Online Social Networks (OSNs) represent today a big communication channel where users spend a lot of time to share personal data. Unfortunately, the big popularity of OSNs can be compared with their big privacy issues. Indeed, several recent scandals have demonstrated their vulnerability. Decentralized Online Social Networks (DOSNs) have been proposed as an alternative solution to the current centralized OSNs. DOSNs do not have a service provider that acts as central authority and users have more control over their information. Several DOSNs have been proposed during the last years. However, the decentralization of the social services requires efficient distributed solutions for protecting the privacy of users. During the last years the blockchain technology has been applied to Social Networks in order to overcome the privacy issues and to offer a real solution to the privacy issues in a decentralized system. However, in these platforms the blockchain is usually used as a storage, and content is public. In this paper, we propose a manageable and auditable access control framework for DOSNs using blockchain technology for the definition of privacy policies. The resource owner uses the public key of the subject to define auditable access control policies using Access Control List (ACL), while the private key associated with the subject’s Ethereum account is used to decrypt the private data once access permission is validated on the blockchain. We provide an evaluation of our approach by exploiting the Rinkeby Ethereum testnet to deploy the smart contracts. Experimental results clearly show that our proposed ACL-based access control outperforms the Attribute-based access control (ABAC) in terms of gas cost. Indeed, a simple ABAC evaluation function requires 280,000 gas, instead our scheme requires 61,648 gas to evaluate ACL rules.

如今，在线社交网络（OSN）代表着一个重要的沟通渠道，用户在此花费大量时间来共享个人数据。不幸的是，可以将OSN的广泛流行与其隐私大问题进行比较。确实，最近发生的几起丑闻表明了它们的脆弱性。已经提出了分散式在线社交网络（DOSN）作为当前集中式OSN的替代解决方案。DOSN没有充当中央权限的服务提供商，并且用户可以对其信息进行更多控制。在最近几年中已经提出了几种DOSN。但是，社交服务的分散化需要有效的分布式解决方案来保护用户的隐私。在过去的几年中，区块链技术已应用于社交网络，以克服隐私问题并为分散系统中的隐私问题提供真正的解决方案。但是，在这些平台中，区块链通常用作存储，内容是公共的。在本文中，我们提出了一种使用区块链技术来定义隐私策略的DOSN的可管理且可审核的访问控制框架。资源所有者使用主题的公钥通过访问控制列表（ACL）定义可审核的访问控制策略，而与主题的以太坊账户相关联的私有密钥用于在区块链上验证访问权限后用于解密私有数据。我们通过利用Rinkeby以太坊测试网来部署智能合约来评估我们的方法。实验结果清楚地表明，在气体成本方面，我们提出的基于ACL的访问控制优于基于属性的访问控制（ABAC）。确实，一个简单的ABAC评估功能需要280,000瓦斯，而我们的方案需要61,648瓦斯才能评估ACL规则。