survey

Public Access

Survey on Access Control for Community-Centered Collaborative Systems

Authors:

Anna Squicciarini,

Nicola ZannoneAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 51, Issue 1

Article No.: 6, Pages 1 - 38

https://doi.org/10.1145/3146025

Published: 04 January 2018 Publication History

Abstract

The last decades have seen a growing interest and demand for community-centered collaborative systems and platforms. These systems and platforms aim to provide an environment in which users can collaboratively create, share, and manage resources. While offering attractive opportunities for online collaboration and information sharing, they also open several security and privacy issues. This has attracted several research efforts toward the design and implementation of novel access control solutions that can handle the complexity introduced by collaboration. Despite these efforts, transition to practice has been hindered by the lack of maturity of the proposed solutions. The access control mechanisms typically adopted by commercial collaborative systems like online social network websites and collaborative editing platforms, are still rather rudimentary and do not provide users with a sufficient control over their resources. This survey examines the growing literature on access control for collaborative systems centered on communities, and identifies the main challenges to be addressed in order to facilitate the adoption of collaborative access control solutions in real-life settings. Based on the literature study, we delineate a roadmap for future research in the area of access control for community-centered collaborative systems.

References

[1]

Gail-Joon Ahn, Jing Jin, and Mohamed Shehab. 2012. Policy-driven role-based access management for ad-hoc collaboration. J. Comput. Secur. 20, 2--3 (2012), 223--257.

[2]

Evangelos Aktoudianakis, Jason Crampton, Steve Schneider, Helen Treharne, and Adrian Waller. 2013. Policy templates for relationship-based access control. In Proceedings of Annual International Conference on Privacy, Security and Trust. IEEE, 221--228.

[3]

Mohd Anwar and Philip W. L. Fong. 2012. A visualization tool for evaluating access control policies in Facebook-style social network systems. In Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC’12). ACM, New York, 1443--1450.

Digital Library

[4]

Paul Ashley, Satoshi Hada, Günter Karjoth, Calvin Powers, and Matthias Schunter. 2003. Enterprise Privacy Authorization Language (EPAL 1.2).

[5]

Yousra Asim and Ahmad Kamran Malik. 2016. A survey on access control techniques for social networks. In Innovative Solutions for Access Control Management. IGI Global, 1--32.

[6]

Vijayalakshmi Atluri and Janice Warner. 2004. Automatic enforcement of access control policies among dynamic coalitions. In Proceedings of the 1st International Conference on Distributed Computing and Internet Technology (ICDCIT’04). Springer-Verlag, Berlin, 369--378.

Digital Library

[7]

Georgia Bafoutsou and Gregoris Mentzas. 2002. Review and functional classification of collaborative systems. Int. J. Inf. Manag. 22, 4 (2002), 281--305.

Digital Library

[8]

Leila Bahri, Barbara Carminati, and Elena Ferrari. 2015. CARDS-collaborative audit and report data sharing for A-posteriori access control in DOSNs. In Proceedings of Conference on Collaboration and Internet Computing. IEEE, 36--45.

Digital Library

[9]

Sasha A. Barab, Rob Kling, and James H. Gray. 2004. Designing for Virtual Communities in the Service of Learning. Cambridge University Press.

[10]

Elisa Bertino, Barbara Catania, Elena Ferrari, and Paolo Perlasca. 2003. A logical framework for reasoning about access control models. ACM Trans. Inf. Syst. Secur. 6, 1 (2003), 71--127.

Digital Library

[11]

Rafae Bhatti, Elisa Bertino, and Arif Ghafoor. 2005. A trust-based context-aware access control model for web-services. Distributed and Parallel Databases 18, 1 (2005), 83--105.

Digital Library

[12]

Piero A. Bonatti, Ernesto Damiani, Sabrina de Capitani, and Pierangela Samarati. 2001. A component-based architecture for secure data publication. In Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC’01). IEEE Computer Society, 309--318.

[13]

Glenn Bruns, Philip W. L. Fong, Ida Siahaan, and Michael Huth. 2012. Relationship-based access control: Its expression and enforcement through hybrid logic. In Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy. ACM, New York, 117--124.

Digital Library

[14]

Glenn Bruns and Michael Huth. 2011. Access control via belnap logic: Intuitive, expressive, and analyzable policy composition. ACM Trans. Inf. Syst. Secur. 14, 1, Article 9 (2011), 27 pages.

Digital Library

[15]

Adrian Bullock and Steve Benford. 1997. Access control in virtual environments. In Proceedings of the ACM Symposium on Virtual Reality Software and Technology (VRST’97). ACM, New York, 29--35.

Digital Library

[16]

Adrian Bullock and Steve Benford. 1999. An access control framework for multi-user collaborative environments. In Proceedings of the International ACM SIGGROUP Conference on Supporting Group Work (GROUP’99). ACM, New York, 140--149.

Digital Library

[17]

Xiang Cao and Lee Iverson. 2006. Intentional access management: Making access control usable for end-users. In Proceedings of the 2nd Symposium on Usable Privacy and Security (SOUPS’06). ACM, New York, 20--31.

Digital Library

[18]

Barbara Carminati and Elena Ferrari. 2008. Access control and privacy in web-based social networks. Int. J. Web Inf. Syst. 4, 4 (2008), 395--415.

[19]

Barbara Carminati and Elena Ferrari. 2010. Privacy-aware access control in social networks: Issues and solutions. In Privacy and Anonymity in Information Management Systems: New Techniques for New Practical Problems. Springer, London, 181--195.

[20]

Barbara Carminati and Elena Ferrari. 2011. Collaborative access control in on-line social networks. In Proceedings of International Conference on Collaborative Computing: Networking, Applications and Worksharing. IEEE, 231--240.

[21]

Barbara Carminati, Elena Ferrari, and Andrea Perego. 2006. Rule-based access control for social networks. In On the Move to Meaningful Internet Systems, Lecture Notes in Computer Science, Vol. 4278. Springer-Verlag, Berlin, 1734--1744.

Digital Library

[22]

Barbara Carminati, Elena Ferrari, and Andrea Perego. 2009. Enforcing access control in web-based social networks. ACM Trans. Inf. Syst. Secur. 13, 1, Article 6 (2009), 38 pages.

Digital Library

[23]

Eve Cohen, Roshan K. Thomas, William Winsborough, and Deborah Shands. 2002. Models for coalition-based access control (CBAC). In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT’02). ACM, New York, 97--106.

Digital Library

[24]

Jason Crampton and James Sellwood. 2014. Path conditions and principal matching: A new approach to access control. In Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT’14). ACM, New York, 187--198.

Digital Library

[25]

Stan Damen, Jerry den Hartog, and Nicola Zannone. 2014. CollAC: Collaborative access control. In Proceedings of International Conference on Collaboration Technologies and Systems. IEEE, 142--149.

[26]

Stan Damen and Nicola Zannone. 2013. Privacy implications of privacy settings and tagging in Facebook. In Secure Data Management, Lecture Notes in Computer Science, Vol. 8425. Springer International Publishing, Cham, Switzerland, 121--138.

Digital Library

[27]

Jerry den Hartog and Nicola Zannone. 2016. Collaborative access decisions: Why has my decision not been enforced? In Proceedings of the 12th International Conference on Information Systems Security, Lecture Notes in Computer Science, Vol. 10063. Springer International Publishing, Cham, Switzerland, 109--130.

[28]

Jerry den Hartog and Nicola Zannone. 2016. A policy framework for data fusion and derived data control. In Proceedings of the ACM International Workshop on Attribute Based Access Control. ACM, New York, 47--57.

Digital Library

[29]

Marina Egea, Federica Paci, Marinella Petrocchi, and Nicola Zannone. 2013. PERSONA - A personalized data protection framework. In Trust Management VII (IFIP Advances in Information and Communication Technology), Vol. 401. Springer, Berlin, 272--280.

[30]

Lujun Fang and Kristen LeFevre. 2010. Privacy wizards for social networking sites. In Proceedings of the 19th International Conference on World Wide Web (WWW’10). ACM, New York, 351--360.

Digital Library

[31]

Elena Ferrari. 2010. Access control in data management systems. Synth. Lect. Data Manag. 2, 1 (2010), 1--117.

[32]

Ricard L. Fogues, Pradeep K. Murukannaiah, Jose M. Such, and Munindar P. Singh. 2017. Sharing policies in multiuser privacy scenarios: Incorporating context, preferences, and arguments in decision making. ACM Trans. Comput.-Hum. Interact. 24, 1 (2017), 5:1--5:29.

Digital Library

[33]

Philip W. L. Fong. 2011. Relationship-based access control: Protection model and policy language. In Proceedings of the 1st ACM Conference on Data and Application Security and Privacy. ACM, New York, 191--202.

Digital Library

[34]

Philip W. L. Fong, Pooya Mehregan, and Ram Krishnan. 2013. Relational abstraction in community-based secure collaboration. In Proceedings of the 2013 ACM SIGSAC Conference on Computer 8 Communications Security (CCS’13). ACM, New York, 585--598.

Digital Library

[35]

Philip W. L. Fong and Ida Siahaan. 2011. Relationship-based access control policies and their policy languages. In Proceedings of the 16th ACM Symposium on Access Control Models and Technologies. ACM, New York, 51--60.

Digital Library

[36]

Philip W. L. Fong, Mohd M. Anwar, and Zhen Zhao. 2009. A privacy preservation model for Facebook-style social network systems. In Proceedings of the 14th European Symposium on Research in Computer Security, Lecture Notes in Computer Science, Vol. 5789. Springer-Verlag, Berlin, 303--320.

[37]

Carrie E. Gates. 2007. Access control requirements for Web 2.0 security and privacy. In Proceedings of IEEE Web 2.0 Privacy and Security Workshop.

[38]

Sunil Kumar Ghai, Prateek Nigam, and Ponnurangam Kumaraguru. 2010. Cue: A framework for generating meaningful feedback in XACML. In Proceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration (SafeConfig’10). ACM, New York, 9--16.

Digital Library

[39]

Paolo Giorgini, Fabio Massacci, John Mylopoulos, and Nicola Zannone. 2006. Requirements engineering for trust management: Model, methodology, and reasoning. Int. J. Inf. Sec. 5, 4 (2006), 257--274.

Digital Library

[40]

Paolo Guarda and Nicola Zannone. 2009. Towards the development of privacy-aware systems. Inf. Softw. Technol. 51, 2 (2009), 337--350.

Digital Library

[41]

Hongxin Hu, Gail-Joon Ahn, and Jan Jorgensen. 2012. Enabling collaborative data sharing in google+. In Proceedings of IEEE Global Communications Conference. IEEE, 720--725.

[42]

Hongxin Hu, Gail-Joon Ahn, and Jan Jorgensen. 2011. Detecting and resolving privacy conflicts for collaborative data sharing in online social networks. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC’11). ACM, New York, 103--112.

Digital Library

[43]

Hongxin Hu, Gail-Joon Ahn, and Jan Jorgensen. 2013. Multiparty access control for online social networks: Model and mechanisms. IEEE Trans. Knowl. Data Eng. 25, 7 (2013), 1614--1627.

Digital Library

[44]

Hongxin Hu, Gail-Joon Ahn, Ziming Zhao, and Dejun Yang. 2014a. Game theoretic analysis of multiparty access control in online social networks. In Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT’14). ACM, New York, 93--102.

Digital Library

[45]

Vincent C. Hu, David Ferraiolo, Rick Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, and Karen Scarfone. 2014b. Guide to Attribute Based Access Control (ABAC) Definition and Considerations. NIST Special Publication 800-162. NIST National Institute of Standards and Technology.

[46]

Panagiotis Ilia, Barbara Carminati, Elena Ferrari, Paraskevi Fragopoulou, and Sotiris Ioannidis. 2017. SAMPAC: Socially-aware collaborative multi-party access control. In Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (CODASPY’17). ACM, New York, 71--82.

Digital Library

[47]

Panagiotis Ilia, Iasonas Polakis, Elias Athanasopoulos, Federico Maggi, and Sotiris Ioannidis. 2015. Face/off: Preventing privacy leakage from photos in social networks. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). ACM, New York, 781--792.

Digital Library

[48]

Sushil Jajodia, Pierangela Samarati, Maria Luisa Sapino, and V. S. Subrahmanian. 2001. Flexible support for multiple access control policies. ACM Trans. Database Syst. 26, 2 (2001), 214--260.

Digital Library

[49]

Simon Jones and Eamonn O’Neill. 2010. Feasibility of structural network clustering for group-based privacy control in social networks. In Proceedings of the 6th Symposium on Usable Privacy and Security (SOUPS’10). ACM, New York, Article 9, 13 pages.

Digital Library

[50]

Simon Jones and Eamonn O’Neill. 2011. Contextual dynamics of group-based sharing decisions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI’11). ACM, New York, 1777--1786.

Digital Library

[51]

Daniel Kahneman. 2003. Maps of bounded rationality: Psychology for behavioral economics. Am. Econ. Rev. 93, 5 (2003), 1449--1475.

[52]

Anas Abou El Kalam, Salem Benferhat, Alexandre Miège, Rania El Baida, Frédéric Cuppens, Claire Saurel, Philippe Balbiani, Yves Deswarte, and Gilles Trouessin. 2003. Organization based access control. In Proceedings of the 4th International Workshop on Policies for Distributed Systems and Networks. IEEE, Washington, DC, 120--131.

[53]

Myong H. Kang, Joon S. Park, and Judith N. Froscher. 2001. Access control mechanisms for inter-organizational workflow. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT’01). ACM, New York, 66--74.

Digital Library

[54]

Apu Kapadia, Geetanjali Sampemane, and Roy H. Campbell. 2004. KNOW why your access was denied: Regulating feedback for usable security. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS’04). ACM, New York, 52--61.

Digital Library

[55]

Imrul Kayes and Adriana Iamnitchi. 2015. A survey on privacy and security in online social networks. CoRR abs/1504.03342.

[56]

Taeseong Kim, Christopher D. Cera, William C. Regli, Hyunseung Choo, and JungHyun Han. 2006. Multi-level modeling and access control for data sharing in collaborative design. Adv. Eng. Inf. 20, 1 (2006), 47--57.

Digital Library

[57]

Peter Klemperer, Yuan Liang, Michelle Mazurek, Manya Sleeper, Blase Ur, Lujo Bauer, Lorrie Faith Cranor, Nitin Gupta, and Michael Reiter. 2012. Tag, you can see it&excl;: Using tags for access control in photo sharing. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI’12). ACM, New York, 377--386.

Digital Library

[58]

Spyros Kokolakis. 2017. Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Comput. Secur. 64 (2017), 122--134.

Digital Library

[59]

Ram Krishnan, Jianwei Niu, Ravi Sandhu, and William H. Winsborough. 2011. Group-centric secure information-sharing models for isolated groups. ACM Trans. Inf. Syst. Secur. 14, 3, Article 23 (2011), 29 pages.

Digital Library

[60]

Butler W. Lampson. 1974. Protection. SIGOPS Oper. Syst. Rev. 8, 1 (1974), 18--24.

Digital Library

[61]

Scott Lederer, Jason I. Hong, Anind K. Dey, and James A. Landay. 2004. Personal privacy through understanding and action: Five pitfalls for designers. Personal Ubiquitous Comput. 8, 6 (2004), 440--454.

[62]

Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. 2003. Delegation logic: A logic-based approach to distributed authorization. ACM Trans. Inf. Syst. Secur. 6, 1 (2003), 128--171.

Digital Library

[63]

Ninghui Li, John C. Mitchell, and William H. Winsborough. 2002. Design of a role-based trust-management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (SP’02). IEEE Computer Society, Washington, DC, 114--.

[64]

Ninghui Li, Qihua Wang, Wahbeh Qardaji, Elisa Bertino, Prathima Rao, Jorge Lobo, and Dan Lin. 2009. Access control policy combining: Theory meets practice. In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT’09). ACM, New York, 135--144.

Digital Library

[65]

Rauf Mahmudlu, Jerry den Hartog, and Nicola Zannone. 2016. Data governance 8 transparency for collaborative systems. In Data and Applications Security and Privacy (LNCS). Springer International Publishing, Cham, Switzerland, 199--216.

[66]

Ilaria Matteucci, Paolo Mori, and Marinella Petrocchi. 2012. Prioritized execution of privacy policies. In Data Privacy Management and Autonomous Spontaneous Security, Lecture Notes in Computer Science, Vol. 7731. Springer, Berlin, Heidelberg, 133--145.

[67]

Michelle L. Mazurek, Yuan Liang, William Melicher, Manya Sleeper, Lujo Bauer, Gregory R. Ganger, Nitin Gupta, and Michael K. Reiter. 2014. Toward strong, usable access control for shared distributed data. In Proceedings of the 12th USENIX Conference on File and Storage Technologies (FAST’14). USENIX, 89--103.

[68]

Alessandra Mazzia, Kristen LeFevre, and Eytan Adar. 2012. The PViz comprehension tool for social network privacy settings. In Proceedings of the 8th Symposium on Usable Privacy and Security (SOUPS’12). ACM, New York, Article 13, 12 pages.

Digital Library

[69]

Pietro Mazzoleni, Bruno Crispo, Swaminathan Sivasubramanian, and Elisa Bertino. 2008. XACML policy integration algorithms. ACM Trans. Inf. Syst. Secur. 11, 1, Article 4 (2008), 29 pages.

Digital Library

[70]

Patrick McDaniel and Atul Prakash. 2006. Methods and limitations of security policy reconciliation. ACM Trans. Inf. Syst. Secur. 9, 3 (2006), 259--291.

Digital Library

[71]

Caitlin McLaughlin and Jessica Vitak. 2012. Norm evolution and violation on facebook. New Media Soc. 14, 2 (2012), 299--315.

[72]

Pooya Mehregan and Philip W. L. Fong. 2016. Policy negotiation for co-owned resources in relationship-based access control. In Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies (SACMAT’16). ACM, New York, 125--136.

Digital Library

[73]

Judith S. Olson, Jonathan Grudin, and Eric Horvitz. 2005. A study of preferences for sharing and privacy. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI EA’05). ACM, New York, 1985--1988.

Digital Library

[74]

Jaehong Park and Ravi Sandhu. 2004. The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7, 1 (2004), 128--174.

Digital Library

[75]

João Paulo Pesce, Diego Las Casas, Gustavo Rauber, and Virgílio Almeida. 2012. Privacy attacks in social media using photo tagging networks: A case study with facebook. In Proceedings of the 1st Workshop on Privacy and Security in Online Social Media (PSOSM’12). ACM, New York, Article 4, 8 pages.

Digital Library

[76]

Charles E. Phillips, Jr., T. C. Ting, and Steven A. Demurjian. 2002. Information sharing and security in dynamic coalitions. In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT’02). ACM, New York, 87--96.

Digital Library

[77]

Moo-Ryong Ra, Ramesh Govindan, and Antonio Ortega. 2013. P3: Toward privacy-preserving photo sharing. In Proceedings of the 10th USENIX Conference on Networked Systems Design and Implementation. USENIX Association, 515--528.

[78]

Sarah Rajtmajer, Anna Squicciarini, Christopher Griffin, Sushama Karumanchi, and Alpana Tyagi. 2016. Constrained social-energy minimization for multi-party sharing in online social networks. In Proceedings of the 2016 International Conference on Autonomous Agents 8 Multiagent Systems. International Foundation for Autonomous Agents and Multiagent Systems, Richland, SC, 680--688.

[79]

Prathima Rao, Dan Lin, Elisa Bertino, Ninghui Li, and Jorge Lobo. 2011. Fine-grained integration of access control policies. Comput. Secur. 30, 2--3 (2011), 91--107.

Digital Library

[80]

Robert W. Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, Kelli Bacon, Keisha How, and Heather Strong. 2008. Expandable grids for visualizing and authoring computer security policies. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI’08). ACM, New York, 1473--1482.

Digital Library

[81]

Robert W. Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea. 2009. Effects of Access-control Policy Conflict-resolution Methods on Policy-authoring Usability. Technical Report CMU-CyLab-09-006. CyLab. 12 pages.

[82]

Jennifer Rode, Carolina Johansson, Paul DiGioia, Roberto Silva Filho, Kari Nies, David H. Nguyen, Jie Ren, Paul Dourish, and David Redmiles. 2006. Seeing further: Extending visualization as a basis for usable security. In Proceedings of the 2nd Symposium on Usable Privacy and Security (SOUPS’06). ACM, New York, 145--155.

Digital Library

[83]

Jerome H. Saltzer and Michael D. Schroeder. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 (1975), 1278--1308.

[84]

Pierangela Samarati and Sabrina De Capitani di Vimercati. 2000. Access control: Policies, models, and mechanisms. In Foundations of Security Analysis and Design, Lecture Notes in Computer Science, Vol. 2171. Springer, Berlin, 137--196.

[85]

Ravi S. Sandhu. 1996. Roles versus groups. In Proceedings of the 1st ACM Workshop on Role-based Access Control (RBAC’95). ACM, New York, 25--26.

Digital Library

[86]

Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. 1996. Role-based access control models. Computer 29, 2 (1996), 38--47.

Digital Library

[87]

Roman Schlegel, Apu Kapadia, and Adam J. Lee. 2011. Eyeing your exposure: Quantifying and controlling information sharing for improved privacy. In Proceedings of the 7th Symposium on Usable Privacy and Security (SOUPS’11). ACM, New York, Article 14, 14 pages.

Digital Library

[88]

HongHai Shen and Prasun Dewan. 1992. Access control for collaborative environments. In Proceedings of the 1992 ACM Conference on Computer-supported Cooperative Work (CSCW’92). ACM, New York, 51--58.

Digital Library

[89]

Herbert Alexander Simon. 1957. A behavioural model of rational choice. In Models of Man: Social and Rational; Mathematical Essays on Rational Human Behavior in a Social Setting. J. Wiley, New York, 241--260.

[90]

Eleftherios Spyromitros-Xioufis, Symeon Papadopoulos, Adrian Popescu, and Yiannis Kompatsiaris. 2016. Personalized privacy-aware image classification. In Proceedings of the 2016 ACM on International Conference on Multimedia Retrieval (ICMR’16). ACM, New York, 71--78.

Digital Library

[91]

Anna Squicciarini, Cornelia Caragea, and Rahul Balakavi. 2017. Toward automated online photo privacy. ACM Trans. Web 11, 1, Article 2 (2017), 29 pages.

Digital Library

[92]

Anna Squicciarini, Sushama Karumanchi, Dan Lin, and Nicole Desisto. 2014a. Identifying hidden social circles for advanced privacy configuration. Comput. Secur. 41 (2014), 40--51.

Digital Library

[93]

Anna Squicciarini, Dan Lin, Smitha Sundareswaran, and Joshua Wede. 2015. Privacy policy inference of user-uploaded images on content sharing sites. IEEE Trans. Knowl. Data Eng. 27, 1 (2015), 193--206.

[94]

Anna Squicciarini, Federica Paci, and Smitha Sundareswaran. 2014b. PriMa: A comprehensive approach to privacy protection in social network sites. Ann. Télécommun. 69, 1--2 (2014), 21--36.

[95]

Anna Squicciarini, Mohamed Shehab, and Joshua Wede. 2010. Privacy policies for shared content in social network sites. VLDB J. 19, 6 (2010), 777--796.

Digital Library

[96]

Scott D. Stoller, Ping Yang, Mikhail I. Gofman, and C. R. Ramakrishnan. 2011. Symbolic reachability analysis for parameterized administrative role-based access control. Comput. Secur. 30, 2--3 (2011), 148--164.

Digital Library

[97]

Jose M. Such and Natalia Criado. 2016. Resolving multi-party privacy conflicts in social media. IEEE Trans. Knowl. Data Eng. 28, 7 (2016), 1851--1863.

[98]

Jose M. Such and Michael Rovatsos. 2016. Privacy policy negotiation in social media. ACM Trans. Auton. Adapt. Syst. 11, 1, Article 4 (2016), 29 pages.

Digital Library

[99]

Vivy Suhendra. 2011. A Survey on Access Control Deployment. Communications in Computer and Information Science, Vol. 259. Springer, Berlin, 11--20.

[100]

Roshan K. Thomas. 1997. Team-based access control (TMAC): A primitive for applying role-based access controls in collaborative environments. In Proceedings of the 2nd ACM Workshop on Role-based Access Control (RBAC’97). ACM, New York, 13--19.

Digital Library

[101]

Roshan K. Thomas and Ravi S. Sandhu. 1997. Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In DBSec. Springer US, Boston, MA, 166--181.

[102]

William Tolone, Gail-Joon Ahn, Tanusree Pai, and Seng-Phil Hong. 2005. Access control in collaborative systems. ACM Comput. Surv. 37, 1 (2005), 29--41.

Digital Library

[103]

Ashwini Kishore Tonge and Cornelia Caragea. 2016. Image privacy prediction using deep features. In Proceedings of the 13th AAAI Conference on Artificial Intelligence. AAAI Press, 4266--4267.

[104]

Daniel Trivellato, Nicola Zannone, and Sandro Etalle. 2014. GEM: A distributed goal evaluation algorithm for trust management. Theory and Practice of Logic Programming 14, 3 (2014), 293--337.

[105]

Daniel Trivellato, Nicola Zannone, Maurice Glaundrup, Jacek Skowronek, and Sandro Etalle. 2013. A semantic security framework for systems of systems. Int. J. Coop. Inf. Syst. 22, 1 (2013), 35.

[106]

Nishant Vishwamitra, Yifang Li, Kevin Wang, Hongxin Hu, Kelly Caine, and Gail-Joon Ahn. 2017. Towards PII-based multiparty access control for photo sharing in online social networks. In Proceedings of the 22nd ACM Symposium on Access Control Models and Technologies (SACMAT’17). ACM, New York, 155--166.

Digital Library

[107]

Jacques Wainer, Paulo Barthelmess, and Akhil Kumar. 2003. W-RBAC -- A workflow security model incorporating controlled overriding of constraints. Int. J. Coop. Inf. Syst. 12, 4 (2003), 455--485.

[108]

Yang Wang, Liang Gou, Anbang Xu, Michelle X. Zhou, Huahai Yang, and Hernan Badenes. 2015. VeilMe: An interactive visualization tool for privacy configuration of using personality traits. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI’15). ACM, New York, 817--826.

Digital Library

[109]

Ryan Wishart, Domenico Corapi, Srdjan Marinovic, and Morris Sloman. 2010. Collaborative privacy policy authoring in a social networking context. In Proceedings of the 2010 IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY’10). IEEE Computer Society, 1--8.

Digital Library

[110]

Pamela Wisniewski, Heng Xu, Heather Lipford, and Emmanuel Bello-Ogunu. 2015. Facebook apps and tagging: The trade-off between personal privacy and engaging with friends. J. Assoc. Inf. Sci. Technol. 66, 9 (2015), 1883--1896.

Digital Library

[111]

Claes Wohlin, Per Runeson, Martin Höst, Magnus C. Ohlsson, Bjöorn Regnell, and Anders Wesslén. 2000. Experimentation in Software Engineering: An Introduction. Kluwer Academic Publishers, Norwell, MA.

Digital Library

[112]

XACML v2.0. 2005. eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS.

[113]

XACML v3.0. 2013. eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS.

[114]

Qian Xiao and Kian-Lee Tan. 2012. Peer-aware collaborative access control in social networks. In Proceedings of International Conference on Collaborative Computing: Networking, Applications and Worksharing. IEEE, 30--39.

[115]

Xiaowei Xu, Nurcan Yuruk, Zhidan Feng, and Thomas A. J. Schweiger. 2007. SCAN: A structural clustering algorithm for networks. In Proceedings of the 13th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD’07). ACM, New York, 824--833.

Digital Library

[116]

Jun Yu, Baopeng Zhang, Zhengzhong Kuang, Dan Lin, and Jianping Fan. 2017. iPrivacy: Image privacy protection by identifying sensitive objects via deep multi-task learning. IEEE Trans. Inf. Forensics Sec. 12, 5 (2017), 1005--1016.

Digital Library

[117]

Sergej Zerr, Stefan Siersdorfer, Jonathon Hare, and Elena Demidova. 2012. Privacy-aware image classification and search. In Proceedings of the 35th International ACM SIGIR Conference on Research and Development in Information Retrieval (SIGIR’12). ACM, New York, 35--44.

Digital Library

Cited By

Seymour WRader E(2024)Speculating About Multi-user Conversational Interfaces and LLMs: What If Chatting Wasn't So Lonely?Proceedings of the 6th ACM Conference on Conversational User Interfaces10.1145/3640794.3665888(1-4)Online publication date: 8-Jul-2024
https://dl.acm.org/doi/10.1145/3640794.3665888
Lopriore L(2024)Hierarchical password capabilitiesInternational Journal of Parallel, Emergent and Distributed Systems10.1080/17445760.2024.237631639:5(572-588)Online publication date: 9-Jul-2024
https://doi.org/10.1080/17445760.2024.2376316
Ayodele TZhou S(2024)Cultivating Knowledge Sharing in Universities: An Innovative Approach Integrating Deep Learning for Collaborative Learning PlatformsIntelligent Systems and Applications10.1007/978-3-031-66329-1_27(415-437)Online publication date: 31-Jul-2024
https://doi.org/10.1007/978-3-031-66329-1_27
Show More Cited By

Index Terms

Survey on Access Control for Community-Centered Collaborative Systems
1. Human-centered computing
  1. Collaborative and social computing
    1. Collaborative and social computing systems and tools
2. Security and privacy
  1. Security services
    1. Access control

