SocACL: An ASP-based access control language for online social networks

Abstract

Online Social Networks (OSNs), such as Facebook, encourage their users to disclose significant amounts of personal information to facilitate connecting and sharing content with other users. This has resulted in some OSNs holding vast amounts of information about their users; all of which is readily available via their profile page. As such, OSNs are particularly vulnerable to privacy breach attacks. With the impact these breaches varying from simply embarrassing the user, to negatively influencing the decision of a potential employer, identity theft and even physical harm it is important that these breaches are addressed. In this research we approach privacy management in OSNs as an access control problem, proposing a fine-grained, formal Attribute-Based Access Control (ABAC) language; SocACL (Social Access Control Language). SocACL is based on Answer Set Programming (ASP) and allows for policy specification using the most abundant sources of information available in OSNs; user attributes and relationships. © IFIP International Federation for Information Processing 2013.