Modeling Access Control Policy of a Social Network

Social networks bring together users in a virtual platform and offer them the ability to share -within the Communitypersonal and professional information’s, photos, etc. which are sometimes sensitive. Although, the majority of these networks provide access control mechanisms to their users (to manage who accesses to which information), privacy settings are limited and do not respond to all users' needs. Hence, the published information remain all vulnerable to illegal access. In this paper, the access control policy of the social network "Facebook" is analyzed in a profound way by starting with its modeling with "Organization Role Based Access Control" model, and moving to the simulation of the policy with an appropriate simulator to test the coherence aspect, and ending with a discussion of analysis results which shows the gap between access control management options offered by Facebook and the real requirements of users in the same context. Extracted conclusions prove the need of developing a new access control model that meets most of these requirements, which will be the subject of a forthcoming work. Keywords—social network; Facebook; access control; OrBAC; study of coherence


INTRODUCTION
Facebook [1] is an online social network, free and very popular (1.65 billion users in 2016) allowing anyone to register, invite friends, exchange messages; share photos and videos, etc.After registration, the user owns an account that consists of a profile (personal information, professional information, photos, etc.) and a wall, which is powered by publications of friends, pages, groups and advertisers [2]- [4].These publications can be a text, a photo or a video.
Facebook was invented by "Marc Zuckerburg" in 2004 in order to share information between Harvard University students and was put to use of the public on September 2006 [5].Since then, it continues to expand to attract the largest number of users and offers them the means to manage access to their informations from the "Privacy Settings" interface.Yet, it is often the subject of debate [3], [4], [6]- [8], because of privacy issues that remains .That lead us to closely analyze this problematic using an access control model allowing the extracting of incoherence problems that exist in Facebook Access control policy to subsequently propose the most appropriate access management solution to resources .
Conventional access control models: Discretionary Access Control (DAC), Mandatory Access Control (MAC) [9], [10].Role Based Access Control (RBAC) [9]- [11], and others are not suitable to the needs and requirements of social networks since they are often limited to the definition of positive permissions and cannot be used as part of a system that are no more interested in the permissions' definition than to prohibition's especially if it is contextual privileges (access rules based on conditions) [2].Therefore, it is interesting to use the model: Organization Role Based Access Control (OrBAC) [9] ; This is an access control model focused on the organization and based on first-order logic.It meets all the previously mentioned requirements and adapts perfectly to the context of Facebook.Thanks to OrBAC, friends can be structured by role (friends, friends of friends, family, etc.), actions can be classified by activities (display, publish, etc.)And account owner's data can also be arranged by views (personal information, photos, etc.) [2].
Before suggesting the OrBAC's extension adapted to Facebook, it is essential to assimilate the use of Facebook and master its access control policy to clearly define the problem.In the same logic, this work is focused on the modeling and simulation of the entire policy as it is with the OrBAC model and MotOrBAC [12], software to edit all of the incoherencies detected in the policy, in addition, what the policy offers to the user as access control management features and the user's needs are compared in order to provide a more appropriate access control model using OrBAC and defining contextual rules to manage the policy of a finer way; This will be the subject of my forthcoming work.

II. A REVIEW OF RELATED WORKS
Few studies have focused on the problem of access control in the context of Facebook.Madejski, Johson and Belovin [13] and Brown, Hewe, Ihbe, Prakash and Borders [14]; used survey to study the main cause of access rights' violations.The results show that access control issues are due to the inability of proper management of privacy settings by the user.Therefore the proposed solution is recommending defensive strategies centered on the user.Masoumzadeh and Joshi [15], made the investigation based on the human aspect, they specifies that the conflicts of the access control policy are related to users owners of a same information, one of them wants to hide it and the other wants to publicize it.The solution was to suggest countermeasures implementation-wise and behavior-wise of the user.However, Yamada, Kim and Perrig [16], and Cheek and Shehab [17], specified that it is the implementation that must be developed to solve access control's problem.Toufik,Cousin,and Cuppens [2], proposed an OrBAC extension to control access into the Facebook context.

III. PRELIMINARIES: PRESENTATION OF ORBAC
OrBAC [9], is an access control model based on the organization, using the first-order logic to define relations www.ijacsa.thesai.org between entities and access control policy.That policy is defined on two levels; the abstract one (role, activity, view) and the concrete one (subject, action, object).
A group of active entities is called "organization", each one playing a role within that organization.Therefore, each organization empowers subjects in roles.For example, the organization "faculty" may empower "Mary" in the role of "student".The concept of "role" enables dynamic management of security policy as long as the addition or deletion of a subject does not require a complete change of policy because it's only one relation that will be deleted (relation between this subject and the role).The notation is as following, if org is an organization, s is a subject and r is a role, then Empower (org, s, r) means that org empowers subject s to play the role r.
Every organization has objects representing passive entities.In order to structure the 'objects' entities satisfying a common property, and facilitate the management as mentioned previously, the entity "view" is used.Taking the example of the faculty, the view can for example be "course files", the objects will therefore be "computer courses, English courses, etc".The relation between the two entities is: If org is an organization, o is an object and v is a view, then Use (org, o, v) means that org uses object o in view v.
The entities "actions" define the way in which the subjects access to objects, it can be for example access to reading, writing, etc.The structuring of these entities is called "activities".The same activity can correspond to several actions in different organizations.The relation linking these entities is: If org is an organization, a is an action and a is an activity, then Consider (org, a, a) means that the organization org considers the action a as part of the activity a.
OrBAC also allows activation and deactivation of security rules based on concrete conditions of access called "contexts".Different types of situations exist: default context, temporal contexts, spatial contexts, composed contexts, etc.The used relation is: If org is an organization, s is a subject, a is an action, o is an object and c is a context, then Define (org, s, a, o, c) means that within the organization org, context c is true between subject s, the object o and action a.The context can be for example: Define (Faculty, John, consult, doc1, working_hours) that means that John can see the doc1 only during working hours.
The OrBAC access control policy is defined afterwards based on abstract level entities and presented relations.It consists of permissions, prohibitions, obligations and recommendations linking entities at the abstract level.
Notation is as follows: If org is an organization, r is a role, a is an activity and v is a view, then Permission (org, r, a, v, c) means that organization org allows role r to perform an activity on the view v in the context c.
The transition to the concrete level is done automatically afterwards: if s is a subject, a is an action and o is an object, then Is_permitted(s, a, o) means that the subject s has the permission to perform the action a on the object o.Other privileges Is_prohibited, Is_obligatory, and Is _recommended are defined in the same way.
OrBAC also offers the possibility to simulate and analyze security policies using the MotOrBAC simulator.

IV. MODELING AND SIMULATION OF FACEBOOK ACCESS CONTROL POLICY
This section presents the modeling of the security policy suggested by Facebook using OrBAC and subsequently the simulation of this policy using MotOrBAC simulator as follows:

Algorithm
Input: Facebook entities and access rules.

Method:
1) Modeling of security policy with the OrBAC model:  Inventory of roles (Friends, Family, etc.).
 Inventory of access rights (permissions).
 Adding of abstract entities (roles, activities, views).
 Adding of access rights.
 Simulation: Detection of conflicts.

A. The organization
The "Facebook" organization is defined as a central organization, "Users" as a sub-organization of Facebook, and users (accounts' owners) 1, 2, 3 and 4 as sub-organizations of "Users" (Fig. 1).

B. Subjects and roles
Roles are defined (what's written in black) at the central organization "Facebook" (Fig. 2.), so they can be used by all users (principle of hierarchy).Among the "users" organizations, the organization "U1" is taking as an example, it empowers subjects (what's written in green) in roles that are classified as friends, family, study, etc.The diagram below summarizes all the roles and their hierarchy; associated with www.ijacsa.thesai.orgsubjects.The relation "empower" should be defined for all subjects and roles.Here is an example: Empower (U1, Alexander, public).