Recommendations

Privacy-Aware Collaborative Access Control in Web-Based Social Networks
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security

Access control over resources shared by social network users is today receiving growing attention due to the widespread use of social networks not only for recreational but also for business purposes. In a social network, access control is mainly ...
Policy decomposition for collaborative access control
SACMAT '08: Proceedings of the 13th ACM symposium on Access control models and technologies

With the advances in web service techniques, new collaborative applications have emerged like supply chain arrangements and coalition in government agencies. In such applications, the collaborating parties are responsible for managing and protecting ...
Dynamic access control administration for collaborative applications
ICCOMP'06: Proceedings of the 10th WSEAS international conference on Computers

Today's web-based collaborative applications need new approaches to overcome the shortcomings of classical access control. The limitations on administrative aspects of the existing security models and the requirements for more efficient management of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 51, Issue 1

January 2019

743 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3177787

Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering / University of Florida / Gainesville, FL

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 January 2018

Accepted: 01 September 2017

Revised: 01 September 2017

Received: 01 February 2017

Published in CSUR Volume 51, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

51
Total Citations
View Citations
1,962
Total Downloads

Downloads (Last 12 months)342
Downloads (Last 6 weeks)31

Reflects downloads up to 02 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Seymour WRader E(2024)Speculating About Multi-user Conversational Interfaces and LLMs: What If Chatting Wasn't So Lonely?Proceedings of the 6th ACM Conference on Conversational User Interfaces10.1145/3640794.3665888(1-4)Online publication date: 8-Jul-2024
https://dl.acm.org/doi/10.1145/3640794.3665888
Lopriore L(2024)Hierarchical password capabilitiesInternational Journal of Parallel, Emergent and Distributed Systems10.1080/17445760.2024.237631639:5(572-588)Online publication date: 9-Jul-2024
https://doi.org/10.1080/17445760.2024.2376316
Ayodele TZhou S(2024)Cultivating Knowledge Sharing in Universities: An Innovative Approach Integrating Deep Learning for Collaborative Learning PlatformsIntelligent Systems and Applications10.1007/978-3-031-66329-1_27(415-437)Online publication date: 31-Jul-2024
https://doi.org/10.1007/978-3-031-66329-1_27
Salgado AHung PFortes R(2023)Six usable privacy heuristicsProceedings of the XXII Brazilian Symposium on Human Factors in Computing Systems10.1145/3638067.3638111(1-11)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3638067.3638111
Zheng HLi SWang SLiu YSun L(2023)Harmonizing Access Control: A Unified Framework for Multi-Application Permission System Integration2023 5th International Academic Exchange Conference on Science and Technology Innovation (IAECST)10.1109/IAECST60924.2023.10502892(348-351)Online publication date: 8-Dec-2023
https://doi.org/10.1109/IAECST60924.2023.10502892
Wang YChandra AWeissman J(2023)SQuBA: Social Quorum Based Access Control for Open IoT Environments2023 IEEE International Conference on Edge Computing and Communications (EDGE)10.1109/EDGE60047.2023.00020(51-62)Online publication date: Jul-2023
https://doi.org/10.1109/EDGE60047.2023.00020
Golightly LModesti PGarcia RChang V(2023)Securing distributed systems: A survey on access control techniques for cloud, blockchain, IoT and SDNCyber Security and Applications10.1016/j.csa.2023.1000151(100015)Online publication date: Dec-2023
https://doi.org/10.1016/j.csa.2023.100015
De Salve AMori PRicci LDi Pietro R(2023)Content privacy enforcement models in decentralized online social networks: State of play, solutions, limitations, and future directionsComputer Communications10.1016/j.comcom.2023.02.023203(199-225)Online publication date: Apr-2023
https://doi.org/10.1016/j.comcom.2023.02.023
Obrezkov DSohr K(2023)UCAT: The Uniform Categorization for Access ControlFoundations and Practice of Security10.1007/978-3-031-57540-2_1(3-14)Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1007/978-3-031-57540-2_1
Xiao S(2022)An Evaluation of the Digital Photo Management Application - Based on Nielsen’s HeuristicsProceedings of the 2022 2nd International Conference on Computer Technology and Media Convergence Design (CTMCD 2022)10.2991/978-94-6463-046-6_34(284-293)Online publication date: 17-Dec-2022
https://doi.org/10.2991/978-94-6463-046-6_34
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents