Specification and enforcement of location-aware attribute-based access control for online social networks

Abstract

Online social networks (OSNs) are gaining in popularity and are used by a large number of users with varied educational and socio-economic backgrounds. OSNs contain a plethora of personal information which, if misused, may cause enormous damage to individuals. A well-designed and user-friendly authentication and access control mechanism are the initial steps towards protecting personal information stored on OSNs. Researchers have proposed access control models for OSNs, some of which are classified as relationship based and others are in the category of attribute based access control models. In this paper, we demonstrate the use of an attribute-based access control model which has an attribute called location to provide additional security for OSNs. A user location attribute authenticates user credential during login process by correlating geolocation of the incoming IP address with user behaviors characterized by geographic metadata. Specifically, we focus on the enforcement of this location attribute and demonstrate how it can be used to detect security violations arising out of stolen credentials of authorized users. We implemented a prototype and performed experiments to demonstrate the feasibility of our approach.