skip to main content
10.1145/3029806.3029834acmconferencesArticle/Chapter ViewAbstractPublication PagescodaspyConference Proceedingsconference-collections
research-article

SAMPAC: Socially-Aware collaborative Multi-Party Access Control

Published: 22 March 2017 Publication History

Abstract

According to the current design of content sharing services, such as Online Social Networks (OSNs), typically (i) the service provider has unrestricted access to the uploaded resources and (ii) only the user uploading the resource is allowed to define access control permissions over it. This results in a lack of control from other users that are associated, in some way, with that resource. To cope with these issues, in this paper, we propose a privacy-preserving system that allows users to upload their resources encrypted, and we design a collaborative multi-party access control model allowing all the users related to a resource to participate in the specification of the access control policy. Our model employs a threshold-based secret sharing scheme, and by exploiting users' social relationships, sets the trusted friends of the associated users responsible to partially enforce the collective policy. Through replication of the secret shares and delegation of the access control enforcement role, our model ensures that resources are timely available when requested. Finally, our experiments demonstrate that the performance overhead of our model is minimal and that it does not significantly affect user experience.

References

[1]
Facebook Help Center - Tag Review. https://www.facebook.com/help/247746261926036/.
[2]
What powers instagram: Hundreds of instances, dozens of technologies. http://instagram-engineering.tumblr.com/post/13649370142/what-powers-instagram-hundreds-of-instances.
[3]
A. Acquisti and R. Gross. Imagined communities: Awareness, information sharing, and privacy on the facebook. In Proceedings of the 6th International Conference on Privacy Enhancing Technologies, PET'06, pages 36--58, 2006.
[4]
B. Ali, W. Villegas, and M. Maheswaran. A trust based approach for protecting user data in social networks. In Proceedings of the 2007 Conference of the Center for Advanced Studies on Collaborative Research, CASCON '07, pages 288--293, 2007.
[5]
R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: An online social network with user-defined privacy. In Proceedings of the ACM SIGCOMM 2009 Conference on Data Communication, SIGCOMM '09, 2009.
[6]
F. Beato, I. Ion, S.vCapkun, B. Preneel, and M. Langheinrich. For some eyes only: Protecting online information sharing. In Proceedings of the Third ACM Conference on Data and Application Security and Privacy, CODASPY '13, 2013.
[7]
A. Besmer and H. Richter Lipford. Moving beyond untagging: Photo privacy in a tagged world. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '10, 2010.
[8]
S. Buchegger, D. Schiöberg, L.-H. Vu, and A. Datta. Peerson: P2p social networking: Early experiences and insights. In Proceedings of the Second ACM EuroSys Workshop on Social Network Systems, SNS '09, 2009.
[9]
B. Carminati, E. Ferrari, and J. Girardi. Trust and share: Trusted information sharing in online social networks. In 2012 IEEE 28th International Conference on Data Engineering, pages 1281--1284, 2012.
[10]
B. Carminati, E. Ferrari, and A. Perego. Rule-based access control for social networks. In On the Move to Meaningful Internet Systems 2006: O™ 2006 Workshops, pages 1734--1744, 2006.
[11]
L. Cutillo, R. Molva, and T. Strufe. Safebook: A privacy-preserving online social network leveraging on real-life trust. Communications Magazine, IEEE, 47(12), 2009.
[12]
P. W. Fong. Relationship-based access control: Protection model and policy language. In Proceedings of the First ACM Conference on Data and Application Security and Privacy, CODASPY '11, 2011.
[13]
R. Gross and A. Acquisti. Information revelation and privacy in online social networks. In Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, WPES '05, pages 71--80, 2005.
[14]
H. Hu, G.-J. Ahn, and J. Jorgensen. Detecting and resolving privacy conflicts for collaborative data sharing in online social networks. In Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC '11, 2011.
[15]
H. Hu, G.-J. Ahn, and J. Jorgensen. Multiparty access control for online social networks: Model and mechanisms. Knowledge and Data Engineering, IEEE Transactions on, 25:1614--1627, 2013.
[16]
P. Ilia, I. Polakis, E. Athanasopoulos, F. Maggi, and S. Ioannidis. Face/off: Preventing privacy leakage from photos in social networks. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, 2015.
[17]
S. Jahid, S. Nilizadeh, P. Mittal, N. Borisov, and A. Kapadia. Decent: A decentralized architecture for enforcing privacy in online social networks. In 2012 IEEE International Conference on Pervasive Computing and Communications Workshops, 2012.
[18]
M. Johnson, S. Egelman, and S. M. Bellovin. Facebook and privacy: It's complicated. In Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS '12, pages 9:1--9:15, 2012.
[19]
P. Klemperer, Y. Liang, M. Mazurek, M. Sleeper, B. Ur, L. Bauer, L. F. Cranor, N. Gupta, and M. Reiter. Tag, you can see it!: Using tags for access control in photo sharing. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '12, pages 377--386, 2012.
[20]
B. Krishnamurthy and C. E. Wills. On the leakage of personally identifiable information via online social networks. In Proceedings of the 2Nd ACM Workshop on Online Social Networks, WOSN '09, 2009.
[21]
S. Landau. Making sense from snowden: What's significant in the nsa surveillance revelations. IEEE Security & Privacy, 11(4):54--63, 2013.
[22]
M. Madejski, M. Johnson, and S. Bellovin. A study of privacy settings errors in an online social network. In Pervasive Computing and Communications Workshops (PERCOM Workshops), 2012 IEEE International Conference on, pages 340--345, 2012.
[23]
G. Mezzour, A. Perrig, V. D. Gligor, and P. Papadimitratos. Privacy-preserving relationship path discovery in social networks. In Cryptology and Network Security, 8th International Conference, CANS, pages 189--208, 2009.
[24]
M. Ra, R. Govindan, and A. Ortega. P3: toward privacy-preserving photo sharing. In Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation, NSDI '13, 2013.
[25]
A. Shamir. How to share a secret. Commun. ACM, 22(11):612--613, 1979.
[26]
A. C. Squicciarini, M. Shehab, and F. Paci. Collective privacy management in social networks. In Proceedings of the 18th International Conference on World Wide Web, WWW '09, 2009.
[27]
A. C. Squicciarini, S. Sundareswaran, D. Lin, and J. Wede. A3p: Adaptive policy prediction for shared images over popular content sharing sites. In Proceedings of the 22Nd ACM Conference on Hypertext and Hypermedia, HT '11, 2011.
[28]
K. Thomas, C. Grier, and D. M. Nicol. Unfriendly: Multi-party privacy risks in social networks. In Proceedings of the 10th International Conference on Privacy Enhancing Technologies, PETS'10, 2010.
[29]
A. Tootoonchian, S. Saroiu, Y. Ganjali, and A. Wolman. Lockr: Better privacy for social networks. In Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, CoNEXT '09, 2009.
[30]
L. H. Vu, K. Aberer, S. Buchegger, and A. Datta. Enabling secure secret sharing in distributed online social networks. In Computer Security Applications Conference, 2009. ACSAC '09. Annual, pages 419--428, Dec 2009.
[31]
M. Xue, B. Carminati, and E. Ferrari. P3d - privacy-preserving path discovery in decentralized online social networks. In Computer Software and Applications Conference (COMPSAC), 2011 IEEE 35th Annual, pages 48--57, 2011.

