A Collaborative Access Control Framework for Online Social Networks

Licentiatavhandling, 2019

Online social networks (OSNs) are one of the most popular web-based services for people to communicate and share information with each other. With all their benefits, OSNs might raise serious problems in what concerns users' privacy. One privacy risk is caused by accessing and sharing co-owned data items, i.e., when a user posts a data item that involves other users, some users' privacy may be disclosed, since users generally have different privacy preferences regarding who can access and share their data. Another risk is caused by the privacy settings offered by OSNs that do not, in general, allow fine-grained enforcement, especially in cases where posted data items concern other users. We discuss and give examples of these issues, in order to illustrate their impacts on current OSNs' privacy protection mechanisms. We propose a collaborative access control framework to deal with such privacy issues. Basically, in our framework, the decision whether a user can access or share a co-owned data item is based on the aggregated opinion of all users involved. Our solution is based on the sensitivity level of users with respect to the concerned data item, the trust among users, the types of controllers (those who are concerned in making the collaborative decision) and the types of accessors (those who are identified to access a given data item or not). In order to observe how varying some of the parameters mentioned above influence the outcome of the permitting/denying decision of the proposed solution, we provide an evaluation of our framework. We also present a proof-of-concept implementation of our approach in the open source OSN Diaspora.