Access Control Models In Social Networks

Published Date: 02 Nov 2017

Key words: access control, privileges, social networks, security models.

INTRODUCTION

The spread use of internet made gradually reduction of traditional human relationships. So, these relationships were simulated through an internet-based service, named "social network" which allows individuals to construct a public or semi-public profile and connect with the others using social networks.

A social network service is described in (Nasim, 2010) as "A Web site that provides a virtual community for people interested in a particular subject or just to "hang out" together. Members create their own online "profile" with biographical data, pictures, likes, dislikes, and any other information they choose to post. They communicate with each other by voice, chat, instant message, video-conference, and blogs, and the service typically provides a way for members to contact friends of other members". Nowadays, online social networks have gained considerable popularity due to convenient and easy communication, social relationship with individuals with similar characteristics, anonymity, and no need to physical move. More and more people use social networks to share interests and make friends. Also, social networks help users overcome geographical barriers.

One of the most important issues in social networks is the security and privacy of users’ shared information. These large amounts of personal information need appropriate security setting to be protected from unauthorized access and unwanted disclosure. This information could be misused by any adversary. Also, she can use this information to harm the users. For the protection of sensitive data existed in online social networks from unauthorized access it is important to ensure that access to these information is allowed only to authorized users. So, there should be access control mechanisms for accessing users’ information in online social networks. However, providing fine-grained access control in a distributed online social network is a new and challenging problem and so far, there is not a complete solution for it (Nasim, 2010).

In this paper existing access control models of social network are investigated and in addition to their details, benefits and weaknesses of them are highlighted.

The rest of the paper is as follow: in section 2, existing access control models for social networks are reviewed. Also, advantages and disadvantages of these models are examined. Section 3, evaluates identified models against several criteria. Finally, section 4 concludes the paper.

ACCESS CONTROL MODELS FOR SOCIAL NETWORKS

In this section existing access control models for social networks and their principles are examined. As part of this examination, the merits and shortcomings of them are reviewed.

Access Matrix Model (AMM)

This model defines some access privileges on an object or resource to a subject. The actions of subjects on objects are permitted or denied based on specified authorizations. Authorization is expressed in term of access rights or access modes. In this model there is a matrix that is a useful framework and specifies the rights that each subject possesses for each object (Lampson, 1974).

File 1

File 2

File 3

Ann

Own

Read

write

Read

Write

Bob

read

Write

Carl

Read

Write

Fig 1. An example of access matrix

Access Matrix Model elements

There are three kinds of access control entities in this model:

Object: any information or resource which can be accessed

Subject: every active entity in a system who access objects

Access rights: the operations that subject are allowed to do on objects

In access matrix model, triple (S, O, A) defines the state of the system, where S is the set of subjects in the system or social network, O is set of objects which can be accessed (such as information in social networks) and A is the access matrix which its rows corresponds to the subjects and its columns corresponds to the objects. Also, the entry A[s,o] represents the privileges of subject s over object o (Lampson, 1974). Fig 1 is an example of access matrix that gives an abstract representation of specified protections. For example in this matrix Ann can read and write File 2; but she has not any access on File 3.

Access Matrix Model implementation

There are three approaches for implementing access matrix model:

Authorization table:

In this approach, non-empty entries of access matrix are listed in a table which has three columns. These columns correspond to subjects, access privileges and objects, respectively. Each tuple of this table corresponds to an authorization in matrix. This approach is widely used in DBMS systems. Table 1 is the authorization table of matrix shown in Fig 1.

Table 1. Authorization table of matrix shown in Fig 1.

Subject

Access Mode

Object

Ann

own

File 1

Ann

Read

File 1

Ann

Write

File 1

Ann

Read

File 2

Ann

Write

File 2

Bob

Read

File 1

Bob

Write

File 2

Carl

Read

File 3

Carl

Write

File 3

Access Control List (ACL):

This approach corresponds to storing the access matrix by its columns. Each object is associated with a list indicating for each subject, the accesses the subject is authorized to execute on the object. Fig 2 shows the access control list of matrix shown on Fig 1.

Fig 2. Access control list of matrix shown in Fig 1

Fig 3. Capability list of matrix shown in Fig 1

Capability

In this approach the access matrix is stored by its rows. For each subject, there is list of objects, indicating accesses the subjects allowed to exercise on each object. Fig 3 illustrates the capability list of matrix shown in Fig 1.

Advantages and Disadvantages of AMM

The access matrix is one of the easiest models for describing users’ access and rights. But beside this advantage this model has some weaknesses which are listed below (Nasim, 2010 and Lampson, 1974):

With this model, it is not possible to offer advance access control mechanisms, such as access based on subject’s attributes includes age, trust, etc. Furthermore, this model cannot support single access control policy for a group of users with the same attributes.

Additionally, this model is unable to consider properties of resource such as title or version number to express access rights.

This model in not context aware and do not consider time, date, etc.

Access control list and capability approach lack the ability to support dynamic changes of access rights such as changing, revoking or granting access rights which are common in online social networks.

This model is dependent to underlying platform, where platform independent is one of the major requirements in online social networks.

The access matrix in this model will be usually enormous in size and space due to emptiness of most of cells and matrix sparseness. So, storing this matrix as a two-dimensional array is a waste of space.

Role-Based Access Control (RBAC)

Sandhu et al. (1996) proposed a model that permissions are assigned to roles as subjects rather than individual users. Roles are created for various jobs and functions and the role of each user is based on her capabilities and responsibilities. In this model, at first, users are assigned to roles and then, access rights for objects are assigned to roles. Fig 4, illustrates the RBAC model. A session contains users and the roles of them during a period of time or specific situation; different session contains users with different roles.

For efficiency, roles can be structured hierarchically so that some roles inherit permissions from others.

Fig 4. Role-Based Access Control model

Relation-Based Access Control Elements

RBAC has five basic elements include users, roles, permissions, operations, and objects that administration of accesses and privileges is based on them. In the hierarchal structure of RBAC, each element is in relationship with the others in order to create levels of permissions and constrains (A. Weber, 2003).

Users: users are entities want to access objects or information. In RBAC model the users will typically not have access to objects and their permissions are based on role(s) they are associated with.

Role: a role is a set of permissions and is created for various jobs and function dependent of their requirement. Users are assigned to roles based on their capabilities. A user can play different roles simultaneously and different users can play same role.

Permission/operation: permissions are assigned to a role and grant access to operations.

Objects: object is any information or resource that can be accessed.

In RBAC model, users can be easily reassigned from one role to another without modifying the underlying access structure. So, RBAC is more scalable than user-based security approach and requires less cost and administrative overhead rather than it. It can be shown that the cost of administering RBAC is a factor of U+P while the cost of associating users directly with permissions is a factor of U*P where U is the number of individuals in a role and P is the number of permissions required to perform that role (Ferraiolo et al. 1999).

In social networks, users are closely related with social relationships. Each relationship links one role to another role and users can run access control based on the role relation. So, RBAC would be a suitable model used in social networks for specifying access controls in them.

Advantages and Disadvantages of RBAC

RBAC model has some advantages which are listed below (A. Weber, 2003):

Scalability: in this model roles can be created by role engineering and modified only as needed. Access rights are assigned to these roles and changing them does not need to modify the underlying access structure.

Security: in RBAC model it is possible through role engineering and hierarchy to make roles as granular as needed to have a social network with high security.

Logical in design: the logical design will allow for easier administration. So, any add, remove or changing the roles would be done easily.

While RBAC is very effective and popular for social networks, it has several weaknesses as follow (Nasim, 2010):

RBAC lacks the ability to specify a fine-grained access on object, such as if a user has access permissions on previous version of a document, but she is not allowed to access the newer version, now.

In social network it is difficult to control accesses based on the roles only. Because sometimes defining access rights for a user needs to assign a new role to her, which is difficult to manage in a highly dynamic distributed environment.

