skip to main content
10.1145/1063979.1063998acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
Article

Purpose based access control of complex data for privacy protection

Published: 01 June 2005 Publication History

Abstract

As privacy becomes a major concern for both consumers and enterprises, many research efforts have been devoted to the development of privacy protecting technology. We recently proposed a privacy preserving access control model for relational databases,where purpose information associated with a given data element specifies the intended use of the data element. In this paper, we extend our previous work to handle other advanced data managementsystems, such as the ones based on XML and the ones based on the object-relational data model. Another contribution of our paper isthat we address the problem of how to determine the purpose forwhich certain data are accessed by a given user. Our proposedsolution relies on the well-known RBAC model as well as the notionof conditional role which is based on the notions of role attributeand system attribute.

References

[1]
Agrawal, Jerry Kiernan, Ramakrishman Srikant, and Yirong Xu.Hippocratic databases.In The 28th International Conference on Very Large Databases (VLDB), 2002.
[2]
David Bell and Leonard LaPadula.Secure computer systems: mathematical foundations and model.Technical report, MITRE Corporation, 1974
[3]
Jiwon Byun, Elisa Bertino, and Ninghui Li.Purpose-based access control for privacy protection in relational database systems.Technical Report 2004-52, Purdue University, 2004
[4]
Fang Chen and Ravi Sandhu.Constraints for role-based access control. In the first ACM Workshop on Role-based access control, 1996
[5]
Federal Trade Commision.Children's online privacy protection act of 1998. Available at www.cdt.org/legislation/105th/privacy/coppa.html
[6]
Dorothy Denning, Teresa Lunt, Roger Schell, William Shockley, and Mark Heckman.The seaview security model.In The IEEE Symposium on Research in Security and Privacy, 1998
[7]
Cheh Goh and Adrian Baldwin.Towards a more complete model of role.In The 3rd ACM workshop on Role-based access control, 1998
[8]
IBM. The Enterprise Privacy Authorization Language (EPAL).Available at www.zurich.ibm.com/security/enterprise-privacy/epal
[9]
Arun Kumar, Neeran Karnik, and Girish Chafle.Context sensitivity in role-based access control.In ACM SIGOPS Operating Systems Review, July 2002
[10]
Kristen LeFevre, Rakesh Agrawal, Vuk Ercegovac, Raghu Ramakrishnan,Yirong Xu, and David DeWitt.Disclosure in hippocratic databases.In The 30th International Conference on Very Large Databases (VLDB), August 2004.
[11]
United State Department of Health.Health insurance portability and accountability act of 1996.Available at www.hep-c-alert.org/links/hippa.html
[12]
United State Department of Justice.The federal privacy act of 1974.Available at www.usdoj.gov/foia/privstat.htm
[13]
Fausto Rabitti, Elisa Bertino, Won Kim, and Darrell Woelk.A model of authorization for next-generation database systems. In ACM Transactions on Database Systems (TODS), March 1991
[14]
Ravi Sandhu. Role hierarchies and constraints for lattice-based access control.In the European Symposium on Research in Computer Security, 1996
[15]
Ravi Sandhu and Fang Chen.The multilevel relational data model. In ACM Transaction on Information and System Security, 1998
[16]
Ravi Sandhu, David Ferraiolo, and Richard Kuhn.The nist model for role-based access control: Towards a unified standard.In the fifth ACM workshop on Role-based access control, 2000.
[17]
Ravi Sandhu and Sushil Jajodia.Toward a multilevel secure relational data model.In ACM International Conference on Management of Data (SIGMOD), 1991.
[18]
World Wide Web Consortium (W3C). Platform for Privacy Preferences (P3P). Available at www.w3.org/P3P.

Cited By

View all
  • (2024)Predicting ride-hailing passenger demandFuture Generation Computer Systems10.1016/j.future.2024.02.026156:C(168-178)Online publication date: 18-Jul-2024
  • (2024)Smart contract empowered dynamic consent: decentralized storage and access control for healthcare applicationsPeer-to-Peer Networking and Applications10.1007/s12083-024-01827-318:1Online publication date: 10-Dec-2024
  • (2024)Hook-in Privacy Techniques for gRPC-Based Microservice CommunicationWeb Engineering10.1007/978-3-031-62362-2_15(215-229)Online publication date: 16-Jun-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologies
June 2005
186 pages
ISBN:1595930450
DOI:10.1145/1063979
  • General Chair:
  • Elena Ferrari,
  • Program Chair:
  • Gail-Joon Ahn
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 June 2005

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. access control
  2. management
  3. privacy
  4. private data
  5. purpose
  6. role attributes

Qualifiers

  • Article

Conference

SACMAT05
Sponsor:

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)69
  • Downloads (Last 6 weeks)9
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Predicting ride-hailing passenger demandFuture Generation Computer Systems10.1016/j.future.2024.02.026156:C(168-178)Online publication date: 18-Jul-2024
  • (2024)Smart contract empowered dynamic consent: decentralized storage and access control for healthcare applicationsPeer-to-Peer Networking and Applications10.1007/s12083-024-01827-318:1Online publication date: 10-Dec-2024
  • (2024)Hook-in Privacy Techniques for gRPC-Based Microservice CommunicationWeb Engineering10.1007/978-3-031-62362-2_15(215-229)Online publication date: 16-Jun-2024
  • (2024)Assuring GDPR Conformance Through Language-Based CompliancePrivacy and Identity Management. Sharing in a Digital World10.1007/978-3-031-57978-3_4(46-63)Online publication date: 23-Apr-2024
  • (2024)Integrating Data Privacy Compliance in Active Object LanguagesActive Object Languages: Current Research Trends10.1007/978-3-031-51060-1_10(263-288)Online publication date: 29-Jan-2024
  • (2023)A Comprehensive Consent Management System for Electronic Health Records in the Healthcare EcosystemInformation Security and Privacy in Smart Devices10.4018/978-1-6684-5991-1.ch007(194-233)Online publication date: 31-Mar-2023
  • (2023)Storage Standards and Solutions, Data Storage, Sharing, and Structuring in Digital Health: A Brazilian Case StudyInformation10.3390/info1501002015:1(20)Online publication date: 29-Dec-2023
  • (2023)Consent Verification MonitoringACM Transactions on Software Engineering and Methodology10.1145/349075432:1(1-33)Online publication date: 22-Feb-2023
  • (2023)Secured Data Movement Using Data Ring Fencing2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)10.1109/TPS-ISA58951.2023.00052(370-379)Online publication date: 1-Nov-2023
  • (2022)Enabling personal consent in databasesProceedings of the VLDB Endowment10.14778/3489496.348951615:2(375-387)Online publication date: 4-Feb-2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media