User Behaviour-Based Access Control for Social Media with Qualitative Research and Bayesian Modelling

Access control systems protect against unauthorised access to resources, where security policies define what is allowed, and what is not. Traditional models focus on protecting access to files, directories, and processes; however, the rise of social media has brought about a need for a new type of model – one focused on sharing rather than protecting, and based on user behaviour rather than a technical specification. A methodology is proposed to perform what we call user behaviour-based access control, building access control policies through analysis of user behaviour. The process involves a combination of qualitative research practices and probabilistic reasoning to address the problems of uncertainty and diversity associated with the study of human behaviour. Data collection and analysis is achieved through semi-structured interviewing and grounded theory techniques. The results of the analysis are used to build a probabilistic model, in the form of a Bayesian network, which implements access control. Requests containing observations of the attribute values are pushed through the network to produce a probabilistic access control decision. The method has been evaluated on real social media users, and has been shown to be effective in capturing and mechanising user sharing preferences.