A Decentralized Security Framework for Web-Based Social Networks

Abstract

The wide diffusion and usage of social networking Web sites in the last years have made publicly available a huge amount of possible sensitive information, which can be used by third-parties with purposes different from the ones of the owners of such information. Currently, this issue has been addressed by enforcing into Web-based Social Networks (WBSNs) very simple protection mechanisms, or by using anonymization techniques, thanks to which it is possible to hide the identity of WBSN members while performing analysis on social network data. However, we believe that further solutions are needed, to allow WBSN members themselves to decide who can access their personal information and resources. To cope with this issue, in this chapter we illustrate a decentralized security framework for WBSNs, which provide both access control and privacy protection mechanisms. In our system, WBSN members can denote who is authorized to access the resources they publish and the relationships they participate in, in terms of the type, depth, and trust level of the relationships existing between members of a WBSN. Cryptographic techniques are then used to provide a controlled sharing of resources while preserving relationship privacy.