Law-Aware Access Control: About Modeling Context and Transforming Legislation

Stieghahn, Michael; Engel, Thomas

doi:10.1007/978-3-642-14888-0_7

Law-Aware Access Control: About Modeling Context and Transforming Legislation

Michael Stieghahn⁴ &
Thomas Engel⁴

Conference paper
First Online: 01 January 2010

800 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 6284))

Abstract

Cross-border access to a variety of data defines the daily business of many global companies, including financial institutions. These companies are obliged by law and need to fulfill security objectives specified by legislation. Therefore, they control access to prevent unauthorized users from using data. Security objectives, for example confidentiality or secrecy, are often defined in the widespread eXtensible Access Control Markup Language that promotes interoperability between different systems.

In this paper, we show the necessity of incorporating the requirements of sets of legislation into access control. To this end, we describe our legislation model, various types of contextual information, and their interrelationship. We introduce a new policy-combining algorithm that respects the different precedence of laws of different controlling authorities. Finally, we demonstrate how laws may be transformed into policies using the eXtensible Access Control Markup Language.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: A Temporal Access Control Mechanism for Database Systems. IEEE Transactions on Knowledge and Data Engineering 8(1), 67–80 (1996)
Article Google Scholar
Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: GEO-RBAC: A Spatially Aware RBAC. ACM Trans. Inf. Syst. Secur. 10(1), 2 (2007)
Article Google Scholar
Dey, A.K., Abowd, G.D.: Towards a Better Understanding of Context and Context-Awareness. In: Computer Human Intraction 2000 Workshop on the What, Who, Where (1999)
Google Scholar
Katayama, T.: Legal Engineering - An Engineering Approach to Laws in e-Society Age. In: Proceedings of the 1st International Workshop on JURISIN (2007)
Google Scholar
Moses, T.: eXtensible Access Control Markup Language TC v2.0 (XACML). In: Organization for the Advancement of Structured Information Standards (OASIS) (February 2005)
Google Scholar
Organization for the Advancement of Structured Information Standards (OASIS). XACML 3.0 Export Compliance-US (EC-US) Profile Version 1.0 (September 2009)
Google Scholar
Schilit, B., Adams, N., Want, R.: Context-Aware Computing Applications. In: IEEE Workshop on Mobile Computing Systems and Applications, Santa Cruz, CA, US (1994)
Google Scholar
Serban, C., Chen, Y., Zhang, W., Minsky, N.: The Concept of Decentralized and Secure Electronic Marketplace. Electronic Commerce Research 8(1-2), 79–101 (2008)
Article Google Scholar
Stieghahn, M., Engel, T.: Law-aware Access Control for International Financial Environments. In: MobiDE 2009: Proceedings of the Eighth ACM International Workshop on Data Engineering for Wireless and Mobile Access, pp. 33–40. ACM, New York (2009)
Chapter Google Scholar
Stieghahn, M., Engel, T.: Using XACML for Law-aware Access Control. In: 3rd. International Workshop on Juris-informatics (JURISIN), pp. 118–129 (2009)
Google Scholar
Strembeck, M., Neumann, G.: An Integrated Approach to Engineer and Enforce Context Constraints in RBAC Environments. ACM Trans. Inf. Syst. Secur. 7(3), 392–427 (2004)
Article Google Scholar
Tanaka, K., Kawazoe, I., Narita, H.: Standard structure of legal provisions - for the legal knowledge processing by natural language (in Japanese). IPSJ Research Report on Natural Language Processing, 79–86 (1993)
Google Scholar
Ungureanu, V., Minsky, N.H.: Establishing Business Rules for Inter-Enterprise Electronic Commerce. In: Herlihy, M.P. (ed.) DISC 2000. LNCS, vol. 1914, pp. 179–193. Springer, Heidelberg (2000)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

University of Luxembourg, 6, rue R. Coudenhove-Kalergi, L-1359, Luxembourg
Michael Stieghahn & Thomas Engel

Authors

Michael Stieghahn
View author publications
You can also search for this author in PubMed Google Scholar
Thomas Engel
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

SRA Inc., Key Technology Laboratory, 2-32-8 Minami-Ikebukuro, Toyoshima-Ku, 171-8513, Tokyo, Japan
Kumiyo Nakakoji
National Institute of Information and Communications Technology, 3-5 Hikaridai, Seika-cho, Soraku-gun, 619-0289, Kyoto, Japan
Yohei Murakami
Department of English, Aoyama Gakuin University, 4-4-25 Shibuya, Shibuya-ku, 150-8366, Tokyo, Japan
Elin McCready

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Stieghahn, M., Engel, T. (2010). Law-Aware Access Control: About Modeling Context and Transforming Legislation. In: Nakakoji, K., Murakami, Y., McCready, E. (eds) New Frontiers in Artificial Intelligence. JSAI-isAI 2009. Lecture Notes in Computer Science(), vol 6284. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14888-0_7

Download citation

DOI: https://doi.org/10.1007/978-3-642-14888-0_7
Published: 19 August 2010
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14887-3
Online ISBN: 978-3-642-14888-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics