CS297 Proposal

Access Control On a Social Networking Environment

Mallika Perepa (perepamallika@gmail.com)

Advisor: Dr. Chris Pollett

Description:

This project aims to explore access control techniques for dynamically created groups. Such groups can be created by friend networks in social networking sites. Our starting point will be the Yioop open source search engine. We will add to Yioop the ability to create social groups. We will also add a chat facility to Yioop where access to a given chat is controlled by a users group. New access control features can be added for sharing crawls and crawl mixes. Once these features are added we will explore different policies for automatically adding access levels and compare them with the policies of existing social networks.

Schedule:

Week 1: Jan29-Feb 4Discuss the project in detail with the advisor.
Week 2: Feb 5-11Install and understand the working of Yioop
Week 3,4: Feb 12-25Deliverable 1: Study the paper: Ur.B, and McGrath.R. (January 29, 2013). Grouping Friends for Access Control in Online Social Network, based access control model for online social networking websites.
Week 5,6,7: Feb 26-Mar 18Deliverable 2: Conduct experiments on few popular web applications like Facebook, Skype, twitter etc., on how access control is provided to different groups and also users within a group.
Week 8: Mar 29-Apr 11Deliverable 3: Add a manage groups feature to yioop and implement the feature to group the users.
Week 9,10,11: Apr 12-Apr 24Deliverable 4:Add a feature that allows admins to manage groups with permissions.
Week 12,13: Apr 25-29Work on CS297 Report
Week 14,15: Apr 30-May 14Deliverable 5: CS297 Report

Deliverables:

The full project will be done when CS298 is completed. The following will be done by the end of CS297:

1. Study the paper: Ur.B, and McGrath.R. (January 29, 2013). Grouping Friends for Access Control in Online Social Network (www page). URL. This paper addresses the existing security and privacy concerns related to online social networks and explore an alternative to the traditional mechanisms of roles and access control lists.

2. Modify the code to associate a userid with the index and code to implement the feature of grouping different users

3. Conduct experiments on few popular web applications like Facebook, Skype on how access control is provided to different groups and also users within a group.

4.Add a feature that allows admins to manage groups with permissions..

5. Project write-up for 297..

References:

[1] Abdessalem.T, and Dhia.B.I (January 29,2013). Reachability based Access Control Model for Online Social Networks (www page). URL. http://isicil.inria.fr/v2/res/docs/articles/DBSocial2011/DBsocial__paper.pdf

[2] Fox.M, Giordano, Stotler.L, and Thomas.A (January 30, 2013). SELinux and grsecurity: A Case Study Comparing Linux Security Kernel Enhancements (www page). URL. http://www.cs.virginia.edu/~jcg8f/GrsecuritySELinuxCaseStudy.pdf

[3] Information Security: Principles and Practice, 2nd edition, Mark Stamp, Wiley, May 2011.

[4] Information Retrieval: Implementing and Evaluating Search Engines. Stefan, Clarke, Charles, and Cormack, Gordon. The MIT Press. 2010.

[5] Jahid.S, Mittal.P, and Borisov.N (2011). EASiER: Encryption-based Access Control in Social Networks with Efficient Revocation (www page). URL. Retrieved January 30, 2013. http://web.engr.illinois.edu/~sjahid2/pub/easier-asiaccs2011.pdf

[6] John.S (2005). Operating System Reviews- Mac OS X 10.4- Access Control Lists (www page). URL. (January 30, 2013) http://arstechnica.com/reviews/os/macosx-10-4.ars/8

[7] Ur.B, and McGrath.R. (January 30, 2013). Grouping Friends for Access Control in Online Social Network (www page). URL http://www.eecs.harvard.edu/cs199r/fp/BlaseRob.pdf