Privacy of data is a basic requirement for all types of applications but is especially relevant to online social networks. These systems allow users to share personal data with their friends and thus rightfully desire to have enriched social interactions. Current access control models fulfill basic requirements of individual users but struggle to meet needs of social interactions such as multiparty privacy, politeness and asymmetric, non-reciprocal and intransitive nature of relationships. A personalized access control model, based on the social relations model and the socio-technical design paradigm, is proposed in this paper to satisfy these requirements. The model is formulated through extreme formal modeling and implemented through Facebook APIs. The model’s expressiveness is examined for overlapping policies of multiple users, its consistency is analyzed for conflicting and redundant policies and user acceptance testing is performed for validity. The results suggest that the proposed technique outperformed the existing one to secure data in multiparty interactions.
L.Bahri, B.Carminati and E.Ferrari, Coip-continuous, operable, impartial, and privacy-aware identity validity estimation for osn profiles, ACM Transactions on the Web (TWEB)10(4) (2016), 23.
M.Al-Qurishi, M.S.Hossain, M.Alrubaian, S.M.Rahman and A.Alamri, Leveraging Analysis of User Behavior to Identify Malicious Activities in Large-Scale Social Networks, IEEE Transactions on Industrial Informatics14(2) (2018) 799–813.
4.
K.S.Adewole, N.B.Anuar, A.Kamsin, K.D.Varathan and S.A.Razak, Malicious accounts: dark of the social networks, Journal of Network and Computer Applications79 (2017), 41–67.
5.
A.Aggarwal, J.Almeida and P.Kumaraguru, Detection of spam tipping behaviour on foursquare. In Proceedings of the 22nd International Conference on World Wide Web, ACM (2013), pp. 641–648.
M.Jiang, P.Cui and C.Faloutsos, Suspicious behavior detection: Current trends and future directions, IEEE Intelligent Systems31(1) (2016) 31–39.
8.
J.Wolak, D.Finkelhor, K.Mitchell and M.Ybarra, Online “predators” and their victims, Psychol. Violence1 (2010), 13–35.
9.
S.E.Middleton, S.Papadopoulos and Y.Kompatsiaris, Social computing for verifying social media content in breaking news, IEEE Internet Computing22(2) (2018), 83–89.
10.
A.Elyashar, M.Fire, D.Kagan and Y.Elovici, Homing socialbots: intrusion on a specific organization’s employee using Socialbots. In Advances in Social Networks Analysis and Mining (ASONAM), 2013 IEEE/ACM International Conference on (pp. 1358–1365). IEEE (2013, August).
11.
S.Livingstone, L.Haddon, A.Görzig and K.Ólafsson, Technical report and user guide: The 2010 EU kids online survey. (2011).
M.Fire, R.Goldschmidt and Y.Elovici, Online social networks: threats and solutions, IEEE Communications Surveys and Tutorials16(4) (2014), 2019–2036.
18.
G.Suntaxi-Oña and V.Varadharajan, A Comparative Analysis of the Social Graph Model and Multiparty Access Control Model for Online Social Networks, International Journal of Future Computer and Communication4(5) (2015), 290.
19.
Infoglide, Minormonitor-Facebook Monitoring and Parental Control Software. (n.d.). Retrieved 01 14, 2016, from http://www.minormonitor.com/
20.
P.O.Boykin and V.P.Roychowdhury, Leveraging social networks to fight spam. Computer38(4) (2005), 61–68.
21.
B.Whitworth and A.Ahmad, The social design of technical systems: Building technologies for communities. The Interaction Design Foundation. ISBN: 978-87-92964-03-8 (2014).
22.
M.D.Back and D.A.Kenny, The social relations model: How to understand dyadic processes. Social and Personality Psychology Compass4(10) (2010), 855–870.
23.
M.D.Back, S.C.Schmukle and B.Egloff, Becoming friends by chance, Psychological Science19(5) (2008), 439–440.
24.
J.B.AsendorpfL.Penke and M.D.Back, From dating to mating and relating: Predictors of initial and long-term outcomes of speed-dating in a community sample, European Journal of Personality25(1) (2011), 16–30.
25.
L.C.Miller and D.A.Kenny, Reciprocity of self-disclosure at the individual and dyadic levels: A social relations analysis, Journal of Personality and Social Psychology50(4) (1986), 713–719.
26.
E.M.Horn, W.G.Collier, J.A.Oxford, C.F.BondJr and D.F.Dansereau, Individual differences in dyadic cooperative learning, Journal of Educational Psychology90(1) (1998), 153–161.
27.
A.Tapiador, D.Carrera and J.Salvachúa, Tie-RBAC: an application of RBAC to Social Networks. Web 2.0 Security and Privacy (W2SP). Oakland, California (2011).
28.
J.Li, Y.Tang, C.Mao, H.Lai and J.Zhu, Role based access control for social network sites. In Pervasive Computing (JCPC), 2009 Joint Conferences on (pp. 389–394). IEEE.
29.
M.Hart, R.Johnson and A.Stent, More content-less control: Access control in the web 2.0. IEEE Web, 2. Workshop on Web 2.0 Security and Privacy at the IEEE Symposium on Security and Privacy. Oakland, California, USA (2007).
B.Whitworth and T.Liu, Politeness as a social computing requirement. In Handbook of conversation design for instructional applications (pp. 419–436). IGI Global (2008).
33.
J.Y.Tzeng, Toward a more civilized design: studying the effects of computers that apologize, International Journal of Human-Computer Studies61(3) (2004), 319–345.
34.
B.Ali, W.Villegas and M.Maheswaran, A trust based approach for protecting user data in social networks. In Proceedings of the 2007 conference of the center for advanced studies on Collaborative research (pp. 288–293). IBM Corp (2007, October).
35.
S.Baek and S.Kim, Trust-based access control model from sociological approach in dynamic online social network environment. The Scientific World Journal, 2014.
36.
X.Zhang and Q.Zhang, Online trust forming mechanism: approaches and an integrated model. In Proceedings of the 7th international conference on Electronic commerce (pp.201–209) (2005, August).
37.
J.Golbeck, Trust and nuanced profile similarity in online social networks, ACM Transactions on the Web (TWEB)3(4) (2009), 12.
38.
S.Omanakuttan and M.Chatterjee, Trust based access control for social networks (stbac). International Journal of Innovations in Engineering and Technology (IJIET), (pp.325–331) (2013).
39.
Y.Matsuo and H.Yamamoto, Community gravity: measuring bidirectional effects by trust and rating on online social networks. In Proceedings of the 18th international conference on World wide web (pp. 751–760). ACM (2009, April).
40.
N.Elahi, M.M.Chowdhury and J.Noll, Semantic access control in web based communities. In Computing in the Global Information Technology, 2008. ICCGI’08. The Third International Multi-Conference on (pp. 131–136). IEEE.
41.
G.Bruns, P.W.Fong, I.Siahaan and M.Huth, Relationship-based access control: its expression and enforcement through hybrid logic. In Proceedings of the second ACM conference on Data and Application Security and Privacy (pp. 117–124) (2012, Feb).
42.
J.Pang and Y.Zhang, A new access control scheme for Facebook-style social networks, Computers & Security54 (2015), 44–59.
43.
Y.Cheng, J.Park and R.Sandhu, An access control model for online social networks using user-to-user relationships, IEEE Transactions on Dependable and Secure Computing13(4) (2016), 424–436.
44.
G.Edjlali, A.Acharya and V.Chaudhary, History-based access control for mobile code. In Proceedings of the 5th ACM Conference on Computer and Communications Security (pp. 413–431) (1998, November).
45.
P.W.Fong, Relationship-based access control: protection model and policy language. In Proceedings of the first ACM conference on Data and application security and privacy (pp.191–202) (2011, Feb).
46.
P.Ilia, I.Polakis, E.Athanasopoulos, F.Maggi and S.Ioannidis, Face/off: Preventing privacy leakage from photos in social networks. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 781–792) (2015, October).
47.
M.Vanetti, E.Binaghi, B.Carminati, M.Carullo and E.Ferrari, Content-based filtering in on-line social networks. In International Workshop on Privacy and Security Issues in Data Mining and Machine Learning (pp. 127–140). Springer, Berlin, Heidelberg (2010, September).
48.
M.Zahak, M.Alizadeh and M.Abbaspour, Collaborative privacy management in P2P online social networks. In Information Security and Cryptology (ISCISC), 2015 12th International Iranian Society of Cryptology Conference on (pp. 64–72) (2015, September).
49.
E.Palomar, L.González-Manzano, A.Alcaide and Á. Galán, Implementing a privacy-enhanced attribute-based credential system for online social networks with co-ownership management, IET Information Security10(2) (2016), 60–68.
50.
C.Lee, W.Wang and Y.Guo, A Fine-Grained Multiparty Access Control Model for Photo Sharing in OSNs. In Data Science in Cyberspace (DSC), IEEE International Conference on (pp. 440–445) (2016, June).
51.
J.M.Such and N.Criado, Resolving multi-party privacy conflicts in social media, IEEE Transactions on Knowledge and Data Engineering28(7) (2016), 1851–1863.
52.
N.C.Rathore and S.Tripathy, A trust-based collaborative access control model with policy aggregation for online social networks, Social Network Analysis and Mining7(1) (2017) 7.
53.
K.Xu, Y.Guo, L.Guo, Y.Fang and X.Li, My privacy my decision: Control of photo sharing on online social networks, IEEE Transactions on Dependable and Secure Computing14(2) (2017), 199–210.
54.
Organisation for Economic Co-operation and Development: OECD guidelines on the protection of privacy and transborder flows of personal data of 1980. (n.d.). Retrieved 07 7, 2016., from oecd.org: http://www.oecd.org/.
55.
A.M.Lund, Measuring usability with the use questionnaire12, Usability Interface8(2) (2001), 3–6.
56.
R.M.Ryan, V.Mims and R.Koestner, Relation of reward contingency and interpersonal context to intrinsic motivation: A review and test using cognitive evaluation theory, Journal of personality and Social Psychology45(4) (1983), 736–750.
