Amirreza Masoumzadeh

OSNAC: An Ontology-based Access Control Model for Social Networking Systems

As the information flowing around in social networking systems is mainly related or can be attributed to their users, controlling access to such information by individual users becomes a natural requirement. The intricate semantic relations among data objects, different users, and between data objects and users further add to the complexity of access control needs. In this paper, we propose an access control model based on Semantic Web technologies that takes into account the above mentioned complex relations. The proposed model enables expressing much more fine-grained access control policies on a social network knowledge base than the few existing models. We demonstrate the applicability of our approach by implementing a proof-of-concept prototype of the proposed access control framework.

A survey of security issue in multi-agent systems

Multi-agent systems have attracted the attention of researchers because of agents’ automatic, pro-active, and dynamic problem solving behaviors. Consequently, there has been a rapid development in agent technology which has enabled us to provide or receive useful and convenient services in a variety of areas such as banking, transportation, e-business, and healthcare. In many of these services, it is, however, necessary that security is guaranteed. Unless we guarantee the security services based on agent-based systems, these services will face significant deployment problems. In this paper, we survey existing work related to security in multi-agent systems, especially focused on access control and trust/reputation, and then present our analyses. We also present existing problems and discuss future research challenges.

PuRBAC: Purpose-Aware Role-Based Access Control

Several researches in recent years have pointed out that for the proper enforcement of privacy policies within enterprise data handling practices the privacy requirements should be captured in access control systems. In this paper, we extend the role-based access control (RBAC) model to capture privacy requirements of an organization. The proposed purpose-aware RBAC extension treats purpose as a central entity in RBAC. The model assigns permissions to roles based on purpose related to privacy policies. Furthermore, the use of purpose as a separate entity reduces the complexity of policy administration by avoiding complex rules and applying entity assignments, coherent with the idea followed by RBAC. Our model also supports conditions (constraints and obligations) with clear semantics for enforcement, and leverages hybrid hierarchies for roles and purposes for enforcing fine grained purpose and role based access control to ensure privacy protection.

Ontology-based access control for social network systems

As the information flowing around in social network systems is mainly related or can be attributed to their users, controlling access to such information by individual users becomes a crucial requirement. The intricate semantic relations among data objects, different users, and between data objects and users further add to the complexity of access control needs. In this paper, we propose an access control model based on semantic web technologies that takes into account the above mentioned complex relations. The proposed model enables expressing much more fine-grained access control policies on a social network knowledge base than the existing models. We demonstrate the applicability of our approach by implementing a proof-of-concept prototype of the proposed access control framework and evaluating its performance.

Preserving Structural Properties in Edge-Perturbing Anonymization Techniques for Social Networks

Social networks are attracting significant interest from researchers in different domains, especially with the advent of social networking systems which enable large-scale collection of network information. However, as much as analysis of such social networks can benefit researchers, it raises serious privacy concerns for the people involved in them. To address such privacy concerns, several techniques, such as k-anonymity-based approaches, have been proposed in the literature to provide user anonymity in published social networks. However, these methods usually introduce a large amount of distortion to the original social network graphs, thus, raising serious questions about their utility for useful social network analysis. Consequently, these techniques may never be applied in practice. We propose two methods to enhance edge-perturbing anonymization methods based on the concepts of structural roles and edge betweenness in social network theory. We experimentally show significant improvements in preserving structural properties in an anonymized social network achieved by our approach compared to the original algorithms over several data sets.

A secure, constraint-aware role-based access control interoperation framework

With the growing needs for and the benefits of sharing resources and information among different organizations, an interoperation framework that automatically integrates policies to facilitate such cross-domain sharing in a secure way is becoming increasingly important. To avoid security breaches, such policies must enforce the policy constraints of the individual domains. Such constraints may include temporal constraints that limit the times when the users can access the resources, and separation of duty (SoD) constraints. Existing interoperation solutions do not address such cross-domain temporal access control and SoDs requirements. In this paper, we propose a role-based framework to facilitate secure interoperation among multiple domains by ensuring the enforcement of temporal and SoD constraints of individual domains. To support interoperation, we do not modify the internal policies, as most of the current approaches do. We present experimental results to demonstrate our proposed framework is effective and easily realizable.

Privacy settings in social networking systems: what you cannot control

In this paper, we propose a framework to formally analyze what privacy-sensitive information is protected by the stated policies of a Social Networking System (SNS), based on an expression of ideal protection policies for a user. Our ontology-based framework can capture complex and fine-grained privacy-sensitive information in SNSs, and find out missing policies, given a users ideal policies, and SNSs privacy settings and described system policies. We propose notions of policy completeness for SNSs to facilitate such an analysis. Our case study of using this approach on Facebook shows that we can effectively identify important missing policies.

Context-Aware provisional access control

High heterogeneity and dynamicity of pervasive computing environments introduces requirement of more flexible and functional access control policies. The notion of provisional actions has been defined previously to overcome the insufficient grant/denial response to an access request and has been incorporated in the provision-based access control model (PBAC). Based on PBAC, we propose a context-aware provision-based access control model, capable of dynamic adaptation of access control policy according to the changing context. In particular, the model facilitates the definition of context-aware policies and enriches the access control by enforcing provisional actions in addition to common permissions.

An Alternative Approach to k-Anonymity for Location-Based Services

Abstract Users of location-based services (LBSs) may have serious privacy concerns when using these technologies since their location can be utilized by adversaries to infer privacy-sensitive information about them. In this work, we analyze the mainstream anonymity solutions proposed for LBSs based on k -anonymity, and point out that these do not follow the safe assumptions as per the original definition of k -anonymity. We propose an alternative anonymity property, LBS (k,T) -anonymity, that ensures anonymity of a users query against an attacker who knows about the issuance of the user query within a time window. We evaluate the vulnerability of the approaches in the literature to this type of attack that we believe is very basic and important, and assess the performance of our proposed algorithm for achieving LBS (k,T) -anonymity in terms of providing optimal solution.

Anonymizing geo-social network datasets

Geo-social networking systems, such as Foursquare and Face-book Places, where users perform interactions based on their self-reported locations are growing fast nowadays. The location-rich social network data collected in such systems could be of research interest for various purposes. However, such datasets are at the risk of user re-identification and consequently privacy violation of the involved users if they are not adequately anonymzied. In this paper, we study the problem of anonymizing a geo-social network dataset, based on adversarial knowledge on location information of its users. We introduce k-anonymity-based properties for guaranteeing anonymity based on location information, provide a realistic model of location data in geo-social networks, and propose corresponding anonymization algorithms. We also evaluate the proposed solutions using a synthetic GSN dataset.