Resumen de A user-managed access control model and mechanisms for web based social networks: enhancing expressive power, co-ownership management, interoperability and authorized data exposures

Lorena González Manzano

• Web Based Social Networks (WBSNs) are well-known applications which are used by thousands of people worldwide. However, privacy issues, and access control in particular, cannot be disregarded. WBSNs consist of users who upload data to be shared with other users and the management of who is able to access to the uploaded data is a subject to study. In this respect, this thesis focuses on four aspects. First, WBSN users have to specify their privacy preferences in a fine-grained way. Second, WBSN data is not usually related to a single user, who uploads it and who is considered the owner, but to multiple users who are referred to as co-owners. Then, access control has to be managed preserving the privacy of both, owners and co-owners, such that all their privacy preferences are satisfied without restrictions. Thirdly, the great quantity of WBSNs forces users upon being enrolled in many of them, though being access control management a cumbersome task. Lastly, users upload data to WBSNs and providers store it and may use it for unnoticed or unauthorized purposes. The widespread development of WBSNs has contributed to the enhancement of these applications. The demanding necessity of providing users with tools to control accesses to their data, has boosted the development of proposals in this regard. Nonetheless, a general lack of fine-grained management is detected. The goal of this thesis is to facilitate fine-grained access control management along the whole usage process within and among different WBSNs in a privacy preserving way. Firstly, an expressive usage control model, together with its administrative model, is proposed to achieve the definition of fine-grained access control preferences. Based on previous models, a mechanism to manage co-ownership corresponds to the second contribution of this thesis. Data is decomposed in parts and each of them is assigned to the owner or to a co-owner who establishes access control preferences. Then, these preferences are jointly evaluated and the privacy of all users is completely preserved. Having the right tools to manage access control in a fine-grained way, the third and last contribution of this thesis is a pair of protocols, one being based on an extension of the other, to attain interoperability, reusability and unauthorized data exposures among different WBSNs. Also taking the proposed usage control model as the underlying base to manage access control, these protocols reduce the burden of managing access control in different applications and thus, they help to increase users' control over their data. As a result, this thesis aims to be a challenging step towards the enhancement of access control management procedures in the social networking field.