<p>In multi-user cooperative systems such as social networks, personal data is often jointly created and shared among multiple users. The sensitivity of such data depends on the preferences and relationships of all parties involved, making access control decisions inherently complex and dynamic. This complexity is further exacerbated because such data often forms compound objects, such as photos with multiple tagged users or comments, where access to one object can affect access to related objects. Traditional access control models lack the expressiveness needed to capture joint ownership, evolving social relationships, and time-dependent constraints, which can lead to privacy violations and unintended disclosures. In this work, we propose a fine-grained access control model for multi-user cooperative systems and apply it to social networks. Our model extends attribute-based access control with provenance information to enforce additional constraints and explicitly models compound objects to reflect the interrelated nature of social data. A key contribution is the introduction of temporal constraints in access decision-making, enabling dynamic authorizations based on time-sensitive conditions. We implemented a prototype of the proposed model and conducted an experimental evaluation to assess its feasibility. Our results show that incorporating temporal constraints has minimal impact on performance, demonstrating the practicality of our approach in existing social network environments.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Fine-grained access control for multi-user data in cooperative systems: managing compound objects and temporal constraints

  • Clara Bertolissi,
  • Alba Martinez Anton,
  • Nicola Zannone

摘要

In multi-user cooperative systems such as social networks, personal data is often jointly created and shared among multiple users. The sensitivity of such data depends on the preferences and relationships of all parties involved, making access control decisions inherently complex and dynamic. This complexity is further exacerbated because such data often forms compound objects, such as photos with multiple tagged users or comments, where access to one object can affect access to related objects. Traditional access control models lack the expressiveness needed to capture joint ownership, evolving social relationships, and time-dependent constraints, which can lead to privacy violations and unintended disclosures. In this work, we propose a fine-grained access control model for multi-user cooperative systems and apply it to social networks. Our model extends attribute-based access control with provenance information to enforce additional constraints and explicitly models compound objects to reflect the interrelated nature of social data. A key contribution is the introduction of temporal constraints in access decision-making, enabling dynamic authorizations based on time-sensitive conditions. We implemented a prototype of the proposed model and conducted an experimental evaluation to assess its feasibility. Our results show that incorporating temporal constraints has minimal impact on performance, demonstrating the practicality of our approach in existing social network environments.