Abstract: In one embodiment, a method includes receiving a request for an object; retrieving one or more rules to evaluate whether to allow or deny access to the object, wherein a first rule is of an allow-type or a deny-type; evaluating the first rule by executing one or more of its operations, wherein when any of the executed operations of the first rule returns a result that is not definitive, if the first rule is of the allow-type, assigning a final result as an indication to skip evaluation of the rule, and if the rule is of the deny-type, assigning the final result to the first rule as an indication to deny access to the object; determining final results for the one or more rules; and based on the final results, allowing or denying access to the object.

Abstract: In one embodiment, a method includes storing code defining access control rules for an object, the code defining each of the access control rules as a set of operations that each returns (1) when resolved, a predetermined result, and (2) when not resolved, a not definitive result indicating that it should be skipped if it is not necessary for determining the access control rule; compiling the code; compiling and loading the code; receiving a query for the object; executing the code to evaluate the corresponding operations; determining, for each access control rule, a rule-result comprising a value representing a true or a false value; determining a final result based on the one or more rule-results of the one or more access control rules, the final result indicating an allow-result or a deny-result; and sending the object when the final result evaluates to an allow-result.

Abstract: In one embodiment, a method includes receiving a request for an object; retrieving one or more rules to evaluate whether to allow or deny access to the object, wherein a first rule is of an allow-type or a deny-type; evaluating the first rule by executing one or more of its operations, wherein when any of the executed operations of the first rule returns a result that is not definitive, if the first rule is of the allow-type, assigning a final result as an indication to skip evaluation of the rule, and if the rule is of the deny-type, assigning the final result to the first rule as an indication to deny access to the object; determining final results for the one or more rules; and based on the final results, allowing or denying access to the object.

Abstract: Systems and methods for protecting the privacy of users by controlling access to the users' data. In particular, some embodiments provide for a higher-level declarative language for expressing privacy policies which can be verified using a computer-aided verification tool. The verification tool uses the expressed privacy policies along with language-level assumptions and assertions in the verification process. For example, high-level models of the privacy policies can be reduced to a simpler verification representation (e.g., a Boolean representation) based on a set of assertions. This verification representation can then be submitted to a constraint solver (e.g., Satisfiability Modulo Theories solver) for verification.

Abstract: In one embodiment, a storage and privacy system stores and manages information associated with users and ensures and enforces access-control rules specified for the stored information.

Abstract: To authenticate nodes, a connection between a first node and a second node may be identified. A first set of nodes having connections with the first node and assigned to a first plurality of clusters may be identified. A second set of nodes having connections with the second node and assigned to a second plurality of clusters may be identified. A first distribution of clusters may be generated based on the first set of nodes. A second distribution of clusters may be generated based on the second set of nodes. The first distribution and the second distribution may be analyzed. An authenticity metric for at least one of the first node and the second node may be generated based on the analyzing the first distribution and the second distribution.

Abstract: In one embodiment, a method includes storing code defining access control rules for an object, the code defining each of the access control rules as a set of operations that each returns (1) when resolved, a predetermined result, and (2) when not resolved, a not definitive result indicating that it should be skipped if it is not necessary for determining the access control rule; compiling the code; compiling and loading the code; receiving a query for the object; executing the code to evaluate the corresponding operations; determining, for each access control rule, a rule-result comprising a value representing a true or a false value; determining a final result based on the one or more rule-results of the one or more access control rules, the final result indicating an allow-result or a deny-result; and sending the object when the final result evaluates to an allow-result.

Abstract: Unique identifiers (IDs) associated with a plurality of nodes may be provided. Nodes clustered within a community may be assigned numerically proximate unique IDs. A number of partitions associated with a plurality of machines may be determined. The unique IDs may be segmented into divisions based on the number of partitions. The unique IDs may be mapped to the plurality of machines based on the divisions.

Abstract: In one embodiment, a storage and privacy system stores and manages information associated with users and ensures and enforces access-control rules specified for the stored information.

Abstract: In one embodiment, a storage and privacy system stores and manages information associated with users and ensures and enforces access-control rules specified for the stored information.

Abstract: Images uploaded by users of a social networking system are analyzed to determine signatures of cameras used to capture the images. A camera signature comprises features extracted from images that characterize the camera used for capturing the image, for example, faulty pixel positions in the camera and metadata available in files storing the images. Associations between users and cameras are inferred based on actions relating users with the cameras, for example, users uploading images, users being tagged in images captured with a camera, and the like. Associations between users of the social networking system related via cameras are inferred. These associations are used beneficially for the social networking system, for example, for recommending potential connections to a user, recommending events and groups to users, identifying multiple user accounts created by the same user, detecting fraudulent accounts, and determining affinity between users.

