Change search
ReferencesLink to record
Permanent link

Direct link
Privacy-Enhancing Access Control Mechanism in Distributed Online Social Network.
KTH, School of Computer Science and Communication (CSC).
2011 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Dramatic growth in the number of subscribers in Online Social Networks (OSNs), such as Facebook, MySpace, Orkut, etc. shows their increasing popularity among people from different ages and sectors. However, currently, the users need to put complete trust on OSN service providers, to protect their sensitive information because of centralized access control at the providers. Taking advantage of this infrastructure, OSN service providers can expose their subscribers' personal information for targeted advertisements, or anything that is mentioned in the terms of the privacy agreement, including to change the terms. To give complete access control to the users over their data, there must be an alternative infrastructure, which removes dependence on OSN service providers. In order to address this privacy issue, Sonja Buchegger and Anwitaman Datta proposed 2-tier peer-to-peer architecture for social networks, called PeerSoN.

The goal of this master's thesis is to evaluate the suitability of eXtensible Markup Language (XACML) for Distributed Online Social Network (DOSN) access control and privacy preservation. To do that, at the beginning, we determine the requirements for access control in DOSN, and present a structure for users' profiles. Due to the wide ranges of requirements, we propose to use rule-based access control for the users in OSN, where the rules are based on both static and dynamic constraints. Secondly, to investigate whether these policies can be expressed in XACML or not, we implement some common authorization policies using SunXACML, an open source implementation of standard XACML version 2.0. Moreover, to enhance privacy, regarding authentication and enforcement, we offer to use secret key based authentication of SAML, and one of the XACML supported web or application servers, such as JBoss Application server, Fedora server, in conjunction with XACML. Finally, we evaluate our architecture against three types of attackers; namely, users from social links, users form outside of social links, and random person, and claim that our mechanism is well protected against different threats, such as unauthorized access, impersonation attacks, identity theft, information leakage via friendship links, etc., specifically, when each user's profile is stored on his own machine.

Place, publisher, year, edition, pages
Trita-CSC-E, ISSN 1653-5715 ; 2011:051
National Category
Computer Science
URN: urn:nbn:se:kth:diva-130755OAI: diva2:654202
Educational program
Master of Science - Software Engineering of Distributed Systems
Available from: 2013-10-07 Created: 2013-10-07

Open Access in DiVA

No full text

Other links
By organisation
School of Computer Science and Communication (CSC)
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 23 hits
ReferencesLink to record
Permanent link

Direct link