research-article

Enhanced Audit Strategies for Collaborative and Accountable Data Sharing in Social Networks

Authors:

Barbara Carminati,

Andrea BiancoAuthors Info & Claims

ACM Transactions on Internet Technology (TOIT), Volume 18, Issue 4

Article No.: 44, Pages 1 - 19

https://doi.org/10.1145/3134439

Published: 24 April 2018 Publication History

Abstract

Data sharing and access control management is one of the issues still hindering the development of decentralized online social networks (DOSNs), which are now gaining more research attention with the recent developments in P2P computing, such as the secure public ledger–based protocols (Blockchains) for monetary systems. In a previous work, we proposed an initial audit–based model for access control in DOSNs. In this article, we focus on enhancing the audit strategies and the privacy issues emerging from records kept for audit purposes. We propose enhanced audit and collaboration strategies, for which experimental results, on a real online social network graph with simulated sharing behavior, show an improvement in the detection rate of bad behavior of more than 50% compared to the basic model. We also provide an analysis of the related privacy issues and discuss possible privacy-preserving alternatives.

References

[1]

Davide Alberto Albertini and Barbara Carminati. 2014. Relationship-based information sharing in cloud-based decentralized social networks. In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy. ACM, New York, NY, 297--304.

Digital Library

[2]

Leila Bahri, Barbara Carminati, and Elena Ferrari. 2015. CARDS—collaborative audit and report data sharing for a-posteriori access control in DOSNs. In Proceedings of the 2015 IEEE 1st International Conference on Collaborative and Internet Computing (CIC’15). IEEE, Los Alamitos, CA.

Digital Library

[3]

Oleksandr Bodriagov, Gunnar Kreitz, and Sonja Buchegger. 2014. Access control in decentralized online social networks: Applying a policy-hiding cryptographic scheme and evaluating its performance. In Proceedings of the 2014 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops’14). IEEE, Los Alamitos, CA, 622--628.

[4]

Alexandra Boldyreva, Nathan Chenette, and Adam O'Neill. 2011. Order-preserving encryption revisited: Improved security analysis and alternative solutions. In Proceedings of the Annual Cryptology Conference. 578--595.

Digital Library

[5]

Sonja Buchegger, Doris Schiöberg, Le-Hung Vu, and Anwitaman Datta. 2009. PeerSoN: P2P social networking: Early experiences and insights. In Proceedings of the 2nd ACM EuroSys Workshop on Social Network Systems. ACM, New York, NY, 46--52.

Digital Library

[6]

Barbara Carminati, Elena Ferrari, and Andrea Perego. 2009. Enforcing access control in Web-based social networks. ACM Transactions on Information and System Security 13, 1, 6.

Digital Library

[7]

Barbara Carminati, Elena Ferrari, and Tran Hong Ngoc. 2013. SmartPay: A lightweight protocol to enforce trust preferences in mobile person-to-person payments. ASE Science Journal 2, 3, 1--13.

[8]

Shihabur Rahman Chowdhury, Arup Raton Roy, Maheen Shaikh, and Khuzaima Daudjee. 2015. A taxonomy of decentralized online social networks. Peer-to-Peer Networking and Applications 8, 3, 367--383.

[9]

James Clause and Alessandro Orso. 2011. Camouflage: Automated anonymization of field data. In Proceedings of the 33rd International Conference on Software Engineering. ACM, New York, NY, 21--30.

Digital Library

[10]

Leucio Antonio Cutillo, Refik Molva, and Melek Önen. 2011. Safebook: A distributed privacy preserving online social network. In Proceedings of the 2011 IEEE International Symposium on a World of Wireless, Mobile, and Multimedia Networks (WoWMoM’11). IEEE, Los Alamitos, CA, 1--3.

Digital Library

[11]

Leucio Antonio Cutillo, Refik Molva, and Thorsten Strufe. 2009. Safebook: A privacy-preserving online social network leveraging on real-life trust. IEEE Communications Magazine 47, 12, 94--101.

Digital Library

[12]

Stan Damen, Jerry den Hartog, and Nicola Zannone. 2014. CollAC: Collaborative access control. In Proceedings of the 2014 International Conference on Collaboration Technologies and Systems (CTS’14). IEEE, Los Alamitos, CA.

[13]

M. A. C. Dekker and S. Etalle. 2007. Audit-based access control for electronic health records. Electronic Notes in Theoretical Computer Science 168, 221--236.

Digital Library

[14]

Josep Domingo-Ferrer. 2007. A public-key protocol for social networks with private relationships. In Proceedings of the International Conference on Modeling Decisions for Artificial Intelligence. 373--379.

Digital Library

[15]

Sandro Etalle and William H. Winsborough. 2007. A posteriori compliance control. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. ACM, New York, NY, 11--20.

Digital Library

[16]

Antonino Famulari and Artur Hecker. 2013. Mantle: A novel DOSN leveraging free storage and local software. In Advanced Infocomm Technology. Springer, 213--224.

[17]

Elena Ferrari. 2010. Access Control in Data Management Systems. Morgan & Claypool.

Digital Library

[18]

Chung-Wei Hang, Yonghong Wang, and Munindar P. Singh. 2008. An adaptive probabilistic trust model and its evaluation. In Proceedings of the 7th International Joint Conference on Autonomous Agents and Multiagent Systems, Volume 3. 1485--1488.

Digital Library

[19]

Sonia Jahid, Shirin Nilizadeh, Prateek Mittal, Nikita Borisov, and Apu Kapadia. 2012. DECENT: A decentralized architecture for enforcing privacy in online social networks. In Proceedings of the 2012 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops’12). IEEE, Los Alamitos, CA, 326--332.

[20]

Audun Jøsang. 2013. Subjective Logic. Technical Report. University of Oslo.

[21]

Audun Jøsang, Ross Hayward, and Simon Pope. 2006. Trust network analysis with subjective logic. In Proceedings of the 29th Australasian Computer Science Conference, Volume 48. 85--94.

Digital Library

[22]

Sepandar D. Kamvar, Mario T. Schlosser, and Hector Garcia-Molina. 2003. The Eigentrust algorithm for reputation management in P2P networks. In Proceedings of the 12th International Conference on World Wide Web. ACM, New York, NY, 640--651.

Digital Library

[23]

Guanfeng Liu, Yan Wang, and Mehmet A. Orgun. 2011b. Trust transitivity in complex social networks. In Proceedings of the 25th AAAI Conference on Artificial Intelligence. 1222--1229.

Digital Library

[24]

Yining Liu, Keqiu Li, Yingwei Jin, Yong Zhang, and Wenyu Qu. 2011a. A novel reputation computation model based on subjective logic for mobile ad hoc networks. Future Generation Computer Systems 27, 5, 547--554.

Digital Library

[25]

Tahir Maqsood, Osman Khalid, Rizwana Irfan, Sajjad A. Madani, and Samee U. Khan. 2016. Scalability issues in online social networks. ACM Computing Surveys 49, 2, 40.

Digital Library

[26]

Htoo Aung Maw, Hannan Xiao, Bruce Christianson, and James A. Malcolm. 2016. BTG-AC: Break-the-glass access control model for medical data in wireless sensor networks. IEEE Journal of Biomedical and Health Informatics 20, 3, 763--774.

[27]

Satoshi Nakamoto. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. Retrieved March 14, 2018, from https://bitcoin.org/bitcoin.pdf.

[28]

Keshnee Padayachee and Jan H. P. Eloff. 2009. Adapting usage control as a deterrent to address the inadequacies of access controls. Computers and Security 28, 7, 536--544.

Digital Library

[29]

Moses L. Pava. 2013. Auditing: Accounting. Retrieved March 14, 2018, from http://www.britannica.com/EBchecked/topic/42575/auditing.

[30]

Siani Pearson and Marco Casassa Mont. 2011. Sticky policies: An approach for managing privacy across multiple parties. Computer 44. 9, 60--68.

Digital Library

[31]

Raluca Ada Popa, Frank H. Li, and Nickolai Zeldovich. 2013. An ideal-security protocol for order-preserving encoding. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP’13). IEEE, Los Alamitos, CA, 463--477.

Digital Library

[32]

Siraj Raval. 2016. Decentralized Applications: Harnessing Bitcoin’s Blockchain Technology. O’Reilly Media.

Digital Library

[33]

Cliff Saran. 2014. Tim Berners-Lee: Data Sharing Needs Accountability. Retrieved March 14, 2018, from http://www.computerweekly.com/news/2240232292/Tim-Berners-Lee-Data-sharing-needs-accountability.

[34]

Li Shu and William Weinstein. 2007. Camouflage of network traffic to resist attack. US Patent 7,171,493.

[35]

Antonino Simone, Boris Škorić, and Nicola Zannone. 2012. Flow-based reputation: More than just ranking. International Journal of Information Technology and Decision Making 11, 03, 551--578.

[36]

Boris Škorić, Sebastiaan J. A. de Hoogh, and Nicola Zannone. 2016. Flow-based reputation with uncertainty: Evidence-based subjective logic. International Journal of Information Security 15, 4, 381--402.

Digital Library

[37]

Yonghong Wang, Chung-Wei Hang, and Munindar P. Singh. 2011. A probabilistic approach for maintaining trust based on evidence. Journal of Artificial Intelligence Research 40, 1, 221--267.

Digital Library

[38]

Daniel J. Weitzner, Harold Abelson, Tim Berners-Lee, Joan Feigenbaum, James Hendler, and Gerald Jay Sussman. 2008. Information accountability. Communications of the ACM 51, 6, 82--87.

Digital Library

[39]

Diana Wildschut. 2017. The need for citizen science in the transition to a sustainable peer-to-peer-society. Futures 91, 46--52.

Cited By

Valencia-Payan CGrass-Ram韗ez JRamirez-Gonzalez GCarlos Corrales J(2023)Smart Contract to Traceability of Food Social SellingComputers, Materials & Continua10.32604/cmc.2023.03155474:3(4703-4728)Online publication date: 2023
https://doi.org/10.32604/cmc.2023.031554
Abid SDaud I(2021)Automated and Dynamic Access Control Management in OSN2021 International Conference on Innovative Computing (ICIC)10.1109/ICIC53490.2021.9693032(1-6)Online publication date: 9-Nov-2021
https://doi.org/10.1109/ICIC53490.2021.9693032
Baroglio CBoissier OPolleres A(2018)Special IssueACM Transactions on Internet Technology10.1145/319583518:4(1-4)Online publication date: 24-Apr-2018
https://dl.acm.org/doi/10.1145/3195835

Index Terms

Recommendations

A Rewarding Model for the next generation Social Media
GoodTechs '20: Proceedings of the 6th EAI International Conference on Smart Objects and Technologies for Social Good

Decentralization techniques have been radically changed during the last few years thanks to new decentralized technologies, such as the blockchain. Blockchain-based Online Social Media (BOSMs) have been proposed as the future of Social Media where users ...
Towards accountable and privacy-preserving blockchain-based access control for data sharing
Abstract
The integration of blockchain technology with Access Control (AC) systems presents novel opportunities for enhancing data security within decentralized architectures, which is drawing increasing attention in Data Sharing (DS) applications. ...
Dapping into the Fediverse: Analyzing What’s Trending on Mastodon Social
Social, Cultural, and Behavioral Modeling
Abstract
Social media has changed the way we consume information daily. Most social media sites are centralized, meaning they are owned by a single entity, e.g., Facebook, Twitter, and YouTube. However, recently other forms of social media sites known as ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet Technology

ACM Transactions on Internet Technology Volume 18, Issue 4

Special Issue on Computational Ethics and Accountability, Special Issue on Economics of Security and Privacy and Regular Papers

November 2018

348 pages

ISSN:1533-5399

EISSN:1557-6051

DOI:10.1145/3210373

Editor:
Munindar P. Singh
Department of Computer Science, North Carolina State University

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Accepted: 01 August 2018

Published: 24 April 2018

Revised: 01 August 2017

Received: 01 January 2017

Published in TOIT Volume 18, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
415
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)2

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Valencia-Payan CGrass-Ram韗ez JRamirez-Gonzalez GCarlos Corrales J(2023)Smart Contract to Traceability of Food Social SellingComputers, Materials & Continua10.32604/cmc.2023.03155474:3(4703-4728)Online publication date: 2023
https://doi.org/10.32604/cmc.2023.031554
Abid SDaud I(2021)Automated and Dynamic Access Control Management in OSN2021 International Conference on Innovative Computing (ICIC)10.1109/ICIC53490.2021.9693032(1-6)Online publication date: 9-Nov-2021
https://doi.org/10.1109/ICIC53490.2021.9693032
Baroglio CBoissier OPolleres A(2018)Special IssueACM Transactions on Internet Technology10.1145/319583518:4(1-4)Online publication date: 24-Apr-2018
https://dl.acm.org/doi/10.1145/3195835

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents