the analysis of access control policies
International Journal of Information Security
OSNAC: An Ontology-based Access Control Model for Social Networking Systems
SOCIALCOM '10 Proceedings of the 2010 IEEE Second International Conference on Social Computing
Relationship-based access control: protection model and policy language
Proceedings of the first ACM conference on Data and application security and privacy
Toward strong, usable access control for shared distributed data
FAST'14 Proceedings of the 12th USENIX conference on File and Storage Technologies
Hi-index | 0.00 |
In this paper, we propose a framework to formally analyze what privacy-sensitive information is protected by the stated policies of a Social Networking System (SNS), based on an expression of ideal protection policies for a user. Our ontology-based framework can capture complex and fine-grained privacy-sensitive information in SNSs, and find out missing policies, given a user's ideal policies, and SNS's privacy settings and described system policies. We propose notions of policy completeness for SNSs to facilitate such an analysis. Our case study of using this approach on Facebook shows that we can effectively identify important missing policies.