C. Activities and actions
Every user in Facebook owns resources (photos, videos, etc.) and is permitted to control the access to these regarding members (friends, etc).Members perform actions like checking his pictures, etc.These actions can be structured in activities, the whole of it is presented in the Table below (TABLE I.):  The activity "create" for example is an abstraction of the action 'open'.
 "Act.delete" and "modify" are sub-activities of "Act.manage" and associated respectively to actions "remove" and "change".
The relations "consider" has to be defined between all the activities and the actions.

D. Activities and Actions
In an account, many components exist (TABLE II.); photos, videos, personal informations, etc.

E. Access control policy
In this section access rights that Facebook (Face) gives to users and also those given by the account's owner to friends, family, etc. are detailed.The privileges are modeled next by OrBAC model.

 Facebook-User policy
Each person is permitted by Facebook to register; but before, he should choose and type his identifiants and some informations like : full name, gender, age, etc.By having an account, the user can exchange messages with friends, publish photos and videos, join groups, create events, etc.
Publications can be managed by the owner, or consulted and criticized by other persons belonging to Facebook.
When some users signal an account, this one cannot more be managed by owner.Facebook delete it automatically.

F. Simulation
The central organization and the sub-organizations are created (Fig. 3).Then, all of the abstract entities in the Facebook organization are defined, beginning by roles (Fig. 4).The concrete entities are specified in the organization U1 and assigned to the abstract ones.The figure (fig.5.) gives an example of this assignment linking the subjects and the roles.Finally the context "signaled account" is defined (Fig. 6.) on which Facebook is based on to delete an account.The next step was to define all of the privileges in the abstract level: permissions, prohibitions and obligations that match to the policy of access control used by Facebook (Fig. 7).MotOrbac allows subsequently the automatic transition to the concrete level (Fig. 9) by the "update" tool.www.ijacsa.thesai.org

 The detection of coherence
What is interesting about OrBAC is that it allows also to test the policy's coherence to count the conflicts in two levels; the abstract and concrete one.
Results show that 13 conflicts are present at the abstract level, which implies 122 at the concrete level.An example of the conflict is shown at the (Fig. 9.) at the abstract level and it's translation to the concrete level (Fig. 10.); the figure (Fig.11.)presents more examples of conflicts.By inadequacy of space, only some conflicts are presented.The modeling and the simulation of the performed policy in the previous section confirm that the OrBAC model is very suitable to Facebook's context on the one hand, on the other hand they allowed to detail privileges given by Facebook to its users to be very detailed, and also those that every owner can give to his contacts, network, public, (Privacy settings) in order to correctly manage access to informations.
The most interesting is conflicts' analysis that allowed us to count coherence problems that exist in the access control policy defined by Facebook and which block the user to manage the entire privacy features.I sum them up in the following: Conflicts between permissions and prohibitions defined by the two users:  Coherence 1 between: Prohibition (U1, everybody, consult, relation U1_U4) Permission (U4, everybody, consult, relation U1_U4) U1 and U4 are in friendship relation.When U1 prohibits to "everybody" to consult this relationship, while U4 allows them the access; that generates a conflict.

 Coherence10 between :
Prohibition (U1, public, consult, photos_account) www.ijacsa.thesai.orgThereby, it is essential to use an access control model more detailed allowing to meet users' requirements.

VI. CONCLUSION
It is indisputable that Facebook continues to expand in all directions.Even though, the management of access control is still very limited compared to the needs of users who often claim problems.This finding is based on modeling and simulation of the security policy adopted by Facebook which have made, these are based on the use of the OrBAC model and MotOrBAC software.To the best of our knowledge, there is the first work that analyses coherence aspect of Facebook security policy.
The conclusion is that several coherences exist in this policy.Also, privacy settings are limited, for example: When user likes the photo of x, it is impossible to prohibit friends of x to see this "like".It is also impossible to make comments from our friends and my family private.Also, user do not necessarily trust the members belonging to the same class (eg.friends) with the same degree.Therefore, they should not have the same privileges; which is impossible on Facebook.Thus, there is no means to manage in a finer way access to resources.
Our next target is to develop a more complete model, suitable to the context of Facebook without incoherencies and that meets most of the requirements expressed by users of this social network.

TABLE I .
THE HIERARCHY OF ACTIVITIES

TABLE II .
THE HIERARCHY OF VIEWS