ABSTRACT
We address the problem of providing data subjects with self-selected controls on access to their personal information. Existing approaches for this are not always sufficient in terms of offering the degrees of control and scope for individualization of access policies that are needed for personal data protection (and usage). We introduce a conceptual framework, a syntax, a semantics, and an axiomatization of a generalized form of access control meta-model, which may be specialized in various ways to enable data subjects to specify flexibly what access controls are to apply on their personal data.
- M. Abadi, M. Burrows, B. W. Lampson, and G. D. Plotkin. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst., 15(4):706--734, 1993. Google ScholarDigital Library
- A. H. Anderson. A comparison of two privacy policy languages: EPAL and XACMl. In SWS, pages 53--60, 2006. Google ScholarDigital Library
- ANSI. RBAC, 2004. INCITS 359-2004.Google Scholar
- K. R. Apt and H. Blair. Arithmetic classification of perfect models of stratified programs. Fundamenta Informaticae, XIII:1--17, 1990. Google ScholarDigital Library
- M. Backes, M. Dürmuth, and G. Karjoth. Unification in privacy policy evaluation - translating EPAL into Prolog. In POLICY, pages 185--188, 2004. Google ScholarDigital Library
- S. Barker. The next 700 access control models or a unifying meta-model? In SACMAT, pages 187--196, 2009. Google ScholarDigital Library
- S. Barker, M. Leuschel, and M. Varea. Efficient and flexible access control via jones-optimal logic program specialisation. Higher-Order and Symbolic Computation, 21(1):5--35, 2008. Google ScholarDigital Library
- S. Barker and G. Lowen. Event-oriented web-based e-trading. Electr. Notes Theor. Comput. Sci., 235:35--53, 2009. Google ScholarDigital Library
- S. Barker, M. J. Sergot, and D. Wijesekera. Status-based access control. ACM Trans. Inf. Syst. Secur., 12(1), 2008. Google ScholarDigital Library
- S. Barker and P. Stuckey. Flexible access control policy specification with constraint logic programming. ACM Trans. on Information and System Security, 6(4):501--546, 2003. Google ScholarDigital Library
- D. E. Bell and L. J. LaPadula. Secure computer system: Unified exposition and multics interpretation. MITRE-2997, 1976.Google Scholar
- H. A. Blair, V. W. Marek, and J. S. Schlipf. The expressiveness of locally stratified programs. Ann. Math. Artif. Intell., 15(2):209--229, 1995.Google ScholarCross Ref
- H. Boley, S. Tabet, and G. Wagner. Design rationale of ruleml: A markup language for semantic web rules. In SWWS 2001, pages 381--401, 2001.Google Scholar
- D. F. C. Brewer and M. J. Nash. The Chinese Wall security policy. In IEEE Symposium on Security and Privacy, pages 206--214, 1989.Google ScholarCross Ref
- W. Chen and D. S. Warren. A goal-oriented approach to computing the well-founded semantics. J. Log. Program., 17(2/3&4):279--300, 1993.Google ScholarCross Ref
- The Ciao Prolog System, 2004.Google Scholar
- E. F. Codd. A relational model of data for large shared data banks. Commun. ACM, 13(6):377--387, 1970. Google ScholarDigital Library
- L. F. Cranor. P3P : Making privacy policies more useful. IEEE Security & Privacy, 1(6):50--55, 2003. Google ScholarDigital Library
- S. Fischer-Hubner. IT-Security and Privacy. Springer, 2001.Google ScholarCross Ref
- D. M. Gabbay. Fibring logics. Oxford University Press, 1999.Google Scholar
- K. LeFevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu, and D. J. DeWitt. Limiting disclosure in hippocratic databases. In VLDB, pages 108--119, 2004. Google ScholarDigital Library
- Q. Ni, E. Bertino, J. Lobo, and S. B. Calo. Privacy-aware role-based access control. IEEE Security & Privacy, 7(4):35--43, 2009. Google ScholarDigital Library
- Q. Ni, A. Trombetta, E. Bertino, and J. Lobo. Privacy-aware role based access control. In SACMAT, pages 41--50, 2007. Google ScholarDigital Library
- S. L. Osborn, R. S. Sandhu, and Q. Munawer. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Secur., 3(2):85--106, 2000. Google ScholarDigital Library
- M. D. Schroeder and J. H. Saltzer. The protection of information in computer systems. Procs. IEEE 63, 9:1278--1308, 1975.Google ScholarCross Ref
- W. Simons, K. Mandl, and I. Kohane. The PING personally controlled electronic medical record system: Technical architecture. Journal of the American Medical Informatics Association, 12(1):45--54, 2005.Google Scholar
- A. van Gelder. The alternating fixpoint of logic programs with negation. J. Comput. Syst. Sci., 47(1):185--221, 1993. Google ScholarDigital Library
- D. J. Weitzner, J. Hendler, T. Berners-lee, and D. Connolly. Creating the policy-aware web: Discretionary, rules-based access for the world wide web. In in Elena Ferrari and Bhavani Thuraisingham, editors, Web and Information Security. IOS. Idea Group Inc., 2005.Google Scholar
- A. Westin. Privacy and Freedom. New York: Atheneum, 1967.Google Scholar
Index Terms
- Personalizing access control by generalizing access control
Recommendations
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Concrete- and abstract-based access control
Access control models allow expressing access control rules (also called policies) stating that certain subjects (or users) have or do not have the right (or privilege) to access certain objects in order to execute certain actions under certain ...
Reasoning about Relation Based Access Control
NSS '10: Proceedings of the 2010 Fourth International Conference on Network and System SecurityRelation Based Access Control (RelBAC) is an access control model that places permissions as first class concepts. Under this model, we discuss in this paper how to formalize typical access control policies with Description Logics. Important security ...
Comments