For implementing RBAC, several roles should be defined. By considering limited number of roles, same access control is assigned to many people have same role. While some of them do not need this level of privilege. On the other hand, by defining many roles with their details, a large volume of memory is needed for it.

Extensions for RBAC

For the RBAC, many extensions have been proposed. Moyer et al. (2001), for enhancing expressiveness, extended RBAC to generalized model named as GRBAC by using environment and object roles.

Chae et al. (2007) proposed to consider object hierarchy same as role hierarchy to enhance the efficiency of RBAC. Time related extension was proposed by Bertino et al. (2001).

Purpose-Based Access Control (PBAC) is another extension of RBAC which was proposed by Byun et al. (2008). The PBAC model addresses the necessity to control the access on the purpose of using the object with conditional roles. PBAC is used when predefined roles do not adequately specify users whom access should be granted to them (Byun et al. 2005).

Task-Based Access Control (TBAC)

This model as an active security model for authorization, was first proposed by Thomas et al. (1994, 1997), to better recognize the context in which security requests arise. In this model access constrains is based on the context and task. So, access rights depend on procession of any task. In each step of progress, a disjoint protection state grants a set of access rights and these rights depend on the progress and the environment of the task. Thus, this model allows for dynamic management of permissions along progress of task to completion.

Fig 5. Task-Based Access Control model

As shown in Fig 5, each step has a disjoint protection state. Also, this model supports type-based as well as instance and usage-based access control. Furthermore, authorizations have strict usage, validity and expiration characteristics through a runtime (Thomas et al. 1994, 1997).

Advantages and Disadvantages of TBAC

Task-Based Access Control model has some advantages such as activeness, ease and dynamic management of access controls and etc. furthermore, as said earlier, TBAC enables the granting and revoking of privileges to be automated and co-ordinated with the progression to completion of any task.

But in addition to these advantages, there are several weaknesses in this model which are as follow:

The definition of context in online social networks is much broader than that is in relation with activities and task which is considered in TBAC and requires more features.

Manage and support dynamic environment of social network need defining more fine-grained component.

TBAC can be effectively used for system-centric approach in subject-object systems. But, in social network environment TBAC is used within other access control models.

Team-Based Access Control (TMAC)

In this model which was first presented by Thoma (1997), access rights are assigned to teams and groups instead of a single user. Team is an abstraction which contains users in specific roles. Forming teams and assign privileges to it is more common than dividing users for assign role to them. So, the access rights of users in a team are limited to permissions granted to the team. In this model two important factors are considered for making team and assign access rights to them:

User context: for dividing users based on their current context and role to different teams.

Object context: to make groups of resource based on their similar attribute and type.

Fig 6. Team-Based Access Control model

Fig 6 illustrates TMAC model. As it is obvious in the figure, at first, users are assigned to role and then, different roles are gathered to forming a team. Each user can be in one or more team based on her role. Permissions are given to teams not to roles. A session contains all these mentioned steps in a period of time.

Such as TBAC, TMAC is an active model. Because, it is aware of context in providing access control.

One of the main advantages of TMAC over RBAC is that TMAC leverages the benefits of scalable permissions administrating of RBAC to provide a fine-grained control on individual users in certain roles and on individual object instances (K.Georgiadis, 2001).

An extension to this approach is Context-based TMAC (C-TMAC) which integrates RBAC and TMAC by considering contextual information such as time, location, etc. other than user and object context in its architecture (K.Georgiadis et al, 2001). In definition of C-TMAC model five sets are considered: roles, users, contexts, permissions, and sessions (T. Alotaiby et al, 2004 and K.Georgiadis et al, 2001).

Fig 7 is the architecture of C-TMAC model with its component.

Fig 7. C-TMAC model

Advantages and Disadvantages of TMAC and C-TMAC

TMAC and its extension, C-TMAC, have some advantages which are listed below:

Both TMAC and C-TMAC models are based RBAC; thus, all of the advantages of RBAC can be considered for these models, too.

