TY - GEN
T1 - Fine-grained access control of personal data
AU - Wang, Ting
AU - Srivatsa, Mudhakar
AU - Liu, Ling
PY - 2012
Y1 - 2012
N2 - The immensity and variety of personal information (e.g., profile, photo, and microblog) on social sites require access control policies tailored to individuals' privacy needs. Today such policies are still mainly specified manually by ordinary users, which is usually coarse-grained, tedious, and error-prone. This paper presents the design, implementation, and evaluation of an automated access control policy specification tool, XACCESS, that helps non-expert users effectively specify who should have access to which part of their data. A series of key features distinguish XACCESS from prior work: 1) it adopts a role-based access control model (instead of the conventional rule-based paradigm) to capture the implicit privacy/interest preference of social site users; 2) it employs a novel hybrid mining method to extract a set of semantically interpretable, functional "social roles", from both static network structures and dynamic historical activities; 3) based on the identified social roles, confidentiality setting of personal data, and (optional and possibly inconsistent) predefined user-permission assignments, it recommends a set of high-quality privacy settings; 4) it allows user feedback in every phase of the process to further improve the quality of the suggested privacy policies. A comprehensive experimental evaluation is conducted over real social network and user study data to validate the efficacy of XACCESS.
AB - The immensity and variety of personal information (e.g., profile, photo, and microblog) on social sites require access control policies tailored to individuals' privacy needs. Today such policies are still mainly specified manually by ordinary users, which is usually coarse-grained, tedious, and error-prone. This paper presents the design, implementation, and evaluation of an automated access control policy specification tool, XACCESS, that helps non-expert users effectively specify who should have access to which part of their data. A series of key features distinguish XACCESS from prior work: 1) it adopts a role-based access control model (instead of the conventional rule-based paradigm) to capture the implicit privacy/interest preference of social site users; 2) it employs a novel hybrid mining method to extract a set of semantically interpretable, functional "social roles", from both static network structures and dynamic historical activities; 3) based on the identified social roles, confidentiality setting of personal data, and (optional and possibly inconsistent) predefined user-permission assignments, it recommends a set of high-quality privacy settings; 4) it allows user feedback in every phase of the process to further improve the quality of the suggested privacy policies. A comprehensive experimental evaluation is conducted over real social network and user study data to validate the efficacy of XACCESS.
UR - http://www.scopus.com/inward/record.url?scp=84864031880&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84864031880&partnerID=8YFLogxK
U2 - 10.1145/2295136.2295165
DO - 10.1145/2295136.2295165
M3 - Conference contribution
AN - SCOPUS:84864031880
SN - 9781450312950
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 145
EP - 155
BT - SACMAT'12 - Proceedings of the 17th ACM Symposium on Access Control Models and Technologies
T2 - 17th ACM Symposium on Access Control Models and Technologies, SACMAT'12
Y2 - 20 June 2012 through 22 June 2012
ER -