Abstract
Cross-border access to a variety of data defines the daily business of many global companies, including financial institutions. These companies are obliged by law and need to fulfill security objectives specified by legislation. Therefore, they control access to prevent unauthorized users from using data. Security objectives, for example confidentiality or secrecy, are often defined in the widespread eXtensible Access Control Markup Language that promotes interoperability between different systems.
In this paper, we show the necessity of incorporating the requirements of sets of legislation into access control. To this end, we describe our legislation model, various types of contextual information, and their interrelationship. We introduce a new policy-combining algorithm that respects the different precedence of laws of different controlling authorities. Finally, we demonstrate how laws may be transformed into policies using the eXtensible Access Control Markup Language.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: A Temporal Access Control Mechanism for Database Systems. IEEE Transactions on Knowledge and Data Engineering 8(1), 67–80 (1996)
Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: GEO-RBAC: A Spatially Aware RBAC. ACM Trans. Inf. Syst. Secur. 10(1), 2 (2007)
Dey, A.K., Abowd, G.D.: Towards a Better Understanding of Context and Context-Awareness. In: Computer Human Intraction 2000 Workshop on the What, Who, Where (1999)
Katayama, T.: Legal Engineering - An Engineering Approach to Laws in e-Society Age. In: Proceedings of the 1st International Workshop on JURISIN (2007)
Moses, T.: eXtensible Access Control Markup Language TC v2.0 (XACML). In: Organization for the Advancement of Structured Information Standards (OASIS) (February 2005)
Organization for the Advancement of Structured Information Standards (OASIS). XACML 3.0 Export Compliance-US (EC-US) Profile Version 1.0 (September 2009)
Schilit, B., Adams, N., Want, R.: Context-Aware Computing Applications. In: IEEE Workshop on Mobile Computing Systems and Applications, Santa Cruz, CA, US (1994)
Serban, C., Chen, Y., Zhang, W., Minsky, N.: The Concept of Decentralized and Secure Electronic Marketplace. Electronic Commerce Research 8(1-2), 79–101 (2008)
Stieghahn, M., Engel, T.: Law-aware Access Control for International Financial Environments. In: MobiDE 2009: Proceedings of the Eighth ACM International Workshop on Data Engineering for Wireless and Mobile Access, pp. 33–40. ACM, New York (2009)
Stieghahn, M., Engel, T.: Using XACML for Law-aware Access Control. In: 3rd. International Workshop on Juris-informatics (JURISIN), pp. 118–129 (2009)
Strembeck, M., Neumann, G.: An Integrated Approach to Engineer and Enforce Context Constraints in RBAC Environments. ACM Trans. Inf. Syst. Secur. 7(3), 392–427 (2004)
Tanaka, K., Kawazoe, I., Narita, H.: Standard structure of legal provisions - for the legal knowledge processing by natural language (in Japanese). IPSJ Research Report on Natural Language Processing, 79–86 (1993)
Ungureanu, V., Minsky, N.H.: Establishing Business Rules for Inter-Enterprise Electronic Commerce. In: Herlihy, M.P. (ed.) DISC 2000. LNCS, vol. 1914, pp. 179–193. Springer, Heidelberg (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Stieghahn, M., Engel, T. (2010). Law-Aware Access Control: About Modeling Context and Transforming Legislation. In: Nakakoji, K., Murakami, Y., McCready, E. (eds) New Frontiers in Artificial Intelligence. JSAI-isAI 2009. Lecture Notes in Computer Science(), vol 6284. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14888-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-14888-0_7
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14887-3
Online ISBN: 978-3-642-14888-0
eBook Packages: Computer ScienceComputer Science (R0)