Cited By

View all
  • (2023)Data Sharing in Social NetworksProceedings of the 28th ACM Symposium on Access Control Models and Technologies10.1145/3589608.3593833(181-192)Online publication date: 24-May-2023
  • (2023)On the Potential of Mediation Chatbots for Mitigating Multiparty Privacy Conflicts - A Wizard-of-Oz StudyProceedings of the ACM on Human-Computer Interaction10.1145/35796187:CSCW1(1-33)Online publication date: 16-Apr-2023
  • (2022)An Efficient Ciphertext-Policy Attribute-Based Encryption Scheme Supporting Collaborative Decryption With BlockchainIEEE Internet of Things Journal10.1109/JIOT.2021.30991719:4(2722-2733)Online publication date: 15-Feb-2022
  • Show More Cited By

Index Terms

  1. SAMPAC: Socially-Aware collaborative Multi-Party Access Control

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy
    March 2017
    382 pages
    ISBN:9781450345231
    DOI:10.1145/3029806
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 22 March 2017

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. multi-party access control
    2. online social networks
    3. privacy
    4. secret sharing

    Qualifiers

    • Research-article

    Funding Sources

    Conference

    CODASPY '17
    Sponsor:

    Acceptance Rates

    CODASPY '17 Paper Acceptance Rate 21 of 134 submissions, 16%;
    Overall Acceptance Rate 149 of 789 submissions, 19%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)25
    • Downloads (Last 6 weeks)3
    Reflects downloads up to 06 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2023)Data Sharing in Social NetworksProceedings of the 28th ACM Symposium on Access Control Models and Technologies10.1145/3589608.3593833(181-192)Online publication date: 24-May-2023
    • (2023)On the Potential of Mediation Chatbots for Mitigating Multiparty Privacy Conflicts - A Wizard-of-Oz StudyProceedings of the ACM on Human-Computer Interaction10.1145/35796187:CSCW1(1-33)Online publication date: 16-Apr-2023
    • (2022)An Efficient Ciphertext-Policy Attribute-Based Encryption Scheme Supporting Collaborative Decryption With BlockchainIEEE Internet of Things Journal10.1109/JIOT.2021.30991719:4(2722-2733)Online publication date: 15-Feb-2022
    • (2022)Attribute-Based Collaborative Access Control Scheme with Constant Ciphertext Length for Smart GridICC 2022 - IEEE International Conference on Communications10.1109/ICC45855.2022.9839086(540-546)Online publication date: 16-May-2022
    • (2022)A framework for the application of socio-technical design methodologyEthics and Information Technology10.1007/s10676-022-09651-024:4Online publication date: 1-Dec-2022
    • (2022)Trust Based Resolving of Conflicts for Collaborative Data Sharing in Online Social NetworksEmerging Technologies in Data Mining and Information Security10.1007/978-981-19-4052-1_5(35-48)Online publication date: 16-Sep-2022
    • (2022)A Collaborative Access Control Scheme Based on Incentive MechanismsCyberspace Safety and Security10.1007/978-3-031-18067-5_4(48-55)Online publication date: 29-Sep-2022
    • (2022)A fine‐grained medical data sharing scheme based on federated learningConcurrency and Computation: Practice and Experience10.1002/cpe.684735:20Online publication date: 22-Jan-2022
    • (2021)COLBAC: Shifting Cybersecurity from Hierarchical to Horizontal DesignsProceedings of the 2021 New Security Paradigms Workshop10.1145/3498891.3498903(13-27)Online publication date: 25-Oct-2021
    • (2021)“I thought you were okay”: Participatory Design with Young Adults to Fight Multiparty Privacy Conflicts in Online Social NetworksProceedings of the 2021 ACM Designing Interactive Systems Conference10.1145/3461778.3462040(104-124)Online publication date: 28-Jun-2021
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media