Skip to main content
SpringerLink
Log in

Fine Grained Attribute Based Access Control Model for Privacy Protection

  • Conference paper
  • First Online:
Future Data and Security Engineering (FDSE 2016)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10018))

Included in the following conference series:

Abstract

Due to the rapid development of large scale and big data systems, attribute-based access control model has inaugurated a new wave in the research field of access control models. In this paper, we propose a novel and comprehensive framework for enforcing attribute-based security policies stored in JSON documents. We build a lightweight grammar for conditional expressions that are the combination of subject, resource, and environment attributes so that the policies are flexible, dynamic and fine grained. Moreover, with the approach of attribute-based access control, it can be applied to specify access purposes and intended purposes in purpose-based access control models for privacy protection. The experiment is carried out to illustrate the relationship between the processing time for access decision and the complexity of policies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Tran Khanh Dang: https://www.oasis-open.org/committees/xacml/.

    Part of this work has been done on the secondment to Can Tho University of Technology.

  2. 2.

    www.antlr.org.

References

  1. Bertino, E., Ghinita, G., Kamra, A.: Access Control for Databases: Concepts and Systems. Now Publishers, Hanover (2011)

    MATH  Google Scholar 

  2. Hu, V.C., Ferraiolo, D., Kuhn, R., Friedman, A.R., Lang, A.J., Cogdell, M.M., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K.: Guide to Attribute Based Access Control (ABAC) definition and considerations (draft). NIST Spec. Publ. 800, 162 (2013)

    Google Scholar 

  3. Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. Computer 2, 85–88 (2015)

    Article  Google Scholar 

  4. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31540-4_4

    Chapter  Google Scholar 

  5. Sandhu, R.: The future of access control: attributes, automation, and adaptation. In: Sai Sundara Krishnan, G., Anitha Lekshmi, R.S., Senthil Kumar, M., Bonato, A., Graña, M. (eds.) Computational Intelligence, Cyber Security and Computational Models, vol. 246, p. 45. Springer, India (2013)

    Chapter  Google Scholar 

  6. Westin, A.F.: Privacy and Freedom. Atheneum, New York (1967)

    Google Scholar 

  7. Byun, J.-W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies (2005)

    Google Scholar 

  8. Byun, J.W., Li, N.: Purpose based access control for privacy protection in relational database systems. VLDB J. 17(4), 603–619 (2008)

    Article  Google Scholar 

  9. Kabir, M.E., Wang, H.: Conditional purpose based access control model for privacy protection. In: Proceedings of the Twentieth Australasian Conference on Australasian Database, vol. 92, pp. 135–142. Australian Computer Society, Inc. (2009)

    Google Scholar 

  10. Wang, H., Sun, L., Bertino, E.: Building access control policy model for privacy preserving and testing policy conflicting problems. J. Comput. Syst. Sci. 80(8), 1493–1503 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  11. Kabir, M.E., Wang, H., Bertino, E.: A role-involved conditional purpose-based access control model. In: Janssen, M., Lamersdorf, W., Pries-Heje, J., Rosemann, M. (eds.) E-Government, E-Services and Global Processes, vol. 334, pp. 167–180. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  12. Kabir, M.E., Wang, H., Bertino, E.: A conditional purpose-based access control model with dynamic roles. Expert Syst. Appl. 38(3), 1482–1489 (2011)

    Article  Google Scholar 

  13. Ni, Q., Lin, D., Bertino, E., Lobo, J.: Conditional privacy-aware role based access control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 72–89. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74835-9_6

    Chapter  Google Scholar 

  14. Ni, Q., Bertino, E., Lobo, J., Brodie, C., Karat, C.M., Karat, J., Trombeta, A.: Privacy-aware role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(3), 24 (2010)

    Article  Google Scholar 

  15. Colombo, P., Ferrari, E.: Enforcement of purpose based access control within relational database management systems. IEEE Trans. Knowl. Data Eng. 26(11), 2703–2716 (2014)

    Article  Google Scholar 

  16. Colombo, P., Ferrari, E.: Enhancing MongoDB with purpose based access control. IEEE Trans. Dependable Secure Comput. (2015, to appear)

    Google Scholar 

  17. Colombo, P., Ferrari, E.: Efficient enforcement of action-aware purpose-based access control within relational database management systems. IEEE Trans. Knowl. Data Eng. 27(8), 2134–2147 (2015)

    Article  Google Scholar 

  18. Pervaiz, Z., Aref, W.G., Ghafoor, A., Prabhu, N.: Accuracy-constrained privacy-preserving access control mechanism for relational data. IEEE Trans. Knowl. Data Eng. 26(4), 795–807 (2014)

    Article  Google Scholar 

  19. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 224–274 (2001)

    Article  Google Scholar 

  20. Fuchs, L., Pernul, G., Sandhu, R.: Roles in information security–a survey and classification of the research area. Comput. Secur. 30(8), 748–769 (2011)

    Article  Google Scholar 

  21. Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. IEEE Comput. 43(6), 79–81 (2010)

    Article  Google Scholar 

  22. Huang, J., Nicol, D.M., Bobba, R., Huh, J.H.: A framework integrating attribute-based policies into role-based access control. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 187–196. ACM (2012)

    Google Scholar 

  23. Rajpoot, Q.M., Jensen, C.D., Krishnan, R.: Attributes enhanced role-based access control model. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 3–17. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  24. Sweeney, L.: Achieving K-anonymity privacy protection using generalization and suppression. Int. J. Uncertainty Fuzziness Knowl. Based Syst. 10(5), 571–588 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  25. Ni, Q., Bertino, E., Lobo, J.: An obligation model bridging access control policies and privacy policies. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 133–142 (2008)

    Google Scholar 

  26. Rissanen, E.: eXtensible Access Control Markup Language (XACML) version 3.0 (committe specification 01). Technical report, OASIS (2010). http://docs.oasisopen.org/xacml/3.0/xacml-3.0-core-spec-cd-03-en.Pdf

Download references

Author information

Authors and Affiliations

  1. Ho Chi Minh City University of Technology, Ho Chi Minh City, Vietnam

    Que Nguyet Tran Thi, Tran The Si & Tran Khanh Dang

Authors
  1. Que Nguyet Tran Thi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tran The Si
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tran Khanh Dang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Que Nguyet Tran Thi .

Editor information

Editors and Affiliations

  1. University of Technology, Ho Chi Minh City, Vietnam

    Tran Khanh Dang

  2. Johannes Kepler University , Linz, Austria

    Roland Wagner

  3. Johannes Kepler University , Linz, Austria

    Josef Küng

  4. University of Technology, Ho Chi Minh City, Vietnam

    Nam Thoai

  5. Hosei University , Tokyo, Japan

    Makoto Takizawa

  6. University of Vienna , Wien, Austria

    Erich Neuhold

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Thi, Q.N.T., Si, T.T., Dang, T.K. (2016). Fine Grained Attribute Based Access Control Model for Privacy Protection. In: Dang, T., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds) Future Data and Security Engineering. FDSE 2016. Lecture Notes in Computer Science(), vol 10018. Springer, Cham. https://doi.org/10.1007/978-3-319-48057-2_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-48057-2_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-48056-5

  • Online ISBN: 978-3-319-48057-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation