Secure and Policy-Private Resource Sharing in an Online Social Network

TL;DR

This paper introduces a cryptographic framework enabling users to securely and privately manage access policies for their resources in online social networks without third-party intervention, demonstrated through a Facebook application.

Contribution

It presents a novel cryptographic approach for expressive, privacy-preserving access control in social networks, including efficient revocation and policy privacy features.

Findings

Framework supports highly expressive access policies

Implementation as a Facebook app demonstrates feasibility

Provides efficient access revocation and privacy

Abstract

Providing functionalities that allow online social network users to manage in a secure and private way the publication of their information and/or resources is a relevant and far from trivial topic that has been under scrutiny from various research communities. In this work, we provide a framework that allows users to define highly expressive access policies to their resources in a way that the enforcement does not require the intervention of a (trusted or not) third party. This is made possible by the deployment of a newly defined cryptographic primitives that provides - among other things - efficient access revocation and access policy privacy. Finally, we provide an implementation of our framework as a Facebook application, proving the feasibility of our approach.