Social networks are graphs that represent relations among people, institutions, and their activities. We introduce a novel social access control (SAC) strategy inspired by multi-level security (MLS) [1] for protecting data on social networks. In MLS, the data objects and subjects are classified in hierarchical levels based on security clearance and access controlled accordingly. Instead of clearance levels, we use trust levels to annotate objects and subjects. The trust level of an object is specified by the creator. The trust level of a subject is obtained from a trust modeling process [2, 3]. Reading a data object is controlled using the relative trust values of subjects and objects. We describe one aspect of the SAC model that supports the confidentiality of read-only data objects. We performed simulation studies using traces from the flickr.com social network to evaluate the performance of some key primitives used in the SAC design.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Messaoud Benantar, Access Control Systems: Security, Identity Management and Trust Models, Springer-Verlag New York, Inc., Secaucus, NJ, 2005
	2	J. Golbeck, "Combining provenance with trust in social networks for semantic web content filtering," in Int'l Provenance and Annotation Workshop, 2006.
	3	Muthucumaru Maheswaran , Hon Cheong Tang , Ahmad Ghunaim, Towards a Gravity-Based Trust Model for Social Networking Systems, Proceedings of the 27th International Conference on Distributed Computing Systems Workshops, p.24, June 22-29, 2007  [doi>10.1109/ICDCSW.2007.82]
	4	R. Levien, "Attack resistant trust metrics," Ph.D. dissertation, Dept. of Computer Science, University of California, Berkeley, 2004 (manuscript).
	5	Adi Shamir, How to share a secret, Communications of the ACM, v.22 n.11, p.612-613, Nov. 1979  [doi>10.1145/359168.359176]
	6	Javed A. Aslam , Meredith Frost, An information-theoretic measure for document similarity, Proceedings of the 26th annual international ACM SIGIR conference on Research and development in informaion retrieval, July 28-August 01, 2003, Toronto, Canada  [doi>10.1145/860435.860545]
	7	Huu Tran , Michael Hitchens , Vijay Varadharajan , Paul Watters, A Trust based Access Control Framework for P2P File-Sharing Systems, Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS'05) - Track 9, p.302.3, January 03-06, 2005  [doi>10.1109/HICSS.2005.58]
	8	W. Adams and N. Davis, "Toward a decentralized trust-based access control system for dynamic collaboration," in Proc. of the 2005 IEEE Workshop on Information Assurance and Security, June 2005.
	9	Nathan Dimmock , András Belokosztolszki , David Eyers , Jean Bacon , Ken Moody, Using trust and risk in role-based access control policies, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA  [doi>10.1145/990036.990062]