2. INTRODUCTION
ONLINE social networks (OSNs).
Virtual space and web pages.
User have no control over data residing outside their spaces.
Each user has a different privacy concerns about the data related
to them.
15-04-2015COET DEPT CSE
2
3. Each user can make a reference to his/her friends.
Reporting to OSNs only allows us to either keep or delete the content.
MPAC allows collaborative management of shared data.
Effectiveness and Flexibility of MPAC.
15-04-2015COET DEPT CSE
3
4. LITERATURE REVIEW
Representing and Reasoning about Web Access Control Policies: Gail- Joon Ahn
• Specifies access control policies for applications-mainly-cloud
Moving Beyond Untagging Photo Privacy in a Tagged World: Andrew Besmer
• Defines a set of rules
A Collaborative Framework for Privacy Protection in Online Social Networks: Huaixi Wang
• Provide encrypted data to server
• Each user make use of public, private keys
15-04-2015COET DEPT CSE
4
6. MPAC MODEL
• OSN can be represented by a relationship network , a set of user groups ,a
collection of user data .
• Existing access control schemes.
• Single access control scheme.
• Concept of Multiple controllers.
15-04-2015COET DEPT CSE
6
9. ACCESSOR
• Accessors are a set of users who are granted to access the
shared data
• sensitivity levels (SL) for conflict resolution.
• SL are multi dimensional with varying degree of sensitivity.
15-04-2015COET DEPT CSE
9
10. MPAC POLICY
A MPAC policy is a 5-tuple
Controller
Ctype
Accessor
Data
Effect
15-04-2015COET DEPT CSE
10
11. EXAMPLE
P = <controller; ctype; accessor; data; effect>
Data is specified as a tuple
p1 = (Alice,OW, {<friendOf,RN>},<status01, 0:50>,
permit) 15-04-2015COET DEPT CSE
11
13. • Different privacy concerns leads to conflicts
• Naïve solution
Allow common users.
Drawback
Too Restrictive
• Need for Effective Conflict resolution strategy
Maintain privacy and flexibility
15-04-2015COET DEPT CSE
13
14. MULTIPARTY POLICY EVALUATION
1. Voting scheme for decision making.
• Decision from each controller has an effect on final decision
• DV =
0 if evaluation of policy = Deny
1 if Evaluation of policy =Permit
• DVag=( DVow+DVcb+ 𝑖€𝑠𝑠 𝐷𝑉𝑠𝑡 ) ×
1
𝑚
where m is the no of controllers.
15-04-2015COET DEPT CSE
14
15. • Sensitivity voting. Each controller assigns an SL to the shared data
item to reflect her/his privacy concern.
• A sensitivity score (SC) (in the range from 0.00 to 1.00)
• SC=( SLow+SLcb+ 𝑖€𝑠𝑠 𝑆𝐿𝑠𝑡 ) ×
1
𝑚
15-04-2015COET DEPT CSE
15
16. 2.Threshold-Based Conflict Resolution
• If the Sc is higher, the final decision has a high chance to deny access
• Otherwise allow access
• Decision=
𝑃𝑒𝑟𝑚𝑖𝑡 𝑖𝑓 𝐷𝑉 𝑎𝑔 > 𝑆𝑐
𝐷𝑒𝑛𝑦 𝑖𝑓 𝐷𝑉 𝑎𝑔 ≤ 𝑆𝑐
• If any controller changes her/his policy or SL for the shared data item, the DV ag
and Sc will be recomputed,and the final decision may be changed accordingly
15-04-2015COET DEPT CSE
16
24. REFERENCES
G. Ahn and H. Hu, “Towards Realizing a Formal RBAC Model in Real Systems,” Proc. 12th ACM Symp. Access Control Models
and Technologies, pp. 215-224, 2007.
G. Ahn, H. Hu, J. Lee, and Y. Meng, “Representing and Reasoning about Web Access Control Policies,” Proc. IEEE 34th Ann.
Computer Software and Applications Conf. (COMPSAC), pp. 137-146, 2010.
Besmer and H.R. Lipford, “Moving beyond Untagging: Photo Privacy in a Tagged World,” Proc. 28th Int’l Conf. Human Factors in
Computing Systems, pp. 1563-1572, 2010.
L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda, “All Your Contacts Are Belong to Us: Automated Identity theft Attacks on Social
Networks,” Proc. 18th Int’l Conf. World Wide Web, pp. 551-560, 2009.
B. Carminati and E. Ferrari, “Collaborative Access Control in On- Line Social Networks,” Proc. Seventh Int’l Conf. Collaborative
Computing: Networking, Applications and Worksharing (Collaborate- Com), pp. 231-240, 2011.
15-04-2015COET DEPT CSE
24