A User-to-User Relationship-based Access Control Model for Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security.

Slides:



Advertisements
Similar presentations
QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.
Advertisements

Chapter 5: Tree Constructions
Access Control for Online Social Networks using Relationship Type Patterns Yuan Cheng Department of Computer Science University of Texas at San Antonio.
Heuristic Search techniques
Access Control & Privacy Preservation in Online Social Networks
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Resource Management §A resource can be a logical, such as a shared file, or physical, such as a CPU (a node of the distributed system). One of the functions.
Yinghui Wu, LFCS DB talk Database Group Meeting Talk Yinghui Wu 10/11/ Simulation Revised for Graph Pattern Matching.
Solving Problem by Searching
UnFriendly: Multi-Party Privacy Risks in Social Networks Kurt Thomas, Chris Grier, David M. Nicol.
A Provenance-based Access Control Model (PBAC) July 18, 2012 PST’12, Paris, France Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.
© 2006 Pearson Addison-Wesley. All rights reserved14 A-1 Chapter 14 excerpts Graphs (breadth-first-search)
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
11 World-Leading Research with Real-World Impact! Constraints Specification for Virtual Resource Orchestration in Cloud IaaS Constraints Specification.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
UNDERSTANDING VISIBLE AND LATENT INTERACTIONS IN ONLINE SOCIAL NETWORK Presented by: Nisha Ranga Under guidance of : Prof. Augustin Chaintreau.
Graph & BFS.
Explorations in Anonymous Communication Andrew Bortz with Luis von Ahn Nick Hopper Aladdin Center, Carnegie Mellon University, 8/19/2003.
Firewall Policy Queries Author: Alex X. Liu, Mohamed G. Gouda Publisher: IEEE Transaction on Parallel and Distributed Systems 2009 Presenter: Chen-Yu Chang.
MAE 552 – Heuristic Optimization Lecture 27 April 3, 2002
Connected Components, Directed Graphs, Topological Sort COMP171.
1 Draft of a Matchmaking Service Chuang liu. 2 Matchmaking Service Matchmaking Service is a service to help service providers to advertising their service.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Graphs & Graph Algorithms Nelson Padua-Perez Bill Pugh Department of Computer Science University of Maryland, College Park.
XML –Query Languages, Extracting from Relational Databases ADVANCED DATABASES Khawaja Mohiuddin Assistant Professor Department of Computer Sciences Bahria.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
Network Measures Social Media Mining. 2 Measures and Metrics 2 Social Media Mining Network Measures Klout.
11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
An XPath-based Preference Language for P3P IBM Almaden Research Center Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu.
Grant Number: IIS Institution of PI: Arizona State University PIs: Zoé Lacroix Title: Collaborative Research: Semantic Map of Biological Data.
11 World-Leading Research with Real-World Impact! Towards Provenance and Risk-Awareness in Social Computing Yuan Cheng, Dang Nguyen, Khalid Bijon, Ram.
On Data Provenance in Group-centric Secure Collaboration Oct. 17, 2011 CollaborateCom Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.
An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture.
Algorithm Course Dr. Aref Rashad February Algorithms Course..... Dr. Aref Rashad Part: 5 Graph Algorithms.
11 World-Leading Research with Real-World Impact! Risk-Aware RBAC Sessions Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security.
1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,
Specifying Personal Privacy Policies to Avoid Unexpected Outcomes George Yee and Larry Korba {George.Yee, PST 2005 October 12-14, 2005.
1 Attribute-Aware Relationship-Based Access Control for Online Social Networks World-Leading Research with Real-World Impact! Yuan Cheng, Jaehong Park.
1 RABAC : Role-Centric Attribute-Based Access Control MMM-ACNS 2012 Xin Jin, Ravi Sandhu, Ram Krishnan University of Texas at San Antonio San Antonio,
Chapter 5: Constraint Satisfaction ICS 171 Fall 2006.
1 Tutorial 14 Validating Documents with Schemas Exploring the XML Schema Vocabulary.
Discrete Structures Trees (Ch. 11)
11C. Linear Programming. What is a linear programming problem? 1.A set of variables (in Further Maths there will only ever be two variables) called decision.
Relationship-based Access Control for Online Social Networks: Beyond User-to-User Relationships Sep. 3, 2012 PASSAT 2012, Amsterdam, The Netherlands Yuan.
Protecting People Location Information September 29, 2002 Urs Hengartner & Peter Steenkiste.
Most of contents are provided by the website Graph Essentials TJTSD66: Advanced Topics in Social Media.
Dependency Path Patterns as the Foundation of Access Control in Provenance-aware Systems June 14, 2012 TaPP’12 Dang Nguyen, Jaehong Park and Ravi Sandhu.
Towards Social User Profiling: Unified and Discriminative Influence Model for Inferring Home Locations Rui Li, Shengjie Wang, Hongbo Deng, Rui Wang, Kevin.
Preserving User Privacy from Third-party Applications in Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security University.
1 Adaptive Subjective Triggers for Opinionated Document Retrieval (WSDM 09’) Kazuhiro Seki, Kuniaki Uehara Date: 11/02/09 Speaker: Hsu, Yu-Wen Advisor:
Computer Security: Principles and Practice
Concepts and Realization of a Diagram Editor Generator Based on Hypergraph Transformation Author: Mark Minas Presenter: Song Gu.
Search in State Spaces Problem solving as search Search consists of –state space –operators –start state –goal states A Search Tree is an efficient way.
Graph Search II GAM 376 Robin Burke. Outline Homework #3 Graph search review DFS, BFS A* search Iterative beam search IA* search Search in turn-based.
Policy Based Management for Internet Communities Kevin Feeney, Dave Lewis, Vinny Wade, Knowledge and Data Engineering Group Trinity College Dublin Policy.
Finding Regular Simple Paths Sept. 2013Yangjun Chen ACS Finding Regular Simple Paths in Graph Databases Basic definitions Regular paths Regular simple.
1 Ontology based Policy Interoperability Dr. Latifur Khan Tahseen Al-Khateeb Mohammad Alam Mohammad Farhan Husain.
Lecture 14 Page 1 CS 111 Online File Systems: Naming, Reliability, and Advanced Issues CS 111 On-Line MS Program Operating Systems Peter Reiher.
Best-first search is a search algorithm which explores a graph by expanding the most promising node chosen according to a specified rule.
Access Control Policy Languages in XML Lê Anh Vũ Võ Thành Vinh
Chapter 11. Chapter Summary  Introduction to trees (11.1)  Application of trees (11.2)  Tree traversal (11.3)  Spanning trees (11.4)
Working with Individual and Organizational Knowledge Introduction.
ReBAC in ABAC Tahmina Ahmed Department of Computer Science University of Texas at San Antonio 4/29/ Institute for Cyber Security World-Leading Research.
Extended ReBAC Administrative Models with Cascading Revocation and Provenance Support Yuan Cheng 1 , 2, Khalid Bijon 2, and Ravi Sandhu 1 Institute for.
Object-to-Object Relationship Based Access Control: Model and Multi-Cloud Demonstration Tahmina Ahmed, Farhan Patwa and Ravi Sandhu Department of Computer.
Institute for Cyber Security
E-Commerce Theories & Practices
Location Recommendation — for Out-of-Town Users in Location-Based Social Network Yina Meng.
Study Guide for ES205 Yu-Chi Ho Jonathan T. Lee Nov. 7, 2000
Presentation transcript:

