Foundations and implementations of declarative access control for online social networks

  • Edward Caprin

Western Sydney University thesis: Doctoral thesis

Abstract

In a relatively short period of time Online Social Networks (OSNs) have become an integral part of many people's lives. They provide an easy to use environment for keeping in touch with family and friends, sharing content such as photos, and organising events. More often than not to fully utilise an OSN, users are required to disclose personal information. For instance, when setting up a new Facebook account new users need to provide a first and last name, email address, and their date of birth. Unsurprisingly, the widespread disclosure of personal information has led to growing concerns about OSN privacy management amongst academia, OSN users, and the wider community. Much of the concern focuses on the unintentional or inadvertent disclosure of one's personal information to unexpected parties. For example, a private photo of an OSN user at a wild party being unknowingly shared with their boss or coworkers. In this scenario the disclosure results in embarrassment for the user and potentially had a negative influence on their employer. Given in more serious instances an unwanted disclosure could lead to identity theft and, in extreme cases, physical harm it is important that they are addressed. In this research OSN privacy management is approached as an access control problem by proposing an Attribute-Based Access Control (ABAC) framework tailored to OSNs. This basis on the emerging model ABAC allows for the use of the wide assortment of security relevant information already present in OSNs when devising a user's access policies. Furthermore, this research performs a formal investigation of the challenges presented by the expression of, reasoning with, and update of ABAC policies. Through these investigations this research has developed formal foundations and implementations for each of these key facets of ABAC. The first of these foundations is the ABAC policy specification language SocACL. With features tailored to OSNs and semantics defined as a translation from SocACL to Answer Set Programming (ASP) the language allows for the application of logic programming techniques and research to aspects of OSN privacy management. By leveraging SocACL's ASP semantics, the language is supported by our proposed policy evaluation system based on the novel application of negotiations. Since at some point a user's SocACL or ABAC policies will need to be updated to reflect their ever changing privacy preferences, we have also developed a for- mal ABAC policy update methodology. This methodology considers OSN policy updates as reactionary, allowing for the user to define the update request as a set of observed, but, unwanted access control outcomes. Similar to our negotiation based policy evaluation, this policy update adopts techniques originally developed for logic programming. Each of these foundations is supported by a prototype implementation which makes use of ASP solvers to perform key computations. This thesis describes both the foundations and implementations of our OSN privacy management system comprised of ABAC policy expression, evaluation, and update formalisms. These formalisms are presented and analysed in their respective chapters. We also provide a technical overview of their implementations and discuss various case studies, experiments, and performance results.
Date of Award2016
Original languageEnglish

Keywords

  • online social networks
  • access control

Cite this

'