oGBAC—A Group Based Access Control Framework for Information Sharing in Online Social Networks

Internet users receive various online social networks (OSNs) services, however, providers of OSNs do not always provide users fine-grained privacy protection mechanisms with sufficient privacy protection for shared resources. In this paper, we propose a formal Group-Based Access Control (oGBAC) framework for preventing privacy disclosure when sharing information within or among groups in OSNs. Our framework extends the group-centric Secure Information Sharing (g-SIS) models by adapting the concept of the group to OSNs. We impose some restrictions to the group and information flow among groups to ensure that operations cannot incur privacy disclosure when sharing information among friends in OSNs. In view of characteristics of OSNs and the requirements of secure information flow, the oGBAC model also incorporates some ideas from the Attribute-Based Access Control (ABAC) to develop information flow based rules using relationship among attributes (such as tags, time and security levels) of objects and subjects in OSNs. Administration related rules and access related rules are designed for each access operation of group based OSNs' information sharing. The security of oGBAC model is analyzed using formal methods. To demonstrate the usability of the oGBAC model, we implement the model with the Comparative Attribute-Based Encryption (CCP-CABE), and analyze the security and efficiency of the implemented system to prove the effectiveness of the implemented system.