research-article

Personalizing access control by generalizing access control

Author:
Steve Barker

King's College London, London, United Kingdom

King's College London, London, United Kingdom
View Profile

SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologiesJune 2010Pages 149–158https://doi.org/10.1145/1809842.1809866

Published:11 June 2010Publication History

SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies

Pages 149–158

ABSTRACT

We address the problem of providing data subjects with self-selected controls on access to their personal information. Existing approaches for this are not always sufficient in terms of offering the degrees of control and scope for individualization of access policies that are needed for personal data protection (and usage). We introduce a conceptual framework, a syntax, a semantics, and an axiomatization of a generalized form of access control meta-model, which may be specialized in various ways to enable data subjects to specify flexibly what access controls are to apply on their personal data.

References

M. Abadi, M. Burrows, B. W. Lampson, and G. D. Plotkin. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst., 15(4):706--734, 1993. Google ScholarDigital Library
A. H. Anderson. A comparison of two privacy policy languages: EPAL and XACMl. In SWS, pages 53--60, 2006. Google ScholarDigital Library
ANSI. RBAC, 2004. INCITS 359-2004.Google Scholar
K. R. Apt and H. Blair. Arithmetic classification of perfect models of stratified programs. Fundamenta Informaticae, XIII:1--17, 1990. Google ScholarDigital Library
M. Backes, M. Dürmuth, and G. Karjoth. Unification in privacy policy evaluation - translating EPAL into Prolog. In POLICY, pages 185--188, 2004. Google ScholarDigital Library
S. Barker. The next 700 access control models or a unifying meta-model? In SACMAT, pages 187--196, 2009. Google ScholarDigital Library
S. Barker, M. Leuschel, and M. Varea. Efficient and flexible access control via jones-optimal logic program specialisation. Higher-Order and Symbolic Computation, 21(1):5--35, 2008. Google ScholarDigital Library
S. Barker and G. Lowen. Event-oriented web-based e-trading. Electr. Notes Theor. Comput. Sci., 235:35--53, 2009. Google ScholarDigital Library
S. Barker, M. J. Sergot, and D. Wijesekera. Status-based access control. ACM Trans. Inf. Syst. Secur., 12(1), 2008. Google ScholarDigital Library
S. Barker and P. Stuckey. Flexible access control policy specification with constraint logic programming. ACM Trans. on Information and System Security, 6(4):501--546, 2003. Google ScholarDigital Library
D. E. Bell and L. J. LaPadula. Secure computer system: Unified exposition and multics interpretation. MITRE-2997, 1976.Google Scholar
H. A. Blair, V. W. Marek, and J. S. Schlipf. The expressiveness of locally stratified programs. Ann. Math. Artif. Intell., 15(2):209--229, 1995.Google ScholarCross Ref
H. Boley, S. Tabet, and G. Wagner. Design rationale of ruleml: A markup language for semantic web rules. In SWWS 2001, pages 381--401, 2001.Google Scholar
D. F. C. Brewer and M. J. Nash. The Chinese Wall security policy. In IEEE Symposium on Security and Privacy, pages 206--214, 1989.Google ScholarCross Ref
W. Chen and D. S. Warren. A goal-oriented approach to