A User-to-User Relationship-based Access Control Model for Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio 1 Institute for Cyber Security World-Leading Research with Real-World Impact!

Relationship-based Access Control Users in OSNs are connected with social relationships (user-to-user relationships) Owner of the resource can control its release based on such relationships between the access requester and the owner 2 World-Leading Research with Real-World Impact!

Problem OSNs keep massive resources and support enormous activities for users Users want to regulate access to their resources and activities related to them (as a requester or target) Some related users also expect control on how the resource or user can be exposed 3 World-Leading Research with Real-World Impact!

Motivating Example What current FofF approach cannot do? – User who is tagged in a photo wants to keep her image private (Related User’s Control) – Mom doesn’t want her kid to become friend with her colleagues (Parental Control) – Employee promotes his resume to headhunters without letting his current employer know (Allowing farther users but keeping closer users away) 4 World-Leading Research with Real-World Impact!

Characteristics of AC in OSNs Policy Individualization – Users define their own privacy and activity preferences – Related users can configure policies too – Collectively used by the system for control decision User and Resource as a Target – e.g., poke, messaging, friendship invitation, etc. User Policies for Outgoing and Incoming Actions – User can be either requester or target of activity – Allows control on 1) activities w/o knowing a particular resource and 2) activities against the user w/o knowing a particular access requestor – e.g., block notification of friend’s activities; restrict from viewing violent contents Relationship-based Access Control 5 World-Leading Research with Real-World Impact!

Solution Approach Using regular expression-based path pattern for arbitrary combination of relationship types Given relationship path pattern and hopcount limit, graph traversal algorithm checks the social graph to determine access 6 World-Leading Research with Real-World Impact!

Related Works The advantages of this approach: – Passive form of action allows outgoing and incoming action policy – Path pattern of different relationship types make policy specification more expressive 7 World-Leading Research with Real-World Impact!

Contributions Provide an access control policy model and access evaluation algorithm for OSNs based on user-to-user relationships with – Greater generality and flexibility of policy specification – Effective evaluation of policy predicate 8 World-Leading Research with Real-World Impact!

Outline Motivation UURAC Model Foundation UURAC Policy Specification Path-checking Algorithm Conclusions 9 World-Leading Research with Real-World Impact!

Social Networks Social graph is modeled as a directed labeled simple graph G= – Nodes U as users – Edges E as relationships – Σ={σ 1, σ 2, …,σ n, σ 1 -1, σ 2 -1,…, σ n -1 } as relationship types supported 10 World-Leading Research with Real-World Impact!

Policy Taxonomy 11

UURAC Model Components 12 U A : Accessing User U T : Target User U C : Controlling User R T : Target Resource AUP: Accessing User Policy TUP: Target User Policy TRP: Target Resource Policy SP: System Policy World-Leading Research with Real-World Impact!

Access Request and Evaluation Access Request – u a tries to perform action on target – Target can be either user u t or resource r t Policies and Relationships used for Access Evaluation – When u a requests to access a user u t u a ’s AUP, u t ’s TUP, SP U2U relationships between u a and u t – When u a requests to access a resource r t u a ’s AUP, r t ’s TRP (associated with u c ), SP U2U relationships between u a and u c 13 World-Leading Research with Real-World Impact!

Outline Motivation UURAC Model Foundation UURAC Policy Specification Path-checking Algorithm Conclusions 14 World-Leading Research with Real-World Impact!

Policy Representations action -1 in TUP and TRP is the passive form since it applies to the recipient of action TRP has an extra parameter r t to distinguish the actual target resource it applies to – owner(r t )  a list of u c  U2U relationships between u a and u c SP does not differentiate the active and passive forms SP for resource needs r.type to refine the scope of the resource 15 World-Leading Research with Real-World Impact!

Graph Rule Grammar 16 World-Leading Research with Real-World Impact!

Example 17 “Only Me” says that ua can only poke herself specifies that ut can only be poked by herself The Use of Negation Notation (fffc ˄ ¬fc) allows the coworkers of the user’s distant friends to see, while keeping away the coworkers of the user’s direct friends World-Leading Research with Real-World Impact!

Policy Collecting To authorize (u a, action, target) if target = u t – E.g., (Alice, poke, Harry) 18 AUP TUP SP P Alice P Harry P Sys World-Leading Research with Real-World Impact!

Policy Collecting To authorize (u a, action, target) if target = r t – Determine the controlling user for r t : u c  owner(r t ) – E.g., (Alice, read, file2) 19 P Alice P Harry P Sys AUP TRP SP World-Leading Research with Real-World Impact!

Policy Extraction Policy: Graph Rule: start, path rule Path Rule: path spec ∧ | ∨ path spec Path Spec: path, hopcount 20 It determines the starting node, where the evaluation starts The other user involved in access becomes the evaluating node Path-check each path spec using Algorithm 2 (introduced in detail later) World-Leading Research with Real-World Impact!

Policy Evaluation Evaluate a combined result based on conjunctive or disjunctive connectives between path specs Make a collective result for multiple policies in each policy set. – Policy conflicts may arise. We assume system level conflict resolution strategy is available (e.g., disjunctive, conjunctive, prioritized). Compose the final result from the result of each policy set (AUP, TUP/TRP, SP) 21 World-Leading Research with Real-World Impact!

Outline Motivation UURAC Model Foundation UURAC Policy Specification Path-checking Algorithm Conclusions 22 World-Leading Research with Real-World Impact!

Brief Intro Parameters: G, path, hopcount, s, t Traversal Order: Depth-First Search – Why not BFS? Activities in OSN typically occur among people with close distance DFS needs only one pair of variables to keep the current status and history of exploration Hopcount limit prevents DFS from lengthy useless search 23 World-Leading Research with Real-World Impact!

Initiation 24 Access Request: (Alice, read, r t ) Policy: (read -1, r t, (f*cf*, 3)) Path pattern: f*cf* Hopcount: 3 f п0п0 п0п0 п1п1 п1п1 п2п2 п2п2 п3п3 п3п3 f f c c f DFA for f*cf* World-Leading Research with Real-World Impact!

25 George Fred Carol Harry Ed Alice Dave Bob f f c f f f f f f f c c c п0п0 п0п0 п1п1 п1п1 п2п2 п2п2 п3п3 п3п3 f f c c f d: 0 currentPath: Ø stateHistory: 0 Path pattern: f*cf* Hopcount: 3 Harry п0п0 п0п0 Dave п1п1 п1п1 d: 1 currentPath: (H,D,f) stateHistory: 01 Case 1: next node is already visited, thus creates a self loop d: 2 currentPath: (H,D,f)(D,B,f) stateHistory: 011 f Bob Alice Case 3: currentPath matches the prefix of the pattern, but DFA not at an accepting state d: 2 currentPath: (H,D,f)(D,B,c) stateHistory: 012 п2п2 п2п2 п3п3 п3п3 d: 3 currentPath: (H,D,f)(D,B,c)(B,A,f) stateHistory: 0123 Case 2: found a matching path and DFA reached an accepting state

Complexity Time complexity is bounded between [O(dmin Hopcount ),O(dmax Hopcount ) ], where dmax and dmin are maximum and minimum out-degree of node – Users in OSNs usually connect with a small group of users directly, the social graph is very sparse – Given the constraints on the relationship types and hopcount limit, the size of the graph to be explored can be dramatically reduced 26 World-Leading Research with Real-World Impact!

Outline Motivation UURAC Model Foundation UURAC Policy Specification Path-checking Algorithm Conclusions 27 World-Leading Research with Real-World Impact!

Summary Proposed a U2U relationship-based model and a regular expression-based policy specification language for OSNs Provided a DFS-based path checking algorithm 28 World-Leading Research with Real-World Impact!

Future Work Possible extensions: – Exploit U2R and R2R relationships – Incorporate predicate expressions for attribute- based control – Capture unconventional relationships 29 World-Leading Research with Real-World Impact!

Questions 30 World-Leading Research with Real-World Impact!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.