Considering the popularity and wide adoption of social network systems and the competitive edge these systems provide, there has been a rapid growth in use of these systems to access, store, and exchange personal attribute information in distributed and/or federated environments and this trend is expected to continue. Efficient, secure, and user-centric techniques are important for the successful deployment of such systems. Our goal in this project is to develop a comprehensive and compelling framework SNGuard (Social Network Guard) that satisfies diverse privacy properties, access control issues, identity management requirements, and usage patterns. The vision of dynamic social networks is a complex and highly sophisticated one that requiring ongoing research and analysis to continue concurrent with the changing role and face of digital information creation and usage including personal information and contents in social networks. The principal intellectual products resulting from this project will be the development of novel frameworks to facilitate user-centered privacy management, content management and risk-aware access control, thereby making SNGuard solutions more trustworthy, more reliable, and less vulnerable. This research effort will have broad societal impact by providing a key mechanism to enable new business and community models for the sharing of personal attributes including identity information to safely, easily, and quickly establish social networking environments in cyberspace. In addition to these potential benefits, other anticipated, broad-based benefits to be facilitated by this research include significant influence to K-12 education, international collaboration, and industrial and government partners.
In this project, we have developed three security models that progressively enhance security and privacy in online social networking systems. We first developed an activity control (ACON) model that clearly identifies unique fundamental characteristics that must be addressed to allow users' and system's controls on own, other users' or systems activities on related resources or users. Based on the characteristics identified in ACON model, we have developed user-to-user relationship based access control model for online social networking systems. Then we further developed an access control model that can incorporate user-to-resource and resource-to-resource relationships. The followings are brief discussion for these three models. 1. Activity Control With increasing amount of sensitive user data stored in social computing systems (SCSs) and lack of consensus on how it should be protected under meaningful control by the average user, security and privacy has become a pressing problem that must be addressed. We proposed the concept of user and SCS activity as a natural aspect of social computing which influences access control in a manner distinct to SCSs. We developed an activity-centric access control or Activity CONtrol (ACON) framework for social computing to facilitate both privacy setting from user side and administration from SCS side. We further propose an ACON-user model for user activity control and session management. The developed model identified various user and system activities that need to be controlled. It further identified several essential characteristics such as policy individualization, separation of user and resource policies, user-session distinctions, etc. The developed model provides a foundation for later developed social relationship based access control models for online social networking systems. 2. User-to-User Relationship based Access Control and Beyone Online social networks (OSNs) commonly utilize very limited user relationships to constrain information sharing. For example, users can choose only friends or friends-of-friends for sharing their information. Users and resources in online social networks are interconnected via various types of relationships. In particular, user-to- user relationships form the basis of the OSN structure, and play a significant role in specifying and enforcing access control. Individual users and the OSN provider should be allowed to specify which access can be granted in terms of existing relationships. In this project we developed a framework that can facilitate highly expressive but efficient policy specifications which can utilize not only user-to-user relationships but also user-to-resource relationships as a control element. The existing solutions utilize an explicitly specified, exact path of user relationships. Our solution can facilitate an arbitrary length of a user-to-user, user-to-resource and resource-to-resource relationship path which allows highly expressive and efficient policy specifications. We further developed access evaluation algorithms including a social graph tracing algorithm. Our solution facilitates multiple relationship types in a single relationship graph. The developed framework is highly adaptive in that it can facilitate variety of relationship path patterns using multiple relationship types between user-to-user, user-to-resource, and resource-to-resource relationships which then can be used to control information sharing in any computing systems that utilize relationship-based access controls. While the main application domain in largely online social networking environments, the developed model does not limit its applications and can fit any computing systems that need to control information flows based on relationships of participating entities. For existing social networking systems, our solution can enhance users’ control capabilities and can provide finer-grained access control on their own resources and activities as well as other related users’ resources and activities.
