20162016
IEEE6th
6thInternational
InternationalAdvanced
Conference
Computing
Collaborative Access Control Model for Online
Social Networks
Nemi Chandra Rathore
Department of Computer Science & Engineering
Indian Institute of Technology, Patna
Patna, Bihar, India.
Email: nemi@iitp.ac.in
Abstract—Online Social Network (OSN) has become a popular
and de facto portal for digital information sharing. Preserving
information privacy is indispensable in such applications, as
the shared information would be sensitive. The issue becomes
more challenging due to participation of multiple parties on the
shared resources or data. In this paper, we propose an effective
access control technique to allow or disallow the shared resources
considering authorization requirements of all the multiple parties.
A logical representation of the proposed access control technique
is prepared to analyse the privacy risk.
Keywords—Online Social Network; Access Control; Collabora-
tive Policy; Stakeholders; Trust.
I. I NTRODUCTION
Online Social Networks (OSNs) are web-based social plat-
forms that allow users to create their online virtual social
relationship network. In recent years, OSNs have seen an
unprecedented growth which is reflected by the fact that upto
March-2015, 58% of Internet users were part of atleast one
OSN [1]. During 2012-13, top three popular OSN platforms
Facebook, Twitter, and Google+ grown at the rate of 23%,
43%, 33% respectively [2].
OSNs provide to their users, a diverse set of built-in
information sharing services like wall posts, sharing statuses,
photos, videos, links and many more. These services enable
users to express themselves to other users. To avail these
offered services one needs to register with the OSN of his
choice.
During interaction, OSN users post number of messages,
photos, videos etc., into their own or others user spaces.
All such stuffs including user profiles contain huge amount
of personal and sensitive information of the respective OSN
users. Most often, these contents contain/reveal private and
sensitive information of other OSN users as well, like a group
photo with other users. Such contents are known as multi-party
contents.
At present, OSNs offer a basic level access control to define
target audience for their private and sensitive resources. For
example Facebook the most popular OSN, allows its users
to specify the audience of a resource from a list containing
friends, friends of friends, only me, public, custom [3]. This
type of access control models is neither flexible nor fine-
grained. Besides that, the existing solutions only control the
access to those data or resources reside in user’s space owned
by that user.
978-1-4673-8286-1/16 $31.00 © 2016 IEEE
DOI 10.1109/IACC.2016.14
on Advanced
Conference
Computing
Somanath Tripathy
Department of Computer Science & Engineering
Indian Institute of Technology, Patna
Patna, Bihar, India
Email: som@iitp.ac.in
Each multi-party contents is associated with multiple num-
ber of stakeholders and privacy preference of each stakeholder
would be different. These preferences lead to policy conflicts
that make the access control a challenging task. To address
the multi-party access control issues, present OSNs provide
a preliminary level of protection mechanism. For instance,
Facebook allows a tagged user in a group photo to report/
remove the tag, if s/he does not want to share that with others.
However, that photo still remains visible to others. Further, if a
stakeholder wants to fully remove the photo s/he has to request
the user who has uploaded it.
At present, no OSN offers access control facility for multi-
party resources. The proposed existing multi-party access
control schemes for OSNs are not fine-grained, flexible and
expressive enough. Therefore, a flexible and efficient solution
is urgently needed to control the access to multi-party contents.
In this paper, we propose a simple and flexible access con-
trol model where stakeholders collaboratively specify access
policies equipped with simple conflict resolution technique.
The scheme uses trust among stakeholders (of the resource)
and requester to take access decision. A logical representation
of proposed model using Answer Set Programming (ASP)[4]
is developed to formally establish the correctness of the model.
The rest of the paper is organized as follows. We provide
related work in Section II, and system model with security
requirements in Section III. In Section IV, we describe our
proposed scheme. In Section V, we describe a logical represen-
tation of the proposed model developed to verify its correctness
that is followed by discussion in Section VI. Section VII
concludes our work.
II. R ELATED W ORK
Most of the current access control models including [5],
[6], [7], [8] used in OSNs are relationship based. These
models exploit relationship between users and resources to
take access decisions. A semantic-web based model proposed
in [9] represents the user relationships, their resources, and
actions in the form of ontologies. The access control policies
are enforced by querying the database storing these ontologies.
Unfortunately, none of these solutions addresses the problem
of multi-party access control.
Recent solutions [10], [11], [12], [13], target to address
the problem of multi-party access control. In [13] a game
17
19
theoretic model based on Clark-Tax model was proposed in
which all the stakeholders bid in an auction process. The
requirement of choosing a suitable bid value could make it
difficult for a normal OSN user. Moreover, only the winner of
the auction determines the audience of the content. Mechanism
proposed in [12] allows the controllers of the content to specify
its audience using relationship, group name, and listing the
audience in the policy. The conflicts are evaluated on the basis
of a voting mechanism. But, this scheme is not flexible in
terms of policy specification. Moreover, most of these schemes
ignore trust among the controllers and requesting user which is
an important factor in real social network to selectively share
private information with others.
III. S YSTEM M ODEL & S ECURITY R EQUIREMENTS
A. OSN System Model
Let I be the finite set of relationship identifiers supported
by an OSN. R be the set of all the resources uploaded to
OSN by its registered users. An OSN can be represented as a
directed graph G = (V, E), where, V be the set of registered
users and E be the set of the existing relationships among
registered users. Formally, E, is the set of relationships among
OSN users, that is represented by a set of 4-tuples as:
E = {(vi , vj , l, T (vi , vj ) | vi , vj ∈ V, l ∈ I}.
The label l ∈ I, assigned to each edge e ∈ E, specifies the
relationship that vi has with vj . Note that, l(vi , vj ) = l(vj , vi )
for symmetric relationship, but l(vi , vj ) = l(vj , vi ) for asym-
metric relationship. For example relationships like spouse,
colleague, friend are symmetric relationships and relationships
like father, mother are asymmetric relationships. The constant
T (vi , vj ) ∈ [0, 1] gives a measure of strength of relationship
referred as trust from user vi to user vj . This trust value may
be different from the trust value from the user vj to the user vi
i.e. T (vi , vj ) = T (vi , vj ). Figure-1 shows a partial snapshot of
Fig. 1. A sample Online Social Network
a sample OSN. Here, symmetric relationships are represented
by undirected edges and asymmetric by directed edges from
source to destination. Our system model defines the following
20
18
terms.
Resource: A resource is any digital content uploaded to OSN,
by a user. A resource owned by a user v ∈ V is described by
3-tuple :
(rv,i , ownership type, sensitivity)
rv,i ∈ Rv is a unique identifier of the resource. The ownership
type indicates whether resource is exclusively/jointly owned by
v. For example profile items, friends-list are exclusively owned
resources of a user, while the resources like group photos are
co-owned (or multi-party) resources. Sensitivity of a resource
indicates the privacy risk arise due to disclosure of the said
resource.
Owner and Co-owner: OSN user v who uploads the resource
rv,i ∈ Rv , is called owner of the resource. Users v1 , ..., vj ,
referenced in the resource rv,i are called Co-owner of the
resource. For example let a user v ∈ V uploads a group photo
with some of his friends on the OSN. The user v is referred as
the owner of the resource and rest of the friends in the photo
can be referred as Co-owners.
Stakeholders: The owner and Co-owner are referred as stake-
holders of the corresponding resource .
The following functions describe our model:
• R Owned (v) gives the set of resources owned by
user v ∈ V .
• R Owner (r) returns the owner of a resource r ∈ R.
• ST (r) returns all the stakeholders of a resource r.
• T (v1 , v2 ) gives the trust v1 have on v2 .
• RAP (r) returns all access control policies specified
for the resource r.
• SC (v) returns all social contacts of a user v.
B. Security Objective
1) Data Privacy: The user should be able to reveal his
private data selectively with his social contacts as per
his privacy preferences.
2) Multi-party Access Control: The access control
model must provide a mechanism to control the
access of multi-party contents. The protocol must
allow all the stakeholders to have a precise control
on who can access the data and who can not.
Additionally, the system should be flexible and easy to use.
This is very important requirement for an access control model
as most of the users are not smart enough to work with a
complex access control system.
IV. T HE P ROPOSED S CHEME
In this section, we propose a new access control system
named as Collaborative Access Control for OSN (CACO). It
requires an OSN user to preassign a trust level to each of his
existing contacts as follows.
Trust Assignment: The social contacts of a user are
partitioned into k distinct subsets. Let F denotes the set of
social contacts of a user v ∈ V , then F is partitioned into k
subsets f1 , f2 , ..., fk such that
 • F = f1 ∪ f2 ∪ ... ∪ fk After receiving policies from all the stakeholders, it aggregates
and stores them into a local database called Access Policy
• fi ∩ fj = ∅ where i = j, ∀i, j = 1, 2, .., k
Database. Any request to access the resource is served after the
Each partition can be assigned a range of trust values by each access policies for rv are completely defined. Further, CACPM
user in the interval [0, 1]. Trust value 0 represents no trust and of the owner evaluates the access request for the resources rv
1 represents the full trust. Trust value of a user to each of his and allows or prevents to access the resource accordingly.
social connection can be assigned according to his perceived
strength of the relationship with

the target

user. If a user v ∈ V B. Access Policy Specification
adds a new connection with v ∈ V , v is added as per the user
recommendation in one of the set of the partition. The initial When user uploads a resource, its access control policy

trust value of the connection T (v, v ) is set by the user or it is needs to be specified.
set to the default, that is, the lowest value of the relationship 1) Access Policy: Access control policy or access policy
class. Table-I, represents a sample range of trust values for its of a user resource r ∈ R is a 5-tuples (Controller, controller
contact sub-classes. type, resource id, Trust Condition, action), where
TABLE I. D ISTRIBUTION OF TRUST T ACROSS RELATIONSHIP
CLASSES • Controller: The user who specified the policy.
Contact sub-class Trust(T ) • Controller type : Specifies whether controller is the
Family 0.75 ≤ T ≤ 1
Close Friends 0.5 ≤ T < 0.75
owner or any Co-owner.
Normal Friends 0.25 ≤ T < 0.5
Others 0 ≤ T < 0.25
• Resource id: This is a unique identifier of the re-
source.
• Trust Condition: It is a relational expression that
The proposed multiparty access control mechanism CACO specifies the trust level needed by a requester to get
consists of three major components as depicted in figure 2 are access to the resource.
described as follows.
• Action: It states the actions to be allowed if user
satisfies the access conditions in the policy.
action ⊆ {view, comment, share, tag, like, ..} and
action = φ means deny.

According to the number of stakeholders of a resource,

the resources would be further classified into single party or
multi-party. A resource with only one stakeholder who is the
resource owner itself is called single-party resource and rest of
the resources are called multi-party resources. The multi-party
resource have an owner and one or more co-owners.
Multi-party Access Policy Specification: After uploading
of a multi-party resource, the CACPM requests all the co-
owners to provide their access control policy for the cor-
responding resource. After receiving policies from all the
stakeholders, CACPM combines and stores them into the
Access Policy Database. For example:

1) Suppose, Alice uploads her photo party.jpg (id =

r1 ) with Bob and Carol as co-owners. Alice wants
that only her family members (trust ≥ 0.75) could
access the photo. Bob wants that his friends having
trust higher than 0.6 could be allowed to access the
photo. Carol does not considers the photo as sensitive
thus, she is willing to share the photo with any one
Fig. 2. Proposed Access Control Model with trust greater than 0.2.

The collaborative access policy for the resource in the above

A. Collaborative Access Control Policy Manager
In CACO each user has a Collaborative Access Control
Policy Manager (CACPM). The owner’s CACPM coordinates
with CACPM of rest of the stakeholders for collaborative
policy specification. As soon as a user v ∈ V uploads a
resource rv , co-owned by users {v1 , v2 , .., vm }, the CACPM
requests all the stakeholders to submit their access policies.
said scenario will be expressed as follows:
P4 = {(Alice, Owner, r1 , T ≥ 0.75, {view, comment})
: (Bob, Coowner, r1 , T ≥ 0.6, {view}) : (Carol, Coowner
, r1 , T ≥ 0.2, {view})}
Single-party Resource Access Policy Specification: It is
a special case of multi-party policy specification, where owner
is one and the only stakeholder.

21
19
 1) Alice posts her photo vacation.jpeg, (id = r2 ) and After calculation of Tef f (s, Y ) for every s ∈ Sr , CACPM
wants that only her social contact with trust greater checks, if there is any policy conflict. If there is no policy
than or equal to 0.7 could view and comment on the conflict, the request is granted or denied according to the
photo. outcome of the policy evaluation. The flowchart in Figure-3,
2) Alice uploads a video “party.flv”, (id = r3 ) and wants shows the evaluation process of an access request according
that none of her contacts who are close to her having to our model.
trust ≥ 0.5 could watch the video”.
3) Alice wants to share a link to a news
“www.abcnew.com/Obama-to-visit-UK”, (id = r4 )
with every body.
The policies for above access conditions can be specified as
follows:
1) P1 = (Alice, OW, r2 , T ≥ 0.7, {view, comment})
2) P2 = (Alice, OW, r3 , T < 0.5, {view})
3) P1 = (Alice, OW, r4 , T ≥ 0, {view})
2) Access Request:: A user Y issues an access request for
the resource rX can be specified as a 5-tuple as follows:

(Y, X, rX , Vref , ref paths)

where
• Y ∈ V is the requesting user.
• X ∈ V is the owner of the resource.
• rX ∈ R is the resource that Y wants to access.
• Vref is the subset of the stakeholders of the resource
whose references are used to request the resource
access.
• ref paths is the set of all available paths labelled
with corresponding relationships and trust from stake-
holders to requester. These paths serve as evidences in
Fig. 3. Access Policy Evaluation Process
support of request. Each path is a sequence of users
from a stakeholder to requester having intermediate
social contacts as intermediate path nodes. Each path
p ∈ ref paths includes only one stakeholder as 2) Conflict Resolution: Due to different privacy preferences
vertex. the policies for r may cause a conflict. So, if a policy conflict
occurs between stakeholders, CACPM calculates Collaborative
C. Access Request Evaluation Decision Coefficient for requester with respect to all of the
stakeholders, defined as follows:
Let us assume, user Y requests to access the resource r ∈
RX owned by user X. Let Sr ⊂ V be the set of stakeholders m

of r. CACPM immediately allows access to r, if Y ∈ Sr . C= Ci (1)
Otherwise, it calculates the effective trust of each stakeholder i=1
s ∈ Sr have on Y , as follows:
where m denotes the number of stakeholders to the resource
1) Calculating Effective Trust: CACPM first finds those and Ci , ∀i = 1, ..m is set to 1, if policy for stakeholder “i”
stakeholders who are direct friends of requesting user Y and is satisfied by the requester Y , otherwise it is set to −1. The
retrieves their trust on Y . To calculate the trust of rest of the access to user Y is allowed if C > 0 and denied otherwise.
stakeholders on Y , CACPM finds a path p = (e1 , .., ej ) from
stakeholder s ∈ Sr to Y which have the minimum value of
Πji=1 T (ei ). It represents the minimum trust s ∈ Sr can have
on Y in the present instance of OSN. The edges of p are V. L OGICAL R EPRESENTATION AND A NALYSIS OF CACO
selected using following two steps: In order to verify the correctness of our proposed model,
 
1) Pick s ∈ Vref such that T (s, s ) is minimum. we employed Answer Set Programming[4] to create an equiv-
  alent logical model. In the ASP program, users, resources,
2) Tef f (s, Y ) = T (s, s ) ∗ Tef f (s , Y )
and relationship among users are encoded using the facts.
The trust Tef f (s, Y ) of s ∈ Sr is given as follows: The relationship between users and their resources and user’s
access control polices are encoded in the form of ASP rules.
Tef f (s, Y ) = Πji=1 T (ei ) Some of them are as described below.

22
20
A. Logical Definition of Owner and Co-owner
The owner and co-owner of a resource are defined using
rules in ASP as follows:
• The owner X of the resource R is represented by the
following rule:
owner(X, R) : − uploads(X, R), access trust(X, R,
T rust), user(X), resource(R).
• The co-owner Y of the resource R is represented by
the following rule:
coowner(Y, R) : − ref ers(R, Y ), not owner(Y, R),
access trust(Y, R, T rust), user(Y ), resource(R).
• The fact that there is only one owner is ensured by
the following rule:
1{owner(X, R) : user(X)}1 : − resource(R).
B. Access Policy Specification
The access policy specification is done in terms of ASP
rules as follows:
• If the requester is one of the controllers (i.e. owner
or co-owner), s/he is given access immediately. So
accordingly the rule is as follows:
access decision(Z2 , Z1 , R, permit) : − controller
(Z1 , R), controller(Z2 , R), request(Z2 , R), user
(Z2 ), resource(R).
• To make final decision the aggregation of results of all
individual policy evaluation is done by the following
rule;
aggregate decision(Z2 , R, K) : −K = #sum{1 :
access decision(Z2 , Z1 , R, permit); −1 : access
decision(Z2 , Z1 , R, deny)}N, controller(Z1 , R),
not controller(Z2 , R), request(Z2 , R), no con
troller(N, R), user(Z2 ), resource(R)
• The final decision is ”permit” if following rule is
satisfied;
f inal decision(Z2 , R, permit) : − K > 0, aggre
gate decision(Z2 , R, K), resource(R), request(Z2 ,
R), user(Z2 ) .
C. Formal verification of CACO
The logical representation of the proposed model in ASP
helps to formally analyse the authorization properties. It is
translated into problem of checking whether the program π ∪
πquery has no answer set, where program π in ASP represents
user-to-user, and user-to-resource relationships with the access
control policies associated with the resources. Program πquery
encodes negation of access request. The CACO is analysed
on the machine having i7- (2.70 GHz), CPU, 4GB RAM,
and Ubuntu 14.10 platform, by providing π with encoding of
various queries to grounder gringo[14] and answer set solver
clasp[15].
To check, if a given access request is satisfied or not, we
submit negation of the query to our ASP logical model. If the
query is satisfied, it does not return any answer set. Otherwise
the returned answer set will work as a counter example. Due
to space limitation, we could not provide the snapshots of the
output of the program.
23
21
The working of the proposed access control model is
illustrated with examples as follows:
D. Use Cases
Let us assume Bob and Alice are very close friends. The
direct trust values of the users are given in table II.
TABLE II. S AMPLE TRUST VALUES BETWEEN OSN USERS .
User Pair Trust User Pair Trust
(Alice, Bob) 0.7 (Bob, Alice) 0.75
(Bob, Carol) 0.5 (Carol, Bob) 0.56
(Alice, Rose) 0.7 (Rose, Alice) 0.6
(Carol, Rose) 0.8 (Rose, Carol) 0.65
(Carol, Alice) 0.4 (Alice, Carol) 0.3
(Alice, Arnold) 0.7 (Arnold, Alice) 0.5
Suppose Alice uploads a photo r5 of birthday party of her
friend Bob. In the photo she tags Bob and her another friend
Carol. Let the photo be private and sensitive to Alice and Bob,
but not for Carol. Thus Alice, Bob and Carol set a required
trust level to view the photo as 0.7, 0.8, 0.2 respectively. So,
the access policies for the photo are as follows:
(Alice, Owner, r5 , T ≥ 0.7, allow) (2)
(Bob, Co − owner, r5 , T ≥ 0.8, allow) (3)
(Carol, Co − owner, r5 , T ≥ 0.2, allow) (4)
Example-1: Let Rose, one of the friends of Alice and Carol
requests access to r5 . After receiving the access request
CACPM first verifies the evidence provided by Rose. After
verifying the path CACPM calculates the indirect trust of
Bob with Rose. Alice and Carol have trust level of 0.7, 0.8
respectively with Rose. The effective trust of Bob with Rose
comes to 0.4. Now, CACPM evaluates each of the policies
and detects the conflict as policy of Bob is not satisfied. So,
it calculates value of C which evaluates to 1, thus it grants
access to Rose.
Example-2: Let Arnold, a friend of Alice with trust value
T (Alice, Arnold) = 0.7 requests access to r5 . The effec-
tive trust on Arnold for Bob and Carol is calculated to be
0.525, 0.28 respectively. Arnold satisfies policies of Alice,
and Carol but does not satisfy the same for Bob. This leads to
a policy conflict. To resolve the conflict, CACPM calculates
Collaborative Decision Coefficient for Arnold which comes to
1 > 0. Thus CACPM grants access of photo to Arnold.
Example-3: Let Jim a casual friend of Bob and Carol with
trust value say, T (Bob, Jim) = 0.3, T (Carol, Jim) = 0.5
respectively, requests to access r5 . The effective trust Alice
has with Jim is 0.21. Thus, Jim does not satisfy any of
the policies (1), (2), but satisfies policy (3). To resolve this
conflict, CACPM calculates the value of C which comes to −1
and hence it denies the request.
VI. D ISCUSSION
The important thing about CACO is that, it uses the degree
of intimacy (trust level) between stakeholders and requesting
user to make access decision. When the owner uploads a
resource r, s/he specifies the corresponding stakeholders. Each
stakeholder specifies a level of trust needed to access r.
In CACO, each user has a CACPM module to administer
the collaborative policy specification and access to the user’s
resources. After receiving an access request for r from user y, VII. C ONCLUSIONS
CACPM calculates the effective trust on y for all stakeholders
In this paper, we have proposed a simple and effec-
towards r. Then, it checks whether any policy conflict is there
tive multi-party access control scheme CACO. The proposed
between the stakeholders. If CACPM finds no policy conflict
scheme computes trust (direct or indirect) with each stake-
then, it takes access decision according to the outcome of
holder of the resource to verify the policy rules. The access
the policy evaluation. In case of any conflict, it calculates the
request to the resource is granted only if all the policy rules
Collaborative Decision Coefficient to make any decision.
are satisfied. We have verified the correctness of CACO using
The most attractive features of our scheme includes its its logical representation in ASP. The development of CACO
simplicity in policy specification and conflict resolution. The prototype in the form of a Facebook application to understand
users specify the audience of their contents on the basis usability and acceptability of the model among OSN users.
of required trust with requesting user. They do not require
complex access policies to specify audience of their resources. R EFERENCES
CACO is efficient because access request evaluation involves [1] “Statistics brain research institute: Social networking statistics,”
only CACPM of the resource owner. March 2015. [Online]. Available: http://www.statisticbrain.com/
social-networking-statistics/
TABLE III. C OMPARISON OF EXISTING ACCESS C ONTROL SOLUTIONS [2] K. Morrison, “The growth of social media: From
FOR OSN WITH CACO. passing trend to international obsession,” january 2014.
[Online]. Available: http://www.adweek.com/socialtimes/
Model Trust Relationship Multi- Auto- the-growth-of-social-media-from-trend-to-obsession-infographic/
type party mation 142323
Squicciarini[13] no U-U yes yes
[3] Facebook, “Facebook data policy,” January 2015. [Online]. Available:
Carminati[9] yes U-U, U-R, U-A no yes
Fong[6] no U-U no no
www.facebook.com/about/privacy/
Carminati[11] yes U-U yes no [4] V. Lifschitz, “What is answer set programming?” in Proceedings of the
Cheng [5] yes U-U, U-R, R-R no no Twenty-Third AAAI Conference on Artificial Intelligence, AAAI 2008,
Hu [12] no U-U yes yes Chicago, Illinois, USA, July 13-17, 2008, 2008, pp. 1594–1597.
Cheng[8] yes U-U,U-R,R-R no no
[5] Y. Cheng, J. Park, and R. Sandhu, “Relationship-based access con-
CACO yes U-U yes semi
trol for online social networks: Beyond user-to-user relationships,”
in Privacy, Security, Risk and Trust (PASSAT), 2012 International
Conference on and 2012 International Confernece on Social Computing
Table-III gives a comparison of CACO with some popular (SocialCom), Sept 2012, pp. 646–655.
existing schemes. The schemes proposed in [5], [6], [8], [9] [6] P. Fong, “Relationship-based access control: Protection model and
do not address the problem of multi-party access. As we have policy language,” in Proceedings of the First ACM Conference on Data
and Application Security and Privacy. New York, USA: ACM, 2011,
already discussed in Section-II, the scheme in [13] is not pp. 191–202.
flexible and user-friendly. The scheme in [11] is not scalable [7] J. Pang and Y. Zhang, “A new access control scheme for facebook-style
as it requires a centralized entity called Social Manager that is social networks,” CoRR, vol. abs/1304.2504, 2013.
involved in verification and evaluation of every access requests [8] Y. Cheng, J. Park, and R. Sandhu, “Attribute-aware relationship-based
to all OSN resources. It creates risk of central point of failure access control for online social networks,” in Data and Applications
and problem of performance bottleneck. MPAC [12] is not fine- Security and Privacy XXVIII, ser. Lecture Notes in Computer Science.
grained and failed to express various types of access control Springer Berlin Heidelberg, 2014, vol. 8566, pp. 292–306.
policies. For example, suppose Alice wants to share a photo [9] B. Carminati, E. Ferrari, R. Heatherly, M. Kantarcioglu, and B. Thu-
raisingham, “Semantic web-based social network access control,” Com-
(id = r4 ), with her contacts who are highly trusted (trust value puters & Security, vol. 30, no. 2-3, pp. 108–115, mar 2011.
≥ 0.75). MPAC only allows her to specify audience of r4 using [10] A. Besmer and R. L. Heather, “Moving beyond untagging: Photo
either relationships or group names or a list of users. In this privacy in a tagged world,” in Proceedings of the SIGCHI Conference
case she can only list all the target audience explicitly which on Human Factors in Computing Systems. New York, USA: ACM,
would be difficult. But, our scheme allows Alice to specify 2010, pp. 1563–1572.
this policy very easily as follows: [11] B. Carminati and E. Ferrari, “Collaborative access control in on-line so-
cial networks,” in Collaborative Computing: Networking, Applications
and Worksharing (CollaborateCom), 2011 7th International Conference
(Alice, Owner, r4 ), T ≥ 0.75, {view}) on, Oct 2011, pp. 231–240.
[12] H. Hu, G. J. Ahn, and J. Jorgensen, “Multiparty access control for
online social networks: Model and mechanisms,” Knowledge and Data
Another limitation of MPAC model is that it does not Engineering, IEEE Transactions on, vol. 25, no. 7, pp. 1614–1627, July
distinguish between different access actions. Thus, it does not 2013.
enable a user to specify a policy where requester can only [13] A. C. Squicciarini, M. Shehab, and F. Paci, “Collective privacy man-
view a photo with restricting to comment on it. But, in CACO agement in social networks,” in Proceedings of the 18th International
Conference on World Wide Web, ser. WWW ’09. New York, USA:
a stakeholder can specify the allowed action for the audience ACM, 2009, pp. 521–530.
of the resource. In MPAC there is no collaboration at the
[14] M. Gebser, R. Kaminski, A. König, and T. Schaub, “Advances in gringo
time of policy specification, and each stakeholder specify their series 3,” pp. 345–351.
access policy for the resource independently. In case, if any [15] M. Gebser, B. Kaufmann, and T. Schaub, “Conflict-driven answer set
stakeholder is not satisfied with the current privacy settings solving: From theory to practice,” Artificial Intelligence, vol. 187-188,
s/he can change the policy but have to ask the resource owner pp. 52–89, 2012.
to change the conflict resolution policy. But in our case, no
change is required in conflict resolution policy, and any user
can update his/her access policy.

24
22