Abstract: In one embodiment, a storage and privacy system stores and manages information associated with users and ensures and enforces access-control rules specified for the stored information.

Abstract: Systems and methods for protecting the privacy of users by controlling access to the users' data. In particular, some embodiments provide for a higher-level declarative language for expressing privacy policies which can be verified using a computer-aided verification tool. The verification tool uses the expressed privacy policies along with language-level assumptions and assertions in the verification process. For example, high-level models of the privacy policies can be reduced to a simpler verification representation (e.g., a Boolean representation) based on a set of assertions. This verification representation can then be submitted to a constraint solver (e.g., Satisfiability Modulo Theories solver) for verification.

Abstract: To authenticate nodes, a connection between a first node and a second node may be identified. A first set of nodes having connections with the first node and assigned to a first plurality of clusters may be identified. A second set of nodes having connections with the second node and assigned to a second plurality of clusters may be identified. A first distribution of clusters may be generated based on the first set of nodes. A second distribution of clusters may be generated based on the second set of nodes. The first distribution and the second distribution may be analyzed. An authenticity metric for at least one of the first node and the second node may be generated based on the analyzing the first distribution and the second distribution.

Abstract: To authenticate nodes, a connection between a first node and a second node may be identified. A first set of nodes having connections with the first node and assigned to a first plurality of clusters may be identified. A second set of nodes having connections with the second node and assigned to a second plurality of clusters may be identified. A first distribution of clusters may be generated based on the first set of nodes. A second distribution of clusters may be generated based on the second set of nodes. The first distribution and the second distribution may be analyzed. An authenticity metric for at least one of the first node and the second node may be generated based on the analyzing the first distribution and the second distribution.

Abstract: Images uploaded by users of a social networking system are analyzed to determine signatures of cameras used to capture the images. A camera signature comprises features extracted from images that characterize the camera used for capturing the image, for example, faulty pixel positions in the camera and metadata available in files storing the images. Associations between users and cameras are inferred based on actions relating users with the cameras, for example, users uploading images, users being tagged in images captured with a camera, and the like. Associations between users of the social networking system related via cameras are inferred. These associations are used beneficially for the social networking system, for example, for recommending potential connections to a user, recommending events and groups to users, identifying multiple user accounts created by the same user, detecting fraudulent accounts, and determining affinity between users.

Abstract: Systems and methods for protecting the privacy of users by controlling access to the users' data. In particular, some embodiments provide for a higher-level declarative language for expressing privacy policies which can be verified using a computer-aided verification tool. The verification tool uses the expressed privacy policies along with language-level assumptions and assertions in the verification process. For example, high-level models of the privacy policies can be reduced to a simpler verification representation (e.g., a Boolean representation) based on a set of assertions. This verification representation can then be submitted to a constraint solver (e.g., Satisfiability Modulo Theories solver) for verification.

Abstract: Unique identifiers (IDs) associated with a plurality of nodes may be provided. Nodes clustered within a community may be assigned numerically proximate unique IDs. A number of partitions associated with a plurality of machines may be determined. The unique IDs may be segmented into divisions based on the number of partitions. The unique IDs may be mapped to the plurality of machines based on the divisions.

Abstract: To authenticate nodes, a connection between a first node and a second node may be identified. A first set of nodes having connections with the first node and assigned to a first plurality of clusters may be identified. A second set of nodes having connections with the second node and assigned to a second plurality of clusters may be identified. A first distribution of clusters may be generated based on the first set of nodes. A second distribution of clusters may be generated based on the second set of nodes. The first distribution and the second distribution may be analyzed. An authenticity metric for at least one of the first node and the second node may be generated based on the analyzing the first distribution and the second distribution.

Abstract: Images uploaded by users of a social networking system are analyzed to determine signatures of cameras used to capture the images. A camera signature comprises features extracted from images that characterize the camera used for capturing the image, for example, faulty pixel positions in the camera and metadata available in files storing the images. Associations between users and cameras are inferred based on actions relating users with the cameras, for example, users uploading images, users being tagged in images captured with a camera, and the like. Associations between users of the social networking system related via cameras are inferred. These associations are used beneficially for the social networking system, for example, for recommending potential connections to a user, recommending events and groups to users, identifying multiple user accounts created by the same user, detecting fraudulent accounts, and determining affinity between users.