Social access control language (SocACL)

Online Social Networks hold vast amounts of readily accessible personal information leaving them particularly vulnerable to privacy breach attacks [6]. With the impact these breaches varying from simply embarrassing the user, to negatively influencing the decision of potential employers, identity theft and even physical harm it is important that they are addressed. In this research we approach privacy management in OSNs as an access control problem. We propose a formal Attribute-Based Access Control (ABAC) language; SocACL. SocACL is based on Answer Set Programming (ASP) and allows for policy specification using the most abundant sources of information available in OSNs; user attributes and relationships. This paper outlines SocACL's core concepts, features, syntax and semantics

SocACL: An ASP-Based Access Control Language for Online Social Networks

Part 3: Extended AbstractsInternational audienceOnline Social Networks (OSNs), such as Facebook, encourage their users to disclose significant amounts of personal information to facilitate connecting and sharing content with other users. This has resulted in some OSNs holding vast amounts of information about their users; all of which is readily available via their profile page. As such, OSNs are particularly vulnerable to privacy breach attacks. With the impact these breaches varying from simply embarrassing the user, to negatively influencing the decision of a potential employer, identity theft and even physical harm it is important that these breaches are addressed. In this research we approach privacy management in OSNs as an access control problem, proposing a fine-grained, formal Attribute-Based Access Control (ABAC) language; SocACL (Social Access Control Language). SocACL is based on Answer Set Programming (ASP) and allows for policy specification using the most abundant sources of information available in OSNs; user attributes and relationships

Foundations and implementations of declarative access control for online social networks

In a relatively short period of time Online Social Networks (OSNs) have become an integral part of many people's lives. They provide an easy to use environment for keeping in touch with family and friends, sharing content such as photos, and organising events. More often than not to fully utilise an OSN, users are required to disclose personal information. For instance, when setting up a new Facebook account new users need to provide a first and last name, email address, and their date of birth. Unsurprisingly, the widespread disclosure of personal information has led to growing concerns about OSN privacy management amongst academia, OSN users, and the wider community. Much of the concern focuses on the unintentional or inadvertent disclosure of one's personal information to unexpected parties. For example, a private photo of an OSN user at a wild party being unknowingly shared with their boss or coworkers. In this scenario the disclosure results in embarrassment for the user and potentially had a negative influence on their employer. Given in more serious instances an unwanted disclosure could lead to identity theft and, in extreme cases, physical harm it is important that they are addressed. In this research OSN privacy management is approached as an access control problem by proposing an Attribute-Based Access Control (ABAC) framework tailored to OSNs. This basis on the emerging model ABAC allows for the use of the wide assortment of security relevant information already present in OSNs when devising a user's access policies. Furthermore, this research performs a formal investigation of the challenges presented by the expression of, reasoning with, and update of ABAC policies. Through these investigations this research has developed formal foundations and implementations for each of these key facets of ABAC. The first of these foundations is the ABAC policy specification language SocACL. With features tailored to OSNs and semantics defined as a translation from SocACL to Answer Set Programming (ASP) the language allows for the application of logic programming techniques and research to aspects of OSN privacy management. By leveraging SocACL’s ASP semantics, the language is supported by our proposed policy evaluation system based on the novel application of negotiations. Since at some point a user's SocACL or ABAC policies will need to be updated to reflect their ever changing privacy preferences, we have also developed a for- mal ABAC policy update methodology. This methodology considers OSN policy updates as reactionary, allowing for the user to define the update request as a set of observed, but, unwanted access control outcomes. Similar to our negotiation based policy evaluation, this policy update adopts techniques originally developed for logic programming. Each of these foundations is supported by a prototype implementation which makes use of ASP solvers to perform key computations. This thesis describes both the foundations and implementations of our OSN privacy management system comprised of ABAC policy expression, evaluation, and update formalisms. These formalisms are presented and analysed in their respective chapters. We also provide a technical overview of their implementations and discuss various case studies, experiments, and performance results