Beyond user-to-user access control for online social networks

Mohamed Shehab, Anna Squicciarini, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

18 Citations (Scopus)

Abstract

With the development of Web 2.0 technologies, online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications (or APIs). At the same time, these open interfaces pose serious privacy concerns as third party applications are usually given full read access to the user profiles. Current related research has focused on mainly user-to-user interactions in social networks, and seems to ignore the third party applications. In this paper, we present an access control framework to manage the third party to user interactions. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services.

Original languageEnglish (US)
Title of host publicationInformation and Communications Security - 10th International Conference, ICICS 2008, Proceedings
Pages174-189
Number of pages16
DOIs
StatePublished - Dec 8 2008
Event10th International Conference on Information and Communications Security, ICICS 2008 - Birmingham, United Kingdom
Duration: Oct 20 2008Oct 22 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5308 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other10th International Conference on Information and Communications Security, ICICS 2008
CountryUnited Kingdom
CityBirmingham
Period10/20/0810/22/08

Fingerprint

Access Control
Access control
Social Networks
Attribute
User Profile
User Interaction
Web 2.0
Shortest Path Problem
Finite automata
State Machine
Application programming interfaces (API)
Interfaces (computer)
Specificity
Privacy
Sharing

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Shehab, M., Squicciarini, A., & Ahn, G. J. (2008). Beyond user-to-user access control for online social networks. In Information and Communications Security - 10th International Conference, ICICS 2008, Proceedings (pp. 174-189). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5308 LNCS). https://doi.org/10.1007/978-3-540-88625-9-12
Shehab, Mohamed ; Squicciarini, Anna ; Ahn, Gail Joon. / Beyond user-to-user access control for online social networks. Information and Communications Security - 10th International Conference, ICICS 2008, Proceedings. 2008. pp. 174-189 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{f63362298e85482b973e06ea1e58c4d5,
title = "Beyond user-to-user access control for online social networks",
abstract = "With the development of Web 2.0 technologies, online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications (or APIs). At the same time, these open interfaces pose serious privacy concerns as third party applications are usually given full read access to the user profiles. Current related research has focused on mainly user-to-user interactions in social networks, and seems to ignore the third party applications. In this paper, we present an access control framework to manage the third party to user interactions. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services.",
author = "Mohamed Shehab and Anna Squicciarini and Ahn, {Gail Joon}",
year = "2008",
month = "12",
day = "8",
doi = "10.1007/978-3-540-88625-9-12",
language = "English (US)",
isbn = "3540886249",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "174--189",
booktitle = "Information and Communications Security - 10th International Conference, ICICS 2008, Proceedings",

}

Shehab, M, Squicciarini, A & Ahn, GJ 2008, Beyond user-to-user access control for online social networks. in Information and Communications Security - 10th International Conference, ICICS 2008, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5308 LNCS, pp. 174-189, 10th International Conference on Information and Communications Security, ICICS 2008, Birmingham, United Kingdom, 10/20/08. https://doi.org/10.1007/978-3-540-88625-9-12

Beyond user-to-user access control for online social networks. / Shehab, Mohamed; Squicciarini, Anna; Ahn, Gail Joon.

Information and Communications Security - 10th International Conference, ICICS 2008, Proceedings. 2008. p. 174-189 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5308 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Beyond user-to-user access control for online social networks

AU - Shehab, Mohamed

AU - Squicciarini, Anna

AU - Ahn, Gail Joon

PY - 2008/12/8

Y1 - 2008/12/8

N2 - With the development of Web 2.0 technologies, online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications (or APIs). At the same time, these open interfaces pose serious privacy concerns as third party applications are usually given full read access to the user profiles. Current related research has focused on mainly user-to-user interactions in social networks, and seems to ignore the third party applications. In this paper, we present an access control framework to manage the third party to user interactions. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services.

AB - With the development of Web 2.0 technologies, online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications (or APIs). At the same time, these open interfaces pose serious privacy concerns as third party applications are usually given full read access to the user profiles. Current related research has focused on mainly user-to-user interactions in social networks, and seems to ignore the third party applications. In this paper, we present an access control framework to manage the third party to user interactions. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services.

UR - http://www.scopus.com/inward/record.url?scp=57049132798&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=57049132798&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-88625-9-12

DO - 10.1007/978-3-540-88625-9-12

M3 - Conference contribution

AN - SCOPUS:57049132798

SN - 3540886249

SN - 9783540886242

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 174

EP - 189

BT - Information and Communications Security - 10th International Conference, ICICS 2008, Proceedings

ER -

Shehab M, Squicciarini A, Ahn GJ. Beyond user-to-user access control for online social networks. In Information and Communications Security - 10th International Conference, ICICS 2008, Proceedings. 2008. p. 174-189. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-540-88625-9-12