Beyond user-to-user access control for online social networks

Mohamed Shehab, Anna Cinzia Squicciarini, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

21 Scopus citations


With the development of Web 2.0 technologies, online social networks are able to provide open platforms to enable the seamless sharing of profile data to enable public developers to interface and extend the social network services as applications (or APIs). At the same time, these open interfaces pose serious privacy concerns as third party applications are usually given full read access to the user profiles. Current related research has focused on mainly user-to-user interactions in social networks, and seems to ignore the third party applications. In this paper, we present an access control framework to manage the third party to user interactions. Our framework is based on enabling the user to specify the data attributes to be shared with the application and at the same time be able to specify the degree of specificity of the shared attributes. We model applications as finite state machines, and use the required user profile attributes as conditions governing the application execution. We formulate the minimal attribute generalization problem and we propose a solution that maps the problem to the shortest path problem to find the minimum set of attribute generalization required to access the application services.

Original languageEnglish (US)
Title of host publicationInformation and Communications Security - 10th International Conference, ICICS 2008, Proceedings
PublisherSpringer Verlag
Number of pages16
ISBN (Print)3540886249, 9783540886242
StatePublished - 2008
Event10th International Conference on Information and Communications Security, ICICS 2008 - Birmingham, United Kingdom
Duration: Oct 20 2008Oct 22 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5308 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other10th International Conference on Information and Communications Security, ICICS 2008
Country/TerritoryUnited Kingdom

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Beyond user-to-user access control for online social networks'. Together they form a unique fingerprint.

Cite this