Journal "Software Engineering"
a journal on theoretical and applied science and technology
ISSN 2220-3397

Issue N4 2015 year

On the Application of Social Networking Access Control Models to One Class of Multi-User Content Management Systems
V. A. Vasenin, Professor, Head of Department, e-mail: vasenin@msu.ru, A. A. Itkes, Researcher, e-mail: itkes@imec.msu.ru, K. A. Shapchenko, Senior Researcher, e-mail: shapchenko@iisi.msu.ru, Institute of Mechanics, Lomonosov Moscow State University

Many recent multi-user content management systems share similarities with social networking services because of the number of users, user and group dynamics, user involvement in generating and modifying the content. A notable challenge in such systems is often to specify access control rules for different resources in an efficient manner. Traditional access control models, although providing the necessary functions, tend to lead to excessive amount of administrative actions in certain cases related to rearrangement of the user structure including adding users and groups, reassigning users to different groups, and performing other maintenance tasks. Thus, introduction of a more declarative approach to the specification of access control rules may be a viable solution.

Given the noted similarities several state-of-the-art formal access control models for social networks are analyzed for their potential applications in the content management systems under study. A system for managing research information and science metrics is selected as an example of target content management system, namely the system "Nauka—MGU" ("ISTINA") [1]. This target system is used in Lomonosov Moscow State University for user-assisted collection and analysis of data about publications, research projects, and teaching activities. This system actively uses a set of access rules to prevent accidental mistakes during editing of the entered information and also to restrict access to certain analysis data based on attributes of the user and the resource being accessed.

Three families of formal access control models for social networks are analyzed, including models by P. Fong et al. [2—4], by B. Carminati et al. [5—7], and models UURAC, URRAC and UURACA by Y. Cheng, J. Park, and R. Sandhu [8—11]. Two features of access control rules specification which are particularly important for the target system but not present in the analyzed models at the same time were noted: use of the full social graph with user-to-resource and resource-to-resource relations in addition to the more common user-to-user relations; and the use of attributes for entities and relations as the means of introducing parameters in access rules.

In the conclusion of the paper a refined requirements list is provided for the access control model for the target system, including requirements for specifying access control rules using the full social graph of the system, using attributes of objects and relations, accounting for transitive relations, and performing restricted discretionary user-level configuration of the relevant access rules.

Keywords: access control, access rule, access control model, content management system, social network, research information, science metrics
pp. 10–19