Skip to main content
SpringerLink
Log in

Performance-Aware Trust-Based Access Control for Protecting Sensitive Attributes

  • Conference paper
  • First Online:
Recent Advances on Soft Computing and Data Mining (SCDM 2016)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 549))

Included in the following conference series:

  • 1170 Accesses

Abstract

The prevailing trend of the seamless digital collection has prompted privacy concern not only among academia but also among the majority. In enforcing the automation of privacy policies and law, access control has been one of the most devoted subjects. Despite the recent advances in access control frameworks and models, there are still issues that impede the development of effective access control. Among them are the lack of assessment’s granularity in user authorization, and reliance on identity, role or purpose-based access control schemes. In this paper, we address the problem of protecting sensitive attributes from inappropriate access. We propose an access control mechanism that employs two trust metrics name experience and behavior. We also propose a scheme for quantifying those metrics in an enterprise computing environment. Finally, we show that these metrics are useful in improving the assessment granularity in permitting or prohibiting users to gain access to sensitive attributes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Abdul Ghani, N.: Credential purpose-based access control for personal data protection in web-based applications. Ph.D. thesis, Universiti Teknologi Malaysia, Faculty of Computing (2013)

    Google Scholar 

  2. Bernabe, J.B., Perez, G.M., Gomez, A.F.S.: Intercloud trust and security decision support system: an ontology-based approach. J. Grid Comput. 1–32 (2015)

    Google Scholar 

  3. Bertolissi, C., Fernandez, M.: A metamodel of access control for distributed environments: Applications and properties. Inf. Comput. 238, 187–207 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  4. Bruhn, J.G.: Trust and the Health of Organizations. Springer Science & Business Media, New York (2001)

    Book  Google Scholar 

  5. Crampton, J., Sellwood, J.: Path conditions and principal matching: a new approach to access control. In: Proceedings of the 19th ACM Symposium on Access Control Models and Technologies, pp. 187–198. ACM (2014)

    Google Scholar 

  6. Gollmann, D.: From access control to trust management, and back – a petition. In: Wakeman, I., Gudes, E., Jensen, C.D., Crampton, J. (eds.) IFIPTM 2011. IAICT, vol. 358, pp. 1–8. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22200-9_1

    Chapter  Google Scholar 

  7. Heupel, M., Fischer, L., Kesdogan, D., Bourimi, M., Scerri, S., Hermann, F., Gimenez, R.: Context-aware, trust-based access control for the di.me userware. In: 2012 5th International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–6. IEEE (2012)

    Google Scholar 

  8. Hung, P.C.: Towards a privacy access control model for e-healthcare services. In: PST (2005)

    Google Scholar 

  9. Kayes, A., Han, J., Colman, A.: A semantic policy framework for context-aware access control applications. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 753–762 (2013). doi:10.1109/TrustCom.2013.91

  10. Kim, M., Seo, J., Noh, S., Han, S.: Identity management-based social trust model for mediating information sharing and privacy enhancement. Secur. Commun. Netw. 5(8), 887–897 (2012)

    Article  Google Scholar 

  11. Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010)

    Article  Google Scholar 

  12. Li, M., Sun, X., Wang, H., Zhang, Y.: Multi-level delegations with trust management in access control systems. J. Intell. Inf. Syst. 39(3), 611–626 (2012)

    Article  Google Scholar 

  13. Li, M., Wang, H., Ross, D.: Trust-based access control for privacy protection in collaborative environment. In: IEEE International Conference on e-Business Engineering, ICEBE 2009, pp. 425–430. IEEE (2009)

    Google Scholar 

  14. Lin, G., Wang, D., Bie, Y., Lei, M.: Mtbac: a mutual trust based access control model in cloud computing. China Commun. 11(4), 154–162 (2014)

    Article  Google Scholar 

  15. Mirabi, M., Ibrahim, H., Mamat, A., Udzir, N.I.: Integrating access control mechanism with EXEL labeling scheme for XML document updating. In: Fong, S. (ed.) NDT 2011. CCIS, vol. 136, pp. 24–36. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22185-9_3

    Chapter  Google Scholar 

  16. Ruj, S., Stojmenovic, M., Nayak, A.: Privacy preserving access control with authentication for securing data in clouds. In: 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 556–563. IEEE (2012)

    Google Scholar 

  17. Samarati, P.: Protecting respondents identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001)

    Article  Google Scholar 

  18. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: ACM Workshop on Role-Based Access Control, vol. 2000 (2000)

    Google Scholar 

  19. Sarrouh, N.: Formal modeling of trust-based access control in dynamic coalitions. In: Computer Software and Applications Conference Workshops (COMPSACW), 2013 IEEE 37th Annual, pp. 224–229. IEEE (2013)

    Google Scholar 

  20. Toahchoodee, M., Abdunabi, R., Ray, I., Ray, I.: A trust-based access control model for pervasive computing applications. In: Gudes, E., Vaidya, J. (eds.) DBSec 2009. LNCS, vol. 5645, pp. 307–314. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03007-9_22

    Chapter  Google Scholar 

  21. Vidyalakshmi, B., Wong, R.K., Chi, C.H.: Decentralized trust driven access control for mobile content sharing. In: 2013 IEEE International Congress on Big Data (BigData Congress), pp. 239–246. IEEE (2013)

    Google Scholar 

  22. Yang, R., Lin, C., Jiang, Y., Chu, X.: Trust based access control in infrastructure-centric environment. In: 2011 IEEE International Conference on Communications (ICC), pp. 1–5. IEEE (2011)

    Google Scholar 

Download references

Acknowledgments

The authors would like to thank the reviewers for their valuable comments to help improve this article. This work is partly sponsored by the Scholarship Department, Ministry of Education, Malaysia.

Author information

Authors and Affiliations

  1. Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Seri Kembangan, Malaysia

    Mohd Rafiz Salji, Nur Izura Udzir, Mohd Izuan Hafez Ninggal, Nor Fazlida Mohd. Sani & Hamidah Ibrahim

  2. Faculty of Information Management, Universiti Teknologi MARA, Shah Alam, Malaysia

    Mohd Rafiz Salji

Authors
  1. Mohd Rafiz Salji
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nur Izura Udzir
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohd Izuan Hafez Ninggal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nor Fazlida Mohd. Sani
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hamidah Ibrahim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohd Rafiz Salji .

Editor information

Editors and Affiliations

  1. Department of Information System, University of Malaya, Kuala Lumpur, Malaysia

    Tutut Herawan

  2. Universiti Tun Hussein Onn Malaysia, Batu Pahat, Malaysia

    Rozaida Ghazali

  3. Universiti Tun Hussein Onn Malaysia, Batu Pahat, Malaysia

    Nazri Mohd Nawi

  4. Universiti Tun Hussein Onn Malaysia, Batu Pahat, Malaysia

    Mustafa Mat Deris

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Salji, M.R., Udzir, N.I., Ninggal, M.I.H., Sani, N.F.M., Ibrahim, H. (2017). Performance-Aware Trust-Based Access Control for Protecting Sensitive Attributes. In: Herawan, T., Ghazali, R., Nawi, N.M., Deris, M.M. (eds) Recent Advances on Soft Computing and Data Mining. SCDM 2016. Advances in Intelligent Systems and Computing, vol 549. Springer, Cham. https://doi.org/10.1007/978-3-319-51281-5_56

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-51281-5_56

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-51279-2

  • Online ISBN: 978-3-319-51281-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation