New Attribute Relation-Based Access Control System via Hybrid Logic

Document Type : Research Article


1 Department of Computer Engineering, Qaemshahr Branch, Islamic Azad University, Qaemshahr, Iran.

2 Department of Computer Engineering, Sari Branch, Islamic Azad University, Sari, Iran.


In recent years, Online Social Network (OSN) has been rapidly evolving and attracted many users. In OSN, users share sensitive information; therefore, effective access control models are needed to protect information from unauthorized users. Currently, Relational Based Access Control (ReBAC) is used to protect user’s private information. The authorization policy in ReBAC is based on the relationship type and depth among users; however, it is not sufficient to protect private information such as location, time, and age. In this paper, attributes are added to the social graph to establish an efficient access control in OSN, then a policy model is proposed for the new Attribute Relation Based Access Control model (A-ReBAC), and unambiguous Hybrid Logic (HL) policy language is used to formulate the access control policy model. To evaluate the proposed policy model two path-checking algorithms (depth-first search (DFS) and breadth-first search (BFS)) are applied to real datasets, and the time spent on access requests is calculated in the social graph of these datasets. The results showed DFS takes less time than BFS to do the task defined.


Main Subjects

[1] P. W. L. Fong and I. Siahaan. Relationship-based access control policies and their policy languages. Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT). 51-60, 2011.
[2] C. E. Gates. Access control requirements for Web 2.0 security and privacy. Proceedings of IEEE Web 2.0 Privacy and Security Workshop (W2SP'07). 2007.
[3] B. Carminati and E. Ferrari and A. Perego. Rule-based access control for social networks. On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops: OTM Confederated International Workshops and Posters, AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET, OnToContent, ORM, PerSys, OTM Academy Doctoral Consortium, RDDS, SWWS, and SeBGIS 2006, Montpellier, France, October 29-November 3, 2006. Proceedings, Part II. 1734-1744, 2006. [DOI ]
[4] S. Omanakuttan and M. Chatterjee. Trust Based Access Control for Social Networks (STBAC). International Journal of Innovations in Engineering and Technology (IJIET). Citeseer. 2013.
[5] B. Carminati and E. Ferrari and R. Heatherly and M. Kantarcioglu. Enforcing relationships privacy through collaborative access control in web-based social networks. 2009 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing. 1-9, 2009. [DOI ]
[6] D. T. Tran and D. K. Tran and J. Kung. Interaction and Visualization Design for Privacy Interface on Online Social Network. SN Computer Science. 1(5): Springer Singapore Singapore. 2020. [DOI ]
[7] B. Carminati and E. Ferrari and R. Heatherly and M. Kantarcioglu. Semantic Web-Based Social Network Access Control. Computers and Security. 30(2-3): 108-115, Elsevier. 2011. [DOI ]
[8] L. Zhang and Z. Zhang and T. Zhao. A Novel Spatio-Temporal Access Control Model for Online Social Networks and Visual Verification. International Journal of Cloud Applications and Computing (IJCAC). 11(2): 17--31, IGI Global. 2021. [DOI ]
[9] Y. Cheng and J. Park and R. S. Sandhu. An Access Control Model for Online Social Networks Using User-to-User Relationships. IEEE Transactions on Dependable and Secure Computing. 13(4): 424--436, IEEE. 2016. [DOI ]
[10] Y. Cheng and J. Park and R. S. Sandhu. Relationship-based access control for online social networks: beyond user-to-user relationships. 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Conference on Social Computing. 646-655, 2012. [DOI ]
[11] C. Areces and B. Ten Cate. Studies in Logic and Practical Reasoning. Studies in Logic and Practical Reasoning. 2007. [DOI ]
[12] S. Damen and J. D. Hartog and N. Zannone. CollAC: Collaborative Access Control. International Conference on Collaboration Technologies and Systems (CTS). 2014. [DOI ]
[13] G. Bruns and P. W. Fong and I. Siahaan and M. Huth. Relationship-based access control: Its expression and enforcement through hybrid logic. Proc. Second CODASPY. 117-124, 2012.
[14] K. Shah and D. Patel. Exploring the Access Control Policies of Web-Based Social Network. ICDSMLA 2019: Proceedings of the 1st International Conference on Data Science, Machine Learning and Applications. 1614--1622, 2020. [DOI ]
[15] X. Jin and R. Krishnan and R. Sandhu. A unified attribute-based access control model covering DAC, MAC and RBAC. Data and Applications Security and Privacy XXVI: 26th Annual IFIP WG 11.3 Conference, DBSec 2012, Paris, France, July 11-13, 2012. Proceedings 26. 41-55, 2012. [DOI ]
[16] H. Shen and F. Hong. An attribute-based access control model for web service. 2006 Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT'06). 74--79, 2006. [DOI ]
[17] Y. Cheng and J. Park and R. S. Sandhu. Attribute-aware Relationship-based Access Control for Online Social Networks. Data and Applications Security and Privacy XXVIII: 28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Vienna, Austria, July 14-16, 2014. Proceedings 28. 292-306, 2014. [DOI ]
[18] Z. Zhang and L. Han and C. Li and J. Wang. A Novel Attribute-Based Access Control Model for Multimedia Social Networks. Neural Network World. 543-557, 2016. [DOI ]
[19] J. Pang and Y. Zhang. A new access control scheme for Facebook-style social networks. Computer and Security. 54(): 44-59, Elsevier. 2015. [DOI ]
[20] Hongyu Gao and Jun Hu and Tuo Huang and Jingnan Wang and Yan Chen. Security issues in online social networks. IEEE Internet Computing. 15(4): 56-63, 2011. [DOI ]
[21] J. H. Park and Y. Sung and P. K. Sharma and Y. S. Jeong and G. Yi. Novel assessment method for accessing private data in social network security services. The journal of supercomputing. 73(): 3307-3325, Springer. 2017. [DOI ]
[22] S. Osborn. Mandatory access control and role-based access control revisited. RBAC '97 Proc. of the 2nd ACM Workshop on Role-Based Access Control. 31-40, 1997.
[23] S. Osborn and R. Sandhu and Q. Munawer. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security (TISSEC). 3(2): 85-106, ACM New York, NY, USA. 2000. [DOI ]
[24] R. Sandhu and E. Coyne and H. Feinstein and C. Youman. Role-based access control models. IEEE Computer. 38-47, Elsevier. 1996. [DOI ]
[25] B. Carminati and E. Ferrari and J. Girardi. Performance analysis of Relationship-Based Access Control in OSNs. 2012 IEEE 13th International Conference on Information Reuse \& Integration (IRI). 449-456, 2012.
[26] E. Yuan and J. Tong. Attribute-based access control (ABAC) for web services. Proceedings of the IEEE ICWS. 561-569, 2005. [DOI ]
[27] F. Shan and H. Li and F. Li and Y. Guo and B. Niu. HAC: Hybrid Access Control for Online Social Networks. Security and Communication Networks. Hindawi. 2018. [DOI ]
[28] P. Fong and M. Anwar and Z. Zhao. A Privacy Preservation Model for Facebook-Like Social Network Systems. Proc. 14th European Symposium on Research in Computer Security. 303-20, 2009.
[29] F. Nazerian and H. Motameni and H. Nematzadeh. Secure access control in multidomain environments and formal analysis of model specifications. Turkish Journal of Electrical Engineering and Computer Science. 26(5): 2525-2540, 2018. [DOI ]
[30] F. Nazerian and H. Motameni and H. Nematzadeh. Emergency role-based access control (E-RBAC) and analysis of model specifications with alloy. Journal of Information Security and Applications. 45(): 131-142, 2019. [DOI ]
[31] M. Imran-Daud and D. Sanchez and A. Viejo. Privacy-driven Access Control in Social Networks by Means of Automatic Semantic Annotation. Computer Communication. 12-25, 2016. [DOI ]
[32] R. Ghazal and A. K. Malik and N. Qadeer and B. Raza and A. R. Shahid and H. Alquhayz. Intelligent Role-Based Access Control Model and Framework Using Semantic Business Roles in Multi-Domain Environments. IEEE Access. 12253-12267, 2020. [DOI ]
[33] S. Albladi and G. Weir. Predicting individuals' vulnerability to social engineering in social networks. Cybersecurity. 2020. [DOI ]
[34] S. Chakraborty and R. Sandhu and R. Krishnan. On the Feasibility of Attribute-Based Access Control Policy Mining. 2019 IEEE 20th International Conference on Information Reuse and Integration for Data Science (IRI). 245-252, 2019. [DOI ]
[35] S. Chakraborty and R. Sandhu. Formal Analysis of ReBAC Policy Mining Feasibility. CODASPY '21: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy. 197-207, 2021. [DOI ]