[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2245276.2232007acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

A visualization tool for evaluating access control policies in facebook-style social network systems

Published: 26 March 2012 Publication History

Abstract

Understanding the privacy implication of adopting a certain privacy setting is a complex task for the users of social network systems. Users need tool support to articulate potential access scenarios and perform policy analysis. Such a need is particularly acute for Facebook-style Social Network Systems (FSNSs), in which semantically rich topology-based policies are used for access control. In this work, we develop a prototypical tool for Reflective Policy Assessment (RPA) --- a process in which a user examines her profile from the viewpoint of another user in her extended neighbourhood in the social graph. We verify the utility and usability of our tool in a within-subject user study.

References

[1]
Mohd Anwar, Philip W. L. Fong, Xue-Dong Yang, and Howard Hamilton. Visualizing privacy implications of access control policies in social network systems. In Proceedings of the 4th International Workshop on Data Privacy Management (DPM'09), volume 5939 of LNCS, pages 106--120, Saint Malo, France, September 2010.
[2]
Mohd Anwar, Zhen Zhao, and Philip W. L. Fong. An access control model for Facebook-style social network systems. Technical Report 2010-959-08, Department of Computer Science, University of Calgary, Canada, 2010. Submitted for review.
[3]
Barbara Carminati, Elena Ferrari, and Andrea Perego. Enforcing access control in web-based social networks. ACM Transactions on Information and System Security, 13(1), October 2009.
[4]
D. Chakrabarti, C. Faloutsos, and Y. Zhan. Visualization of large networks with min-cut plots, A-plots and R-MAT. International Journal of Human-Computer Studies, 65(5): 434--445, 2007.
[5]
C. Dwyer, S. R. Hiltz, M. S. Poole, J. Gussner, F. Hennig, Osswald Sebastian, Sandrea Schliebelerger, and B. Warth. Developing reliable measures of privacy management within social networking sites. In Proceedings of the 43rd Hawaii International Conference on System Sciences (HICSS), pages 1--10. IEEE Computer Society, 2010.
[6]
M. Faloutsos, P. Faloutsos, and C. Faloutsos. On power-law relationships of the internet topology. ACM SIGCOMM Computer Communication Review, 29(4): 251--262, 1999.
[7]
Philip W. L. Fong. Preventing Sybil attacks by privilege attenuation: A design principle for social network systems. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (S&P'11), pages 263--278, Oakland, California, USA, May 2011.
[8]
Philip W. L. Fong. Relationship-based access control: Protection model and policy language. In Proceedings of the First ACM Conference on Data and Application Security and Privacy (CODASPY'11), pages 191--202, San Antonio, TX, USA, February 2011.
[9]
Philip W. L. Fong, Mohd Anwar, and Zhen Zhao. A privacy preservation model for Facebook-style social network systems. In Proceedings of the 14th European Symposium on Research In Computer Security (ESORICS'09), volume 5789 of LNCS, pages 303--320, Saint Malo, France, September 2009.
[10]
Philip W. L. Fong and Ida Siahaan. Relationship-based access control policies and their policy languages. In Proceedings of the 16th ACM Symposium on Access Control Models and Technologies (SACMAT'11), pages 51--60, Innsbruck, Austria, June 2011.
[11]
Linton C Freeman. Visualizing social networks. Journal of Social Structure, 1(1): 151--161, 2000.
[12]
E. Goffman. The Presentation of Self in Everyday Life. Anchor, New York, NY, USA, 1959.
[13]
Mikhail I. Gofman, Ruiqi Luo, Ayla C. Solomon, Yingbin Zhang, Ping Yang, and Scott D. Stoller. Rbac-pat: A policy analysis tool for role based access control. In TACAS '09: Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pages 46--49. Springer-Verlag, 2009.
[14]
Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman. Protection in operating systems. Communications of the ACM, 19(8): 461--471, 1976.
[15]
J. Heer and D. Boyd. Vizster: visualizing online social networks. In IEEE Symposium on Information Visualization 2005 (INFOVIS 2005), pages 33--40. IEEE, 2005.
[16]
Alexander Heitzmann, Bernardo Palazzi, Charalampos Papamanthou, and Roberto Tamassia. Effective visualization of file system access-control. In Proceedings of International Workshop on Visualization for Cyber Security (VizSec), pages 18--25. Springer, 2008.
[17]
Vladimir Kolovski, James Hendler, and Bijan Parsia. Analyzing web access control policies. In Proceedings of the 16th international conference on World Wide Web - WWW '07, pages 677--686. ACM Press, 2007.
[18]
Ninghui Li and Mahesh V. Tripunitara. Security analysis in role-based access control. ACM Transactions on Information and System Security, 9(4): 391--420, 2006.
[19]
Ninghui Li, William H. Winsborough, and John C. Mitchell. Beyond proof-of-compliance: Safety and availability analysis in trust management. In Proceedings of IEEE Symposium on Security and Privacy, pages 123--139. IEEE Computer Society Press, 2003.
[20]
R. J. Lipton and L. Snyder. A linear time algorithm for deciding subject security. Journal of the ACM, 24(3): 455--464, 1977.
[21]
Stanley Milgram. The small world problem. Psychology Today, 2(1): 60--67, 1967.
[22]
S. Patil and A. Kobsa. Privacy as impression management. Technical Report UCI-ISR-03-13, Institute for Software Research, University of California - Irvine, Irvine, CA, USA, 2003.
[23]
Robert W. Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, Kelli Bacon, Keisha How, and Heather Strong. Expandable grids for visualizing and authoring computer security policies. In Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems (CHI '08), pages 1473--1482, New York, NY, USA, 2008. ACM.
[24]
Jennifer Rode, Carolina Johansson, Paul Digioia, Roberto Silva Filho, Kari Nies, David H Nguyen, Jie Ren, Paul Dourish, and David Redmiles. Seeing further: Extending visualization as a basis for usable security. In SOUPS '06, pages 145--155. ACM Press, 2006.
[25]
Nachi Ueno, Ryota Hashimoto, Michio Shimomura, and Kenji Takahashi. Soramame: what you see is what you control access control user interface. In Computer Human Interaction for the Management of Information Technology (CHIMIT '09), 2009.
[26]
Kami Vaniea, Qun Ni, Lorrie Cranor, and Elisa Bertino. Access control policy analysis and visualization tools for security professionals. In In USM'08: Workshop on Usable IT Security Management, 2008.
[27]
George Yee. Visualization for privacy compliance. In VizSEC 06: Proceedings of the 3rd international workshop on Visualization for computer security, pages 117--122. ACM, 2006.

Cited By

View all
  • (2024)User profile visualisation for privacy awareness on Geo-Social NetworksJournal of Location Based Services10.1080/17489725.2024.2399512(1-35)Online publication date: 26-Sep-2024
  • (2024)Cognition Behind Access Control: A Usability Comparison of Rule- and Category-Based MechanismsICT Systems Security and Privacy Protection10.1007/978-3-031-65175-5_26(367-380)Online publication date: 26-Jul-2024
  • (2023)Six usable privacy heuristicsProceedings of the XXII Brazilian Symposium on Human Factors in Computing Systems10.1145/3638067.3638111(1-11)Online publication date: 16-Oct-2023
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
SAC '12: Proceedings of the 27th Annual ACM Symposium on Applied Computing
March 2012
2179 pages
ISBN:9781450308571
DOI:10.1145/2245276
  • Conference Chairs:
  • Sascha Ossowski,
  • Paola Lecca
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 March 2012

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. access control
  2. reflective policy assessment
  3. usability
  4. visualization

Qualifiers

  • Research-article

Conference

SAC 2012
Sponsor:
SAC 2012: ACM Symposium on Applied Computing
March 26 - 30, 2012
Trento, Italy

Acceptance Rates

SAC '12 Paper Acceptance Rate 270 of 1,056 submissions, 26%;
Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25
The 40th ACM/SIGAPP Symposium on Applied Computing
March 31 - April 4, 2025
Catania , Italy

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)26
  • Downloads (Last 6 weeks)0
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)User profile visualisation for privacy awareness on Geo-Social NetworksJournal of Location Based Services10.1080/17489725.2024.2399512(1-35)Online publication date: 26-Sep-2024
  • (2024)Cognition Behind Access Control: A Usability Comparison of Rule- and Category-Based MechanismsICT Systems Security and Privacy Protection10.1007/978-3-031-65175-5_26(367-380)Online publication date: 26-Jul-2024
  • (2023)Six usable privacy heuristicsProceedings of the XXII Brazilian Symposium on Human Factors in Computing Systems10.1145/3638067.3638111(1-11)Online publication date: 16-Oct-2023
  • (2023)Interactive Graphical Access Control Tools2023 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC)10.1109/VL-HCC57772.2023.00046(255-259)Online publication date: 3-Oct-2023
  • (2023)Effective Collaboration in the Management of Access Control Policies: A Survey of ToolsIEEE Access10.1109/ACCESS.2023.324286311(13929-13947)Online publication date: 2023
  • (2022)Revisiting Reflection in HCIProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35172336:1(1-27)Online publication date: 29-Mar-2022
  • (2021)Fake Profile Detection in FacebookAdvances in Smart Grid and Renewable Energy10.1007/978-981-15-7511-2_74(725-732)Online publication date: 5-Jan-2021
  • (2021)Managing and Monitoring Social Network Privacy PoliciesEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_1600-1(1-5)Online publication date: 9-Nov-2021
  • (2020)ChRelBAC data access control model for large-scale interactive informational-analytical systemsJournal of Computer Virology and Hacking Techniques10.1007/s11416-020-00365-916:4(313-331)Online publication date: 31-Aug-2020
  • (2018)HACSecurity and Communication Networks10.1155/2018/73841942018Online publication date: 1-Jan-2018
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media