Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2010.17C.1.015

An Access Control Method Based on a Synthesized Metric from Trust and Risk Factors for Online Social Networks  

Seo, Yang-Jin (중앙대학교 컴퓨터공학부)
Han, Sang-Yong (중앙대학교 컴퓨터공학과)
Publication Information
The KIPS Transactions:PartC / v.17C, no.1, 2010 , pp. 15-26 More about this Journal
Abstract
Social Networks such as 'Facebook' and 'Myspace' are regarded as useful tools for people to share interests and maintain or expand relationships with other people. However, they pose the risk that personal information can be exposed to other people without explicit permission from the information owner. Therefore, we need a solution for this problem. Although existing social network sites allow users to specify the exposing range or users who can access their personal information, this cannot be a practical solution because the information can still be revealed to third parties through the permitted users albeit unintentionally. Usually, people allow the access of unknown person to personal data in online social networks and this implies the possibility of information leakage. We could use an access control method based on trust value, but this has the limitation that it cannot reflect the quantitative risk of information leakage. As a solution to this problem, this paper proposes an access control method based on a synthesized metric from trust and risk factors. Our various experiments show that the risk of information leakage can play an important role in the access control of online social networks.
Keywords
Access Control; Personal Information Protection; Online Social Networks; Quantitative Model; Trust; Risk;
Citations & Related Records
연도 인용수 순위
  • Reference
1 B. Carminati, E. Ferrari and A. Perego, "Rule-based Access Control for Social Networks", OTM Workshops, LNCS 4278, pp.1734-1744, 2006.
2 Amin Tootoonchian, Kiran K. Gollu, Stefan Saroiu, Yashar Ganjali, and Alec Wolman, "Lockr: Social Access Control for Web 2.0," First ACM SIGCOMM Workshop on Online Social Networks (WOSN), Seattle, WA, August, 2008.
3 L. Mui, M. Mohtashemi, and A. Halberstadt, "A Computational Model of Trust and Reputation", Proceedings of the 35th Hawaii International Conferences on System Sciences, Big Island, HI, USA, pp.188-196, January, 2002.
4 P. C. Cheng, P. Rohatgi, C. Keser, P. A. Karger, G. M. Wagner, and A. S. Reninger, "Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control," Technical report, IBM Research Report RC24190, 2007.
5 C. Ziegler and George Lausen, "Propagation Models for Trust and Distrust in Social Networks", Information Systems Frontiers, Vol.7 No.4-5, pp.337-358, December, 2005.   DOI
6 Jianming He, Wesley W. Chu and Zhenyu (Victor) Liu, "Inferring Privacy Information from Social Networks," Lecture Notes in Computer Science, Volume 3975, pp.154-165, 2006.   DOI   ScienceOn
7 Wanhong Xu, Xi Zhou, Lei Li, "Inferring privacy information via social relations," IEEE 24th International Conference on Data Engineering Workshop(ICDEW 2008), 525-530, 7-12 April, 2008.
8 David Rosenblum, "What Anyone Can Know: The Privacy Risks of Social Networking Sites," IEEE Security and Privacy, Vol.5 No.3, pp.40-49, May, 2007.   DOI   ScienceOn
9 Sebastian Ryszard Kruk , Sławomir Grzonkowskil, Adam Gzellal, Tomasz Woronieckil, and Hee-Chul Choi, "DFOAF: Distributed Identity Management with Access Rights Delegation," LNCS 4186, pp.140-154, 2006.
10 A. Sabelfeld and A. C. Myers, "Language-Based Information -Flow Security," IEEE Journal on Selected Areas in Communications, 21, pp.5-19, 2003.   DOI   ScienceOn
11 K. K. Bharadwaj, M. Y. H. Al-Shamri, "Fuzzy Computational Models for Trust and Reputation Systems", Electronic Commerce Research and Applications, Volume 8, Issue 1, pp.37-47, January, 2009.   DOI   ScienceOn
12 L. Page, S. Brin, R. Motwani, T. Winograd, "The Pagerank Citation ranking: Bringing Order to the Web", Technical Report, Stanford Digital Library Technologies Project, 1998.
13 E. Adar and C. Re, "Managing uncertainty in social networks," IEEE Data Engineering Bulletin, 30 (2), pp.15-22, 2007.
14 Stefan Weiss, "Online Social Networks and the Need for New Privacy Research in Information and Communication Technology," Third International Summer School organized by IFIP WG 9.2, 9.6/117, 11.6, 6th-10th August, 2007, Sweden.
15 Ralph Gross, Alessandro Acquisti, H. John Heinz III, "Information revelation and privacy in online social networks," Proceedings of the 2005 ACM workshop on Privacy in the electronic society, November, 07-07, 2005, Alexandria, VA, USA
16 J. Golbeck and J. Hendler, "Accuracy of Metrics for Inferring Trust and Reputation in Semantic Web-based Social Networks," Proceedings of the EKAW 2004, 2004.
17 Carrie Gates, "Access Control Requirements for Web 2.0 Security and Privacy," W2SP 2007 (Web 2.0 Security & Privacy 2007).
18 Michael Hart, Rob Johnson, and Amanda Stent, "More Content-Less Control: Access Control in the Web 2.0," W2SP 2007 (Web 2.0 Security & Privacy 2007).
19 A. Josang, R. Ismail, C. Boyd, "A Survey of Trust and Reputation Systems for Online Service Provision," Decision Support System, 2006.
20 D. Gambetta, "Can we trust trust?," In: D. Gambetta (ed.) Trust: Making and Breaking Cooperative Relations, pp.213-237, Oxford, 2000.
21 P. Resnick and R. Zeckhauser, "Trust among strangers in internet transactions: Empirical analysis of eBay's reputation system," Technical report, University of Michigan, 2001.
22 P. Resnick, R. Zeckhauser, J. Swanson and K. Lockwood, "The value of reputation on eBay: a controlled experiment," Working Paper, 2002.
23 Amy N. Langville and Carl D. Meyer, "Google's PageRank and Beyond: The Science of Search Engine Rankings", Princeton University Press, July, 3, 2006.
24 J. Golbeck, "Computing and Applying Trust in Web-Based Social Networks," Ph.D. Dissertation, University of Maryland, College Park, 2005.