In C-TMAC model in addition to user and object context, other context information such as time and location are considered.

The core idea of TBAC and C-TMAC model is perfectly suitable for authorization is social networks; in this manner users can be divided into team and groups based on their relationship type and then access controls defined for these teams.

In addition to these advantages, there are several weaknesses in these models. Here is the list of identified weaknesses:

Both TMAC and C-TMAC are based on RBAC model; but it is not clear how will the team or context concepts be incorporated in RBAC framework. However, until now, there is not a fully implementation of these models.

TMAC and C-TMAC are not able to self-administration of assignment relations between entities.

Although, C-TMAC model seems to be suitable for authorization in social networks, but assigning same access control to two different persons from two different teams is difficult to express through this model.

Relation-Based Access Control (RelBAC)

Zhang (2009) proposed a model for dynamic web scenario which in this model the main feature is that permissions are modeled as binary relations between the users and resources. An Entity Relationship (ER) model is used to illustrate RelBAC and this make it easy to be integrated into system design. Fig 8 is the ER diagram of the RelBAC model:

Fig 8. The ER diagram of the RelBAC model

In Fig 8, subject and object are entity sets and permission is relation. Here are the details of each component:

Subject: subject demonstrates the set of subjects which want to have permissions over objects. The loop on "subject" represents the "IS-A" relation between sets of subjects.

Object: object is the set of objects which can be accessed by subjects. The loop on "object" represents the "IS-A" relation between objects.

Permission: permission is a relation between subject and object in the form of an operation that subject can perform on object. The loop on "permission" represents the "IS-A" relation between permissions.

Rule: a rule associates a permission to a specific pair of (subject, object).

Permission in RelBAC has two roles; one role as the operation is by naming the permission by the operation between subject and object and the other role as the policy relation among the three components connects the subject and object by a binary relation.

By considering previously definition of other access control model, it can be shown that AMM, RBAC, and PBAC are represented in RelBAC model.

Advantages and Disadvantages of RelBAC

The RelBAC model has at least the following advantages:

It supports the dynamicity of permission evaluation by decoupling permissions from subjects or objects.

RelBAC can model the evolving hierarchical (tree-like) structure of online communities such as social networks by classifying subjects and objects into these complex structures.

RelBAC model provides a fine-grained access control.

By ER modeling of RelBAC it can be easily designed and also, brings great extensibility to capture new attributes, context, etc.

In addition to advantages listed above, there are some weaknesses in RelBAC model:

The complexity of security problem formalization in this model is still not clear.

This model relies on the user to specify an appropriate context to initiate access.

EVALUATION OF ACCESS CONTROL MODELS IN SOCILA NETWORKS

In this paper several access control models which have been proposed or used in social networks have been described. In this section, these models are evaluated based on a set of criteria relevant to access control models in social network environment. These criteria are as follow:

Complexity defines the nature of access control model.

Understandability defines the transparency of model and its component.

Ease of use indicates how simple the model can be used in social network environment.

Applicability of an access control indicates its practicality.

Also, there are some criteria which are specific for social networks:

Group of User: An access control model should support group of users in addition to individuals in social networks.

Policy Specification: A model should support ways of specifying policies; this help to ensure the scalability of system.

Policy Enforcement: specified policies and constraints should be enforced by access control model.

Active/ Passive: Activeness of an access control model demonstrates that this model support dynamicity of environment.

Contextual Information: Degree of considering contextual information in providing access controls by a model.

Table 2 evaluates this paper defined access control models against mentioned criteria. (In this table Y and N are the symbol of Yes and No respectively.)

Table 2. Characterization of access control models for social networks

Criteria

AMM

RBAC

PBAC

TBAC

TMAC

C-TMAC

RelBAC

Complexity

Low

Medium

Medium

Medium

Medium

Medium

Medium

Understandability

Simple

Simple

Simple

Simple

Simple

Simple

Simple

Ease of use

High

High

Medium

Medium

High

High

Medium

Applicability

Medium

High

Medium

Medium

Medium

High

High

Group of user

Low

Y

Y

Y

Y

Y

Y

Policy specification

Low

Y

Y

Low

Y

Y

Y

Policy enforcement

Low

Y

Y

Low

Y

Y

Y

Active/passive

Passive

Passive

Passive

Active

Active

Active

Active

Contextual info

N

Low

Low

Medium

Medium

Medium

Medium

CONCLUSION

By the development and popularity of social networks, it is need to be access control mechanisms in them. In this paper a comprehensive study of authorization mechanisms for social network was provided. Several models were identified by their basic components and architecture. Also, their benefits and weaknesses were examined. At last, these models were assesses based on criteria which were drawn from identified models.

REFRENCES

A. Weber. H, (2003), Role-Based Access Control: The NIST Solution, SANS Institute InfoSec Reading Room.

Bertino E, Bonatti P. A, Ferrari E, (2001), TRBAC: A temporal role-based access control model. ACM Transactions on Information System Security, 4(3):191–233.

Byun J. W, Bertino E, Li N. (2005), Purpose based access control of complex data for privacy protection. In SACMAT ’05: Proceedings of the tenth ACM symposium on Access control models and technologies, p. 102–110, New York, NY, USA, ACM.

Byun J. W, Li N. (2008), Purpose based access control for privacy protection in relational database systems. VLDB J, 17(4), p. 603–619.

Chae J. H, Shiri. N, (2007), Formalization of RBAC policy with object class hierarchy. In Ed Dawson and Duncan S. Wong, editors, ISPEC, volume 4464 of Lecture Notes in Computer Science, pages 162–176. Springer.

Ferraiolo D, Barkley. J, Kuhn. R, (1999), A Role Based Access Control Model and Reference Implementation within a Corporate Intranet. ACM Transactions on Information Systems Security, 1(2).

J. Moyer. M, Mustaque. A, (2001), Generalized role-based access control. In ICDCS, pages 391–398.

K. Georgiadis Ch, Mavridis I, Pangalos G, Thomas R. K, (2001), Flexible Team-based Access Control Using Context, In proceedings of the sixth ACM symposium on Access control models and tech-nologies, Chantilly, Virginia, United States, p. 21 – 27.

Lampson W. B, (1974), Protection, In 5th Princeton Symposium on Information Science and Systems. P. 437–443. Reprinted in ACM Operate, Syst. Rev. 8, p. 18–24.

Nasim R, (2010), Privacy-enhancing Access Control Mechanism in Distributed Online Social Network, Master’s Thesis in Computer Science, at the Software Engineering of Distributed Systems Master’s Program Royal Institute of Technology.

Sandhu R. S, Coyne. E. J, Feinstein. H. L, Youman. C. E, (1966), Role-based access control models, In IEEE Computer 29, p. 38–47.

T. Alotaiby F, Chen J. X, (2004), A Model for Team-Based Access Control (TMAC2004), Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’04), IEEE Computer Society.

Thomas R. K, Sandhu R. S, (1994), Conceptual foundations for a model of task-based authorizations, In proceedings of 7th IEEE Computer Security Foundations Workshop, Franconia, P. 66–79.

Thomas R. K, (1997), Team-based Access Control (TMAC): A Primitive for Applying Role-based Access Controls in Collaborative Environments, In Proceedings of 2nd ACM Workshop on Role-Based Access Control, Fairfax, p. 13–19.

Thomas R. K, Sandhu R. S, (1997), Task-based authorization controls (TBAC): A Family of Models for active and enterprise-oriented authorization management, In Database Security XI: Status and Pro-spects, T. Y. Lin and X. Qian, Eds. North-Holland, p. 166–181.

Zhang R, (2009), RelBAC- Relation Based Access Control, Phd dissertation, International Doctorate School in Information and Communication Technologies, DIT-University of Trento.