The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

An Access Control Method Based on a Synthesized Metric from Trust and Risk Factors for Online Social Networks

신뢰도와 위험도로부터 합성된 지표에 기반을 둔 온라인 소셜 네트워크를 위한 접근 제어 방법

  • 서양진 (중앙대학교 컴퓨터공학부) ;
  • 한상용 (중앙대학교 컴퓨터공학과)
  • Published : 2010.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Social Networks such as 'Facebook' and 'Myspace' are regarded as useful tools for people to share interests and maintain or expand relationships with other people. However, they pose the risk that personal information can be exposed to other people without explicit permission from the information owner. Therefore, we need a solution for this problem. Although existing social network sites allow users to specify the exposing range or users who can access their personal information, this cannot be a practical solution because the information can still be revealed to third parties through the permitted users albeit unintentionally. Usually, people allow the access of unknown person to personal data in online social networks and this implies the possibility of information leakage. We could use an access control method based on trust value, but this has the limitation that it cannot reflect the quantitative risk of information leakage. As a solution to this problem, this paper proposes an access control method based on a synthesized metric from trust and risk factors. Our various experiments show that the risk of information leakage can play an important role in the access control of online social networks.

'페이스북'이나 '마이스페이스'같은 소셜 네트워크는 사람들끼리 관심사를 공유하거나 인간관계를 유지 확장할 수 있는 유용한 도구로 인식되고 있다. 그러나 한편으로 소셜 네트워크를 통해 개인정보가 유출될 위험이 있으므로 이를 해결할 수 있는 방안이 필요하다. 기존 소셜 네트워크 사이트들이 접근 제어 방식을 통해 사용자 스스로 자신의 정보를 보호토록 하고 있으나 접근을 허용한 사람을 통해 제삼자로의 정보 유출이 가능하다는 점에서 효과적인 해결책이 되지 못한다. 온라인 소셜 네트워크의 특성 상 자신이 잘 알지 못하는 사람에게 정보 접근을 허용하는 경우가 자주 발생하는 데 여기에는 정보 유출의 가능성이 내포되어 있다. 이러한 문제에 대한 해결책으로 타인에 대한 신뢰도에 기반을 둔 접근제어 방법이 사용될 수 있으나 이러한 방식 또한 정보 유출의 객관적 위험성을 반영하지 못한다는 한계를 가진다. 이에 본 논문은 이러한 문제에 대한 해결책으로 신뢰도와 정보 유출 위험도를 합성한 지표를 기반으로 접근 제어를 수행하는 방법을 제안하였으며, 다양한 실험을 통해 정보 유출 위험도가 온라인 소셜 네트워크에서의 접근 제어에서 중요한 역할을 할 수 있음을 보였다.

Keywords

References

  1. E. Adar and C. Re, "Managing uncertainty in social networks," IEEE Data Engineering Bulletin, 30 (2), pp.15-22, 2007.
  2. Stefan Weiss, "Online Social Networks and the Need for New Privacy Research in Information and Communication Technology," Third International Summer School organized by IFIP WG 9.2, 9.6/117, 11.6, 6th-10th August, 2007, Sweden.
  3. Ralph Gross, Alessandro Acquisti, H. John Heinz III, "Information revelation and privacy in online social networks," Proceedings of the 2005 ACM workshop on Privacy in the electronic society, November, 07-07, 2005, Alexandria, VA, USA
  4. Jianming He, Wesley W. Chu and Zhenyu (Victor) Liu, "Inferring Privacy Information from Social Networks," Lecture Notes in Computer Science, Volume 3975, pp.154-165, 2006. https://doi.org/10.1007/11760146_14
  5. Wanhong Xu, Xi Zhou, Lei Li, "Inferring privacy information via social relations," IEEE 24th International Conference on Data Engineering Workshop(ICDEW 2008), 525-530, 7-12 April, 2008.
  6. David Rosenblum, "What Anyone Can Know: The Privacy Risks of Social Networking Sites," IEEE Security and Privacy, Vol.5 No.3, pp.40-49, May, 2007. https://doi.org/10.1109/MSP.2007.48
  7. B. Carminati, E. Ferrari and A. Perego, "Rule-based Access Control for Social Networks", OTM Workshops, LNCS 4278, pp.1734-1744, 2006.
  8. Sebastian Ryszard Kruk , Sławomir Grzonkowskil, Adam Gzellal, Tomasz Woronieckil, and Hee-Chul Choi, "DFOAF: Distributed Identity Management with Access Rights Delegation," LNCS 4186, pp.140-154, 2006.
  9. A. Sabelfeld and A. C. Myers, "Language-Based Information -Flow Security," IEEE Journal on Selected Areas in Communications, 21, pp.5-19, 2003. https://doi.org/10.1109/JSAC.2002.806121
  10. Carrie Gates, "Access Control Requirements for Web 2.0 Security and Privacy," W2SP 2007 (Web 2.0 Security & Privacy 2007).
  11. Michael Hart, Rob Johnson, and Amanda Stent, "More Content-Less Control: Access Control in the Web 2.0," W2SP 2007 (Web 2.0 Security & Privacy 2007).
  12. Amin Tootoonchian, Kiran K. Gollu, Stefan Saroiu, Yashar Ganjali, and Alec Wolman, "Lockr: Social Access Control for Web 2.0," First ACM SIGCOMM Workshop on Online Social Networks (WOSN), Seattle, WA, August, 2008.
  13. A. Josang, R. Ismail, C. Boyd, "A Survey of Trust and Reputation Systems for Online Service Provision," Decision Support System, 2006.
  14. J. Golbeck and J. Hendler, "Accuracy of Metrics for Inferring Trust and Reputation in Semantic Web-based Social Networks," Proceedings of the EKAW 2004, 2004.
  15. D. Gambetta, "Can we trust trust?," In: D. Gambetta (ed.) Trust: Making and Breaking Cooperative Relations, pp.213-237, Oxford, 2000.
  16. P. Resnick and R. Zeckhauser, "Trust among strangers in internet transactions: Empirical analysis of eBay's reputation system," Technical report, University of Michigan, 2001.
  17. P. Resnick, R. Zeckhauser, J. Swanson and K. Lockwood, "The value of reputation on eBay: a controlled experiment," Working Paper, 2002.
  18. Amy N. Langville and Carl D. Meyer, "Google's PageRank and Beyond: The Science of Search Engine Rankings", Princeton University Press, July, 3, 2006.
  19. P. C. Cheng, P. Rohatgi, C. Keser, P. A. Karger, G. M. Wagner, and A. S. Reninger, "Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control," Technical report, IBM Research Report RC24190, 2007.
  20. C. Ziegler and George Lausen, "Propagation Models for Trust and Distrust in Social Networks", Information Systems Frontiers, Vol.7 No.4-5, pp.337-358, December, 2005. https://doi.org/10.1007/s10796-005-4807-3
  21. L. Mui, M. Mohtashemi, and A. Halberstadt, "A Computational Model of Trust and Reputation", Proceedings of the 35th Hawaii International Conferences on System Sciences, Big Island, HI, USA, pp.188-196, January, 2002.
  22. K. K. Bharadwaj, M. Y. H. Al-Shamri, "Fuzzy Computational Models for Trust and Reputation Systems", Electronic Commerce Research and Applications, Volume 8, Issue 1, pp.37-47, January, 2009. https://doi.org/10.1016/j.elerap.2008.08.001
  23. L. Page, S. Brin, R. Motwani, T. Winograd, "The Pagerank Citation ranking: Bringing Order to the Web", Technical Report, Stanford Digital Library Technologies Project, 1998.
  24. J. Golbeck, "Computing and Applying Trust in Web-Based Social Networks," Ph.D. Dissertation, University of Maryland, College Park, 2005.