Skip to main content
SpringerLink
Log in

Privacy query rewriting algorithm instrumented by a privacy-aware access control model

  • Published:
annals of telecommunications - annales des télécommunications Aims and scope Submit manuscript

Abstract

In this paper, we present an approach to instrument a Simple Protocol And RDF Query Language query rewriting algorithm enforcing privacy preferences. The term instrument is used to mean supplying appropriate constraints. We show how to design a real and effective instrumentation process of a rewriting algorithm using an existing privacy-aware access control model like PrivOrBAC. We take into account various dimensions of privacy preferences through the concepts of consent, accuracy, purpose, and recipient. We implement and evaluate our process of privacy enforcement based on a healthcare scenario.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

Notes

  1. http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/

  2. SOH: SPARQL Over HTTP

References

  1. Apache jena. (2012) http://jena.apache.org/

  2. Abou ElKalam A, El Baida R, Balbiani P, Benferhat S, Cuppens F, Deswarte Y, Miège A, Saurel C, Trouessin G (2003) Organization based access control. In: Proceedings of IEEE 8th international workshop on policies for distributed systems and networks (POLICY 2003), Lake Come, Italy

  3. Ajam N, Cuppens-Boulahia N, Cuppens F (2010) Contextual privacy management in extended role based access control mode. Data Priv Manag Auton Spontaneous Sec 121–135

  4. Barhamgi M, Benslimane D, Medjahed B (2010) A query rewriting approach for web service composition. IEEE Trans Serv Comput 3(3):206–222

    Article  Google Scholar 

  5. Bikakis N, Gioldasis N, Tsinaraki C, Christodoulakis S. (2009) Semantic based access over XML data. Visioning and engineering the knowledge society. A web science perspective. Springer Berlin Heidelberg, pp 259–267

  6. Byun C, Park S (2006) An efficient yet secure xml access control enforcement by safe and correct query modification. In: Proceedings of the 17th international conference on database and expert systems applications. Springer, pp 276–285

  7. Cranor L, Hogben G, Langheinrich M, Marchiori M, Presler-Marshall M, Reagle J, Schunter M (2006) The platform for privacy preference 1.1(p3p 1.1) specification. Tech. Rep. Note 13

  8. Cuppens F, Cuppens-Boulahia N (2007), vol 7, Modelling contextual security policies

  9. Cuppens F, Cuppens-Boulahia N, Ghorbel MB (2007) High level conflict management strategies in advanced access control models. Electron Notes Theor Comput Sci 186:3–26

    Article  Google Scholar 

  10. Damiani E, Fansi M, Gabillon A, Marrara S (2008) A general approach to securely querying xml. Comput Stand Interact 30(6):379–389

    Article  Google Scholar 

  11. Damiani E, De Capitani di Vimercati S, Paraboschi S, Samarati P (2002) A fine-grained access control system for xml documents. ACM Trans Inf Syst Secur (TISSEC) 5(2):169–202

    Article  Google Scholar 

  12. Damiani E, di Vimercati SDC, Paraboschi S, Samarati P (2000) Securing XML documents. In: Advances in database technology EDBT 2000. Springer, pp 121–135

  13. European Commission: Directive 95/46 (1995) The processing of personal data and on the free movement of such data. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML. Accessed at July 2012

  14. European Commission: Directive 97/66 (1997) The processing of personal data and the protection of privacy in the telecommunications sector

  15. European Commission: Directive 02/58 (2002) Privacy and electronic communications. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:201:0037:0047:EN:PDF. Accessed at July 2012

  16. Fan W, Chan CY, Garofalakis M (2004) Secure XML querying with security views. In: Proceedings of the 2004 ACM SIGMOD international conference on management of data. ACM, pp 587–598

  17. Ferraiolo DF, Sandhu R, Gavrila S, Kuhn DR, Chandramouli R (2001) Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur (TISSEC) 4(3)

  18. Hilty M, Basin D, Pretschner A (2005) On obligations. 10th European symposium on research in computer security. 3679:98–117

  19. Huey POracle database security guide : chapter 7, using oracle virtual private database to control data access. http://download.oracle.com/docs/cd/E14072_01/network.112/e10574.pdf. Accessed January2013

  20. LeFevre K, Agrawal R, Ercegovac V, Ramakrishnan R, Xu Y, DeWitt D (2004) Limiting disclosure in hippocratic databases. In: Proceedings of the thirtieth international conference on very large data bases, vol 30. VLDB Endowment, pp 108–119

  21. Luo B, Lee D, Lee W, Liu P (2004) Qfilter: fine-grained run-time XML access control via NFA-based query rewriting. In: Proceedings of the thirteenth ACM international conference on information and knowledge management. ACM, pp 543–552

  22. Masoumzadeh A, Joshi J (2008) Purbac: purpose-aware role-based access control. On the move to meaningful internet systems: OTM. pp 1104–1121

  23. Miklau G, Suciu D (2003) Controlling access to published data using cryptography. In: Proceedings of the 29th international conference on very large data bases, vol 29. VLDB Endowment, pp 898–909

  24. Mohan S, Sengupta A, Wu Y (2005) Access control for XML: a dynamic query rewriting approach. In: Proceedings of the 14th ACM international conference on information and knowledge management. ACM, pp 251–252

  25. Murata M, Tozawa A, Kudo M, Hada S (2006) Xml access control using static analysis. ACM Trans Inf Syst Secur (TISSEC) 9(3):292–324

    Article  Google Scholar 

  26. Ni Q, Trombetta A, Bertino E, Lobo J (2007) Privacy-aware role based access control. In: Proceedings of the 12th ACM symposium on Access control models and technologies. ACM, pp 41–50

  27. OECD (1980) Organisation for economic co-operation and development. Protection of privacy and transborder flows of personal data

  28. Oulmakhzoune S, Cuppens-Boulahia N, Cuppens F, Morucci S (2010) fQuery: SPARQL query rewriting to enforce data confidentiality. In: Proceedings of the 24th IFIP WG11.3 working conference on data and applications security and privacy. Rome, Italy

  29. Oulmakhzoune S, Cuppens-Boulahia N, Cuppens F, Morucci S (2010) Rewriting of sparql/update queries for securing data access. International Conference on Information and Communications Security, pp 4–15

  30. Oulmakhzoune S, Cuppens-Boulahia N, Cuppens F, Morucci S (2011) SPARQL query rewriting instrumented by access control model. In: 1st international symposium on data-driven process discovery and analysis

  31. Oulmakhzoune S, Cuppens-Boulahia N, Cuppens F, Morucci S (2012) Privacy policy preferences enforced by SPARQL query rewriting. In: 7th international workshop on frontiers in availability, reliability and security (FARES 2012)

  32. Samarati P (2001) Protecting respondents identities in microdata release. IEEE Trans Knowl Data Eng 13(6):1010–1027

    Article  Google Scholar 

  33. Stavrakantonakis I, Tsinaraki C, Bikakis N, Gioldasis N, Christodoulakis S (2010) SPARQL2XQuery 2.0: supporting semantic-based queries over XML data. In: Semantic media adaptation and personalization (SMAP), IEEE 5th international workshop on 2010. pp 76–84

  34. De Capitani di Vimercati S, Marrara S, Samarati P (2005) An access control model for querying XML data. In: Proceedings of the 2005 workshop on secure web services. ACM, pp 36–42

  35. Wang Q, Yu T, Li N, Lobo J, Bertino E, Irwin K, Byun J (2007) On the correctness criteria of fine-grained access control in relational databases. In: Proceedings of the 33rd international conference on very large data bases. VLDB Endowment, pp 555–566

  36. Yang N, Barringer H, Zhang N (2007) A purpose-based access control model. In: Information assurance and security, 2007. IEEE Third International Symposium on IAS 2007, pp 143–148

Download references

Acknowledgments

This research work is supported by the French National Research Agency project PAIRSE under grant number ANR-09-SEGI-008.

Author information

Authors and Affiliations

  1. Institut Mines-Telecom/Telecom Bretagne, 2 rue de la châtaigneraie, 35200, Rennes, France

    Said Oulmakhzoune, Nora Cuppens-Boulahia & Frédéric Cuppens

  2. SWID, 5 square du Chêne Germain, 35510, Cesson-Sevigne, France

    Stéphane Morucci

  3. Lyon 1 University, 43, bvd du 11 novembre 1918 69, Cedex 622 Villeurbanne, France

    Mahmoud Barhamgi & Djamal Benslimane

Authors
  1. Said Oulmakhzoune
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nora Cuppens-Boulahia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frédéric Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stéphane Morucci
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mahmoud Barhamgi
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Djamal Benslimane
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Said Oulmakhzoune.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Oulmakhzoune, S., Cuppens-Boulahia, N., Cuppens, F. et al. Privacy query rewriting algorithm instrumented by a privacy-aware access control model. Ann. Telecommun. 69, 3–19 (2014). https://doi.org/10.1007/s12243-013-0365-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-013-0365-8

Keywords

Search

Navigation