TY - GEN
T1 - Towards PII-based multiparty access control for photo sharing in Online Social Networks
AU - Vishwamitra, Nishant
AU - Li, Yifang
AU - Wang, Kevin
AU - Hu, Hongxin
AU - Caine, Kelly
AU - Ahn, Gail-Joon
N1 - Funding Information:
This work was partially supported by grants from National Science Foundation (NSF-IIS-1527421, NSF-IIS-1527268, and NSF-CNS- 1537924).
Publisher Copyright:
© 2017 Association for Computing Machinery.
PY - 2017/6/7
Y1 - 2017/6/7
N2 - The privacy control models of current Online Social Networks (OSNs) are biased towards the content owners' policy settings. Additionally, those privacy policy settings are too coarse-grained to allow users to control access to individual portions of information that is related to them. Especially, in a shared photo in OSNs, there can exist multiple Personally Identifiable Information (PII) items belonging to a user appearing in the photo, which can compromise the privacy of the user if viewed by others. However, current OSNs do not provide users any means to control access to their individual PII items. As a result, there exists a gap between the level of control that current OSNs can provide to their users and the privacy expectations of the users. In this paper, we propose an approach to facilitate collaborative control of individual PII items for photo sharing over OSNs, where we shift our focus from entire photo level control to the control of individual PII items within shared photos. We formulate a PII-based multiparty access control model to fulfill the need for collaborative access control of PII items, along with a policy specification scheme and a policy enforcement mechanism. We also discuss a proof-of-concept prototype of our approach as part of an application in Facebook and provide system evaluation and usability study of our methodology.
AB - The privacy control models of current Online Social Networks (OSNs) are biased towards the content owners' policy settings. Additionally, those privacy policy settings are too coarse-grained to allow users to control access to individual portions of information that is related to them. Especially, in a shared photo in OSNs, there can exist multiple Personally Identifiable Information (PII) items belonging to a user appearing in the photo, which can compromise the privacy of the user if viewed by others. However, current OSNs do not provide users any means to control access to their individual PII items. As a result, there exists a gap between the level of control that current OSNs can provide to their users and the privacy expectations of the users. In this paper, we propose an approach to facilitate collaborative control of individual PII items for photo sharing over OSNs, where we shift our focus from entire photo level control to the control of individual PII items within shared photos. We formulate a PII-based multiparty access control model to fulfill the need for collaborative access control of PII items, along with a policy specification scheme and a policy enforcement mechanism. We also discuss a proof-of-concept prototype of our approach as part of an application in Facebook and provide system evaluation and usability study of our methodology.
KW - Access control
KW - Multiparty
KW - Online social networks
KW - PII
KW - Privacy
UR - http://www.scopus.com/inward/record.url?scp=85025453731&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85025453731&partnerID=8YFLogxK
U2 - 10.1145/3078861.3078875
DO - 10.1145/3078861.3078875
M3 - Conference contribution
AN - SCOPUS:85025453731
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 155
EP - 166
BT - SACMAT 2017 - Proceedings of the 22nd ACM Symposium on Access Control Models and Technologies
PB - Association for Computing Machinery
T2 - 22nd ACM Symposium on Access Control Models and Technologies, SACMAT 2017
Y2 - 21 June 2017 through 23 June 2017
ER -