The document discusses a proposed MPAC (Multiparty Access Control) model for managing privacy in online social networks (OSNs). It addresses the issue that in current OSNs, each user has different privacy concerns about their data and lacks control over data shared with others. The MPAC model allows for collaborative management of shared data through multiple controllers, including the owner, contributors, stakeholders and disseminators. It also outlines conflict resolution strategies like voting schemes and sensitivity levels to make access decisions when controller policies conflict. Finally, it discusses a prototype and areas for future work like automatic tagging and encrypted data sharing under MPAC policies.

1. WELCOME
LEVIN SIBI
ROLL NO.12
REG.NO.12122011

2. INTRODUCTION
 ONLINE social networks (OSNs).
 Virtual space and web pages.
 User have no control over data residing outside their spaces.
 Each user has a different privacy concerns about the data related
to them.
15-04-2015COET DEPT CSE
2

3.  Each user can make a reference to his/her friends.
Reporting to OSNs only allows us to either keep or delete the content.
MPAC allows collaborative management of shared data.
Effectiveness and Flexibility of MPAC.
15-04-2015COET DEPT CSE
3

4. LITERATURE REVIEW
 Representing and Reasoning about Web Access Control Policies: Gail- Joon Ahn
• Specifies access control policies for applications-mainly-cloud
Moving Beyond Untagging Photo Privacy in a Tagged World: Andrew Besmer
• Defines a set of rules
A Collaborative Framework for Privacy Protection in Online Social Networks: Huaixi Wang
• Provide encrypted data to server
• Each user make use of public, private keys
15-04-2015COET DEPT CSE
4

5. MAJOR SCENARIOS
Profile sharing.
Content sharing.
Relationship sharing.
15-04-2015COET DEPT CSE
5

6. MPAC MODEL
• OSN can be represented by a relationship network , a set of user groups ,a
collection of user data .
• Existing access control schemes.
• Single access control scheme.
• Concept of Multiple controllers.
15-04-2015COET DEPT CSE
6

7. • Major controllers
• Owner
• Contributor
• Stakeholder
• Disseminator
15-04-2015COET DEPT CSE
7

8. 15-04-2015COET DEPT CSE
8

9. ACCESSOR
• Accessors are a set of users who are granted to access the
shared data
• sensitivity levels (SL) for conflict resolution.
• SL are multi dimensional with varying degree of sensitivity.
15-04-2015COET DEPT CSE
9

10. MPAC POLICY
A MPAC policy is a 5-tuple
Controller
Ctype
Accessor
Data
Effect
15-04-2015COET DEPT CSE
10

11. EXAMPLE
P = <controller; ctype; accessor; data; effect>
Data is specified as a tuple
p1 = (Alice,OW, {<friendOf,RN>},<status01, 0:50>,
permit) 15-04-2015COET DEPT CSE
11

12. Multiparty policy evaluation process
15-04-2015COET DEPT CSE
12

13. • Different privacy concerns leads to conflicts
• Naïve solution
 Allow common users.
Drawback
 Too Restrictive
• Need for Effective Conflict resolution strategy
 Maintain privacy and flexibility
15-04-2015COET DEPT CSE
13

14. MULTIPARTY POLICY EVALUATION
1. Voting scheme for decision making.
• Decision from each controller has an effect on final decision
• DV =
0 if evaluation of policy = Deny
1 if Evaluation of policy =Permit
• DVag=( DVow+DVcb+ 𝑖€𝑠𝑠 𝐷𝑉𝑠𝑡 ) ×
1
𝑚
where m is the no of controllers.
15-04-2015COET DEPT CSE
14

15. • Sensitivity voting. Each controller assigns an SL to the shared data
item to reflect her/his privacy concern.
• A sensitivity score (SC) (in the range from 0.00 to 1.00)
• SC=( SLow+SLcb+ 𝑖€𝑠𝑠 𝑆𝐿𝑠𝑡 ) ×
1
𝑚
15-04-2015COET DEPT CSE
15

16. 2.Threshold-Based Conflict Resolution
• If the Sc is higher, the final decision has a high chance to deny access
• Otherwise allow access
• Decision=
𝑃𝑒𝑟𝑚𝑖𝑡 𝑖𝑓 𝐷𝑉 𝑎𝑔 > 𝑆𝑐
𝐷𝑒𝑛𝑦 𝑖𝑓 𝐷𝑉 𝑎𝑔 ≤ 𝑆𝑐
• If any controller changes her/his policy or SL for the shared data item, the DV ag
and Sc will be recomputed,and the final decision may be changed accordingly
15-04-2015COET DEPT CSE
16

17. 3. STRATEGY-BASED CONFLICT RESOLUTION WITH
PRIVACY
RECOMMENDATION
• Major strategies
 Owner-overrides
Decision=
𝑃𝑒𝑟𝑚𝑖𝑡 𝐷𝑉𝑎𝑔 = 1
𝐷𝑒𝑛𝑦 𝐷𝑉𝑎𝑔 = 0
 Full-consensus-permit
Decision=
𝑃𝑒𝑟𝑚𝑖𝑡 𝐷𝑉𝑎𝑔 = 1
𝐷𝑒𝑛𝑦 𝑜𝑡ℎ𝑒𝑟𝑤𝑖𝑠𝑒
15-04-2015COET DEPT CSE
17

18.  Majority-permit
Decision=
𝑃𝑒𝑟𝑚𝑖𝑡 𝐷𝑉𝑎𝑔 ≥ 1/2
𝐷𝑒𝑛𝑦 𝐷𝑉𝑎𝑔 < 1/2
 Super-majority-permit
Decision=
𝑃𝑒𝑟𝑚𝑖𝑡 𝐷𝑉𝑎𝑔 ≥ 1/3
𝐷𝑒𝑛𝑦 𝐷𝑉𝑎𝑔 < 1/3
15-04-2015COET DEPT CSE
18

19. 4.CONFLICT RESOLUTION FOR
DISSEMINATION CONTROL
• Disseminator can specify his policy concerns
• Weaker policy problems
• Deny Overrides strategy
• Logical AND operation
15-04-2015COET DEPT CSE
19

20. 15-04-2015COET DEPT CSE
20

21. PROTOTYPE MODEL
15-04-2015COET DEPT CSE
21

22. FUTURE SCOPE
Auto-tagging
Encrypted Data Sharing
Advertisement policy specification
15-04-2015COET DEPT CSE
22

23. CONCLUSION
Multiparty policy specification
Mcontroller
Flexible selection of strategies
15-04-2015COET DEPT CSE
23

24. REFERENCES
 G. Ahn and H. Hu, “Towards Realizing a Formal RBAC Model in Real Systems,” Proc. 12th ACM Symp. Access Control Models
and Technologies, pp. 215-224, 2007.
 G. Ahn, H. Hu, J. Lee, and Y. Meng, “Representing and Reasoning about Web Access Control Policies,” Proc. IEEE 34th Ann.
Computer Software and Applications Conf. (COMPSAC), pp. 137-146, 2010.
 Besmer and H.R. Lipford, “Moving beyond Untagging: Photo Privacy in a Tagged World,” Proc. 28th Int’l Conf. Human Factors in
Computing Systems, pp. 1563-1572, 2010.
 L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda, “All Your Contacts Are Belong to Us: Automated Identity theft Attacks on Social
Networks,” Proc. 18th Int’l Conf. World Wide Web, pp. 551-560, 2009.
 B. Carminati and E. Ferrari, “Collaborative Access Control in On- Line Social Networks,” Proc. Seventh Int’l Conf. Collaborative
Computing: Networking, Applications and Worksharing (Collaborate- Com), pp. 231-240, 2011.
15-04-2015COET DEPT CSE
24

25. THANK YOU