COMPUTER SCIENCE
and ENGINEERING

Attribute-based encryption (ABE) based access control and usage control methods have been proposed to control private data access and propagation. However, ABE-based access control will be invalid when the data goes out of the owner’s control domain. Usage control can’t reach the requirement of application in OSNs (Online Social Networks) for its inflexible policy definition neither. In this paper, we present an ABE-based data distribution model for usage control, combining ABE-based access control theory with usage control method, to protect user privacy in data dissemination. The scheme supports user data encrypted storage in OSN server, fine-grained access control based on user attributes, and persistent control even if it goes out of the user control domain without complicated key management. Extensive analysis shows that our scheme is efficient for secure data access and sharing in OSNs.

Attribute-based encryption, Access control, Usage control, Online social networks.