Recent years have seen unprecedented growth in the popularity of social network systems, with Facebook
being an archetypical example. The access control paradigm behind the privacy preservation mechanism
of Facebook is distinctly different from such existing access control paradigms as Discretionary
Access Control, Role-Based Access Control, Capability Systems, and Trust Management Systems. This
work takes a first step in deepening the understanding of this access control paradigm, by proposing an
access control model that formalizes and generalizes the privacy preservation mechanism of Facebook.
The model can be instantiated into a family of Facebook-style social network systems, each with a recognizably
different access control mechanism, so that Facebook is but one instantiation of the model. We
also demonstrate that the model can be instantiated to express policies that are not currently supported
by Facebook but possess rich and natural social significance. This work thus delineates the design space
of privacy preservation mechanisms for Facebook-style social network systems, and lays out a formal
framework for policy analysis in these systems.