The rapid development of communication and network technologies including mobile networks and GPS presents new characteristics of OSNs. These new characteristics pose extra requirements on the access control schemes of OSNs, which cannot be satisfied by relationship-based access control currently. In this paper, we propose a hybrid access control model (HAC) which leverages attributes and relationships to control access to resources. A new policy specification language is developed to define policies considering the relationships and attributes of users. A path checking algorithm is proposed to figure out whether paths between two users can fit in with the hybrid policy. We develop a prototype system and demonstrate the feasibility of the proposed model.
Online social networks (OSNs) have attracted widespread popularity nowadays. Users can conveniently share personal information with friends via OSNs. More than 300 hours of videos are uploaded to YouTube and nearly 25 million photos are posted to Instagram every minute [
With the development of mobile technologies, plenty of smart devices are connected to the network. These devices may generate a large amount of private information, such as location and health status, and then share the information through OSNs [
(i) More and more privacy information collected through smart mobile devices may be uploaded to online social networks.
(ii) Privacy information collected by smart mobile devices can be used for access control scheme of OSNs.
These features have brought about new challenges for access control schemes of online social networks. For example, Alice is shopping at Bergdorf Goodman in New York. She has recorded a video of the megamall with her Google glasses and published it in OSN to see if any female friends can give her some pieces of advice in choosing cosmetics. Perhaps some of her friends nearby may come to have lunch together. She does not want every friend to know what she is doing now, so friends who do not live in New York will not be granted access to this video. The widely used relationship-based access control methods cannot describe the attribute “location: in New York” and cannot meet Alice’s needs. To provide finer-grained access control over private data generated by wearable devices or m-health, researchers should take attributes such as location, profession, and gender into consideration.
The access control mechanism named
In this paper, we propose a hybrid access control model based on both attribute and relationship. It designs a new language of policy specification to specify policies based on attributes and relationships. Compared with the study of Cheng et al. [
As large amounts of private personal data are created by Web 2.0 applications, Carrie [
To meet these requirements and protect privacy of social network users, researchers have proposed a variety of access control mechanisms for OSNs. These mechanisms are broadly divided into three categories. Methods of the first type leverage relationships between users and resources to constrain the access of privacy information. Some researchers introduce modal and hybrid logic into their access control model of OSNs. Others make use of cryptography to prevent unwanted access.
Most access control schemes made use of various relationships between users and resources to protect sensitive information in OSNs. In [
With the development of semantic web technology, some researchers considered using modal and hybrid logic in their access control schemes of OSNs. Masoumzadeh and Joshi [
Researchers then considered adopting cryptography and other technologies to the access control mechanisms of OSNs. Anwar and Fong [
This section presents the foundation of HAC, including the attributes in OSN, the social graph with attributes, and the model components.
Most of the recent access control schemes for OSN make access control decision based on relationships. By considering the relationships only, data owners cannot make proper access control policies based on location and time. Recent studies have shown that attribute-based access control (ABAC) can provide flexible and fine-grained access control in dynamic distributed systems [
Attributes are categorized into profile attributes and relationship attributes in HAC.
As shown in Figure
A sample social graph.
The researchers use a triple
Figure
Model overview.
Access
In this section, the researchers present policy language, policy specification, and the policy evaluation of HAC.
Policy of HAC is defined by the target user. It constrains the profile and relationship attributes of users along the relationship path. The policy language is defined as follows.
(i)
(ii)
(iii)
(iv)
(v)
Profile attribute of a node is a binary relation on profile attribute name set and profile attribute value set. A profile attribute-based policy rule is composed of a profile attribute name, a relationship specifier, and a profile attribute value as shown below.
(i)
Note that the profile attribute-based policy rule is specified by the data owner. For example, policy rule
A complete attribute-based policy rule is composed of one relationship attribute and several profile attributes as shown below.
(i) [
For example,
Policies are evaluated according to the paths between the access requester and the target user in social graph. The access control policy is composed of an operation and a path sentence. As shown in Table
Grammar for path sentences.
|
|
|
|
|
|
|
|
|
|
|
|
A path sentence consists of several path words that are connected by connectors. Every
Unlike UURAC and
Several examples are given to show how to use hybrid rules to express the access control need in OSNs.
If Jim wants to allow some users to access his photos, those users should share a common friend named “Jack” with him and their occupation must be doctor. He can specify a policy like this:
If Jim wants to show his photos to his friend Jack or his colleagues who are interested in medicine, the policy can be specified as below:
For
For each policy, the last attribute spec restrains the attributes of the access requester.
Profile attributes of the following policy are empty. The policy specifies that coworkers of Jim’s friends can access his profile. Policies like this can capture UURAC policies.
Algorithms of policy evaluation are presented in this section. The algorithms are used to evaluate whether the access requests should be granted. The algorithms have to find a required path between the access requester and the target user according to the social graph. The required path found in the social graph may ensure that the relationships between the access requester and the target user can satisfy the hybrid policy.
(1) (2) (3) (4) (5) (6)
(1) (2) (3) (4) (5)
Similar to [
The variable
The function
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12) (13) (14) (15) (16) (17) (18) (19) (20) (21) (22) (23) (24) (25) (26) (27) (28) (29) (30) (31) (32) (33)
The algorithm will test all paths from
This section presents the implementation of the path checking algorithm. Five sets of experiments are arranged to test the usability and performance of the algorithm. The researchers implement the algorithm in Java and store the social graph and sample access control policies in MySQL databases. All the experiments are conducted on a machine with 4 GB memory and an Intel quad-core CPU at 3.6 GHz which runs the operating system of an Ubuntu 12.04 image.
When selecting datasets in the organization of the experiments, there are two choices as reported in [
In the first experiment, to evaluate the effect of attribute evaluation on performance of the algorithm, the researchers test the time of ADFS to make an access control decision and compare it with the one without attribute support described in [
Before the path checking algorithm is invoked, the relationship attributes should be extracted from the path to form a regular expression by the regular expression transformation procedure. This procedure is also called preprocessing. In order to confirm that the policy language is appropriate to be used in an attribute-based access control model, the researchers should make sure that the preprocessing would not take too much time compared with the ADFS algorithm. So, the time of preprocessing is evaluated in the second experiment where the parameters are set to be the same as those in the first experiment.
In the near future, OSNs may support more than one type of relationship. To evaluate if HAC can meet the access control needs of multiple types of relationships in OSNs, in the third experiment, the researchers discuss the variety of time with the increase of the relationship attribute types. The number of relationship attribute types varies from 1 to 8. Other parameters are the same as in the first experiment.
To evaluate how the scale of OSN will impact the performance of the algorithm, in the fourth experiment, the researchers test the variety of time with the number of nodes in the social graph. The number of nodes is set to be 1000, 2000, 5000, and 20000, respectively. The rest of the parameters are the same as in the first experiment.
To evaluate how he density of OSN will impact the performance of the algorithm, in the last experiment, the researchers examine the variety of time with the number of neighbors. The number of neighbors is set to be 100, 174, 200, and 500, respectively. The social graph becomes denser as the number grows. Other parameters are kept consistent with the first experiment.
DFS and ADFS algorithms are compared in the first experiment. The researchers consider four policies with different numbers of relationship attributes (hopcount) which varied from 1 to 4. Figure
Time of path checking.
True case
False case
Figure
Time of preprocessing.
The result of the third experiment is shown in Figure
Time of path checking versus types (hopcount = 4).
True case
False case
Figure
Time of path checking versus number of nodes (hopcount = 4).
True case
False case
The result of the last experiment is presented in Figure
Time of path checking versus degree (hopcount = 4).
True case
False case
This section discusses several related works of relationship-based access control schemes and compares HAC with [
Comparison.
Fong et al. [ | UURAC [ | | HAC | |
---|---|---|---|---|
Multiple Relationship Types | √ | √ | √ | |
User Profile Attributes | √ | √ | ||
Specific User Attribute | √ | |||
User-user Relationship | √ | √ | √ | √ |
Directional Relationship | √ | √ | √ | |
Relationship Depth | √ | √ | √ | √ |
Policy Individualization | √ | √ | √ | √ |
Attribute Composition | none | none | attributes of user set | attributes of exact user |
Relationship Description | ff | path pattern of different types | path pattern of different types | exact type sequence |
The first column of Table
The scheme in [
This work is similar to [
This research proposes an attribute and relationship-based hybrid access control model HAC for OSNs based on two aspects, including policy language and path checking. The policy language contributes to the literature on ReBAC by allowing users to specify spatial, temporal, and historical based policies with better expressiveness and flexibility. This research also presents several attribute and relationship-based hybrid policies and formally expresses them in the proposed policy language. Path checking algorithm enables users to figure out whether an access request can be satisfied. A prototype is implemented, and several experiments are evaluated to validate the feasibility of the scheme. HAC is advantageous compared with existing OSN access control models in terms of the expressiveness ability of policy language and the evaluation algorithm of access request.
In the future, researchers plan to improve the hybrid policy language to gain better expressiveness ability and support for more relationship types including one-to-many relationship and temporary relationship.
The authors declare that there are no conflicts of interest regarding the publication of this paper.
The research activities described in this paper have been conducted within the Research Project “the National Key Research and Development Program of China (2016YFB0801001)” and “General Program of National Natural Science Foundation of China (61672515)”.