Abstract
Relationship-based access control (ReBAC) has been adopted as themost prominent approach for access control in online social networks (OSNs), where authorization policies are typically specified in terms of relationships of certain types and/or depth between the access requester and the target. However, using relationships alone is often not sufficient to enforce various security and privacy requirements that meet the expectation fromtoday’sOSN users. In thiswork, we integrate attribute-based policies into relationship-based access control. The proposed attribute-aware Re- BAC enhances access control capability and allows finer-grained controls that are not available in ReBAC. The policy specification language for the user-to-user relationship-based access control (UURAC) model proposed in [6] is extended to enable such attribute-aware access control. We also present an enhanced path-checking algorithm to determine the existence of the required attributes and relationships in order to grant access.
This work is partially supported by grant CNS-1111925 from the US National Science Foundation.
Chapter PDF
Similar content being viewed by others
References
Bruns, G., Fong, P.W., Siahaan, I., Huth, M.: Relationship-based access control: its expression and enforcement through hybrid logic. In: Proceedings of the Second CODASPY, pp. 117–124. ACM (2012)
Carminati, B., Ferrari, E., Heatherly, R., Kantarcioglu, M., Thuraisingham, B.: A semantic web based framework for social network access control. In: Proceedings of the 14th SACMAT, pp. 177–186. ACM (2009)
Carminati, B., Ferrari, E., Perego, A.: Rule-based access control for social networks. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4278, pp. 1734–1744. Springer, Heidelberg (2006)
Carminati, B., Ferrari, E., Perego, A.: Enforcing access control in web-based social networks. ACM TISSEC 13(1), 6 (2009)
Cheng, Y., Park, J., Sandhu, R.: Relationship-based access control for online social networks: beyond user-to-user relationships. In: PASSAT 2012, pp. 646–655. IEEE (2012)
Cheng, Y., Park, J., Sandhu, R.: A user-to-user relationship-based access control model for online social networks. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 8–24. Springer, Heidelberg (2012)
Fong, P.W.: Relationship-based access control: protection model and policy language. In: Proceedings of the First CODASPY, pp. 191–202. ACM (2011)
Fong, P.W.L., Anwar, M., Zhao, Z.: A privacy preservation model for facebook-style social network systems. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 303–320. Springer, Heidelberg (2009)
Fong, P.W., Siahaan, I.: Relationship-based access control policies and their policy languages. In: Proceedings of the 16th SACMAT, pp. 51–60. ACM (2011)
Gates, C.: Access control requirements for Web 2.0 security and privacy. IEEE Web 2.0 (2007)
Golbeck, J., Hendler, J.: Inferring binary trust relationships in web-based social networks. ACM Transactions on Internet Technology (TOIT) 6(4), 497–529 (2006)
Golbeck, J.A.: Computing and Applying Trust in Web-based Social Networks. PhD thesis, University of Maryland at College Park, College Park, MD, USA (2005)
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012)
Kruk, S.R., Grzonkowski, S., Gzella, A., Woroniecki, T., Choi, H.-C.: D-FOAF: Distributed identity management with access rights delegation. In: Mizoguchi, R., Shi, Z.-Z., Giunchiglia, F. (eds.) ASWC 2006. LNCS, vol. 4185, pp. 140–154. Springer, Heidelberg (2006)
Masoumzadeh, A., Joshi, J.: OSNAC: an ontology-based access control model for social networking systems. In: SocialCom 2010, pp. 751–759. IEEE (2010)
Park, J., Sandhu, R., Cheng, Y.: ACON: activity-centric access control for social computing. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pp. 242–247. IEEE (2011)
Park, J., Sandhu, R., Cheng, Y.: A user-activity-centric framework for access control in online social networks. IEEE Internet Computing 15(5), 62–65 (2011)
Shen, H., Hong, F.: An attribute-based access control model for web services. In: PDCAT 2006, pp. 74–79. IEEE (2006)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of the IEEE ICWS, pp. 561–569. IEEE (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Cheng, Y., Park, J., Sandhu, R. (2014). Attribute-Aware Relationship-Based Access Control for Online Social Networks. In: Atluri, V., Pernul, G. (eds) Data and Applications Security and Privacy XXVIII. DBSec 2014. Lecture Notes in Computer Science, vol 8566. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43936-4_19
Download citation
DOI: https://doi.org/10.1007/978-3-662-43936-4_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43935-7
Online ISBN: 978-3-662-43936-4
eBook Packages: Computer ScienceComputer Science (R0)