Privacy-enhancing Access Control Mechanism in Distributed Online Social Network

Dramatic growth in the number of subscribers in Online Social Networks (OSNs), such as Facebook, MySpace, Orkut, etc. shows their increasing popularity among people from different ages and sectors. However, currently, the users need to put complete trust on OSN service providers, to protect their sensitive information because of centralized access control at the providers. Taking advantage of this infrastructure, OSN service providers can expose their subscribers’ personal information for targeted advertisements, or anything that is mentioned in the terms of the privacy agreement, including to change the terms. To give complete access control to the users over their data, there must be an alternative infrastructure, which removes dependence on OSN service providers. In order to address this privacy issue, Sonja Buchegger and Anwitaman Datta proposed 2-tier peer-to-peer architecture for social networks, called PeerSoN. The goal of this master’s thesis is to evaluate the suitability of eXtensible Access Control Markup Language (XACML) for Distributed Online Social Network (DOSN) access control and privacy preservation. To do that, firstly, we determine the requirements for access control in DOSN, and present a structure for users’ profiles. Due to the wide ranges of requirements, we propose to use rule-based access control for the users in OSN, where the rules are based on both static and dynamic constraints. Secondly, in order to investigate whether these policies can be expressed in XACML or not, we implement some common authorization policies using SunXACML, an open source implementation of standard XACML version 2.0. Thirdly, to enhance privacy regarding authentication and enforcement, we offer to use secret key based authentication of SAML, and one of the XACML supported web or application servers, such as JBoss Application server, Fedora server, in conjunction with XACML. Finally, we evaluate our architecture against three types of attackers; namely, users from social links, users form outside of social links, and random persons, and claim that our mechanism is well protected against different threats, such as unauthorized access, impersonation attacks, identity theft, information leakage via friendship links, etc., specifically, when each user’s profile is stored on his