Abstract
In this article, we present a comprehensive approach for privacy preserving access control based on the notion of purpose. In our model, purpose information associated with a given data element specifies the intended use of the data element. A key feature of our model is that it allows multiple purposes to be associated with each data element and also supports explicit prohibitions, thus allowing privacy officers to specify that some data should not be used for certain purposes. An important issue addressed in this article is the granularity of data labeling, i.e., the units of data with which purposes can be associated. We address this issue in the context of relational databases and propose four different labeling schemes, each providing a different granularity. We also propose an approach to represent purpose information, which results in low storage overhead, and we exploit query modification techniques to support access control based on purpose information. Another contribution of our work is that we address the problem of how to determine the purpose for which certain data are accessed by a given user. Our proposed solution relies on role-based access control (RBAC) models as well as the notion of conditional role which is based on the notions of role attribute and system attribute.
Similar content being viewed by others
References
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic . In: Proceedings of the 28th International Conference on Very Large Databases (VLDB) (2002)
ANSI: American national standard for information technology—role based access control. ANSI INCITS 359–2004 (2004)
Ashley, P., Powers, C.S., Schunter, M.: Privacy promises, access control, and privacy management. In: Third International Symposium on Electronic Commerce (2002)
Barker S., Stuckey P.J. (2003). Flexible access control policy specification with constraint logic programming. ACM Trans. Inf. Syst. Secu. 6(4):501–546
Bell, D.E., LaPadula, L.J.: Secure computer systems: mathematical foundations and model Technical report, MITRE Corporation (1974)
Bertino E., Jajodia S., Samarati P. (1995). Database security: research and practice. Inf. Syst. 20(7):537–556
Bitton, D., DeWitt, D.J., Turbyfill, C.: Benchmarking database systems: a systematic approach. In: Ninth International Conference on Very Large Data Bases (1983)
Chen, F., Sandhu, R.: Constraints for role-based access control. In: The first ACM Workshop on Role-based access control (1996)
Denning, D., Lunt, T., Schell, R., Shockley, W., Heckman, M.: The seaview security model. In: The IEEE Symposium on Research in Security and Privacy (1988)
Dong, X., Halevy, A., Madhavan, J., Nemes, E.: Reference reconciliation in complex information spaces. In: ACM International Conference on Management of Data (SIGMOD) (2005)
Federal Trade Commision: Children’s online privacy protection act of 1998. Available at www.cdt.org/legislation/105th/privacy/ coppa.html
Federal Trade Commission: Privacy online: fair information practices in the electronic marketplace: a report to congress, May 2000. Available at www.ftc.gov/reports/privacy2000/privacy2000.pdf
Fellegi, I.P., Sunter, A.B.: A theory for record linkage. J. Am. Stat. Assoc. (1969)
Ferraiolo, D.F., Richard Kuhn, D., Chandramouli, R.: Role-Based Access Control. Artech House (2003)
Ferraiolo D.F., Sandhu R.S., Gavrila S., Kuhn D.R., Chandramouli R. (2001). Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Sec. 4(3):224–274
Goh, C., Baldwin, A.: Towards a more complete model of role. In: The 3rd ACM workshop on Role-based access control. (1998)
IBM: The Enterprise Privacy Authorization Language (EPAL). Available at www.zurich.ibm.com/security/enterprise-privacy/epal
Jajodia, S., Sandhu, R.: Toward a multilevel secure relational data model. In: ACM International Conference on Management of Data (SIGMOD) pp. 50–59. ACM Press, New York (1991)
Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practice: Privacy-enabled management of customer data. In: The 2nd Workshop on Privacy Enhancing Technologies (PET 2002) (2002)
Kobsa A. (2002). Personalized hypermedia and international privacy. Communic ACM. 45(5):64–67
Kumar A., Karnik N., Chafle G. (2002). Context sensitivity in role-based access control. ACM SIGOPS Oper. Syst. Rev. 36(3):53–66
LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.: Disclosure in hippocratic databases. In: The 30th International Conference on Very Large Databases (VLDB) (2004)
Oracle Corporation: The Virtual Private Database in Oracle9iR2: An Oracle Technical White Paper, January 2002. Available at www.oracle.com.
Oracle Corporation: The Oracle Database SQL References, December 2003. Availabe at www.oracle.com.
Sandhu R., Chen F. (1998). The multilevel relational data model. ACM Trans. Inf. Syst. Secu. 1(1):93–132
Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: Proceedings of the Fifth ACM Workshop on Role-Based Access Control (RBAC 2000), pp. 47–63 (2000)
Sandhu R.S., Coyne E.J., Feinstein H.L., Youman C.E. (1996). Role-based access control models. IEEE Comput. 29(2):38–47
Sarawagi, S., Bhamidipaty, A.: Interactive deduplication using active learning. In: ACM International conference on Knowledge discovery and data mining (SIGKDD) (2002)
Stonebraker, M., Wong, E.: Access control in a relational data base management system by query modification. In: ACM CSC-ER Proceedings of the 1974 Annual Conference (1974)
World Wide Web Consortium (W3C): A P3P Preference Exchange Language 1.0 (APPEL 1.0). Available at www.w3.org/TR/P3P-preferences
World Wide Web Consortium (W3C): Platform for Privacy Preferences (P3P). Available at www.w3.org/P3P.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Byun, JW., Li, N. Purpose based access control for privacy protection in relational database systems. The VLDB Journal 17, 603–619 (2008). https://doi.org/10.1007/s00778-006-0023-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00778-006-0023-0