TY - JOUR
T1 - SocACL : an ASP-based access control language for Online Social Networks
AU - Caprin, Edward
AU - Zhang, Yan
PY - 2013
Y1 - 2013
N2 - Online Social Networks (OSNs), such as Facebook and LinkedIn, encourage their users to disclose significant amounts of personal information to facilitate connecting and sharing content with other users. This has resulted in some OSNs holding vast amounts of information about their users; all of which is readily available via their profile page. As such, OSNs are particularly vulnerable to privacy breach attacks [3]. With the impact these breaches varying from simply embarrassing the user, to negatively influencing the decision of a potential employer, identity theft and even physical harm it is important that these breaches are addressed. OSN operators have responded to privacy concerns by providing user customisable privacy settings. However, these have proven ineffective, often resulting in settings that do not reflect the intentions of the user [5]. This is in part due to the coarse-grained nature of the information on which these settings are based. In this research we approach privacy management in OSNs as an access control problem, proposing a fine-grained, formal Attribute-Based Access Control (ABAC) language; SocACL (Social Access Control Language). SocACL is based on Answer Set Programming (ASP) and allows for policy specification using the most abundant sources of information available in OSNs; user attributes and relationships.
AB - Online Social Networks (OSNs), such as Facebook and LinkedIn, encourage their users to disclose significant amounts of personal information to facilitate connecting and sharing content with other users. This has resulted in some OSNs holding vast amounts of information about their users; all of which is readily available via their profile page. As such, OSNs are particularly vulnerable to privacy breach attacks [3]. With the impact these breaches varying from simply embarrassing the user, to negatively influencing the decision of a potential employer, identity theft and even physical harm it is important that these breaches are addressed. OSN operators have responded to privacy concerns by providing user customisable privacy settings. However, these have proven ineffective, often resulting in settings that do not reflect the intentions of the user [5]. This is in part due to the coarse-grained nature of the information on which these settings are based. In this research we approach privacy management in OSNs as an access control problem, proposing a fine-grained, formal Attribute-Based Access Control (ABAC) language; SocACL (Social Access Control Language). SocACL is based on Answer Set Programming (ASP) and allows for policy specification using the most abundant sources of information available in OSNs; user attributes and relationships.
UR - http://handle.uws.edu.au:8081/1959.7/542488
U2 - 10.1007/978-3-642-40779-6_20
DO - 10.1007/978-3-642-40779-6_20
M3 - Article
SN - 0302-9743
VL - 8099
SP - 207
EP - 210
JO - Lecture Notes in Computer Science
JF - Lecture Notes in Computer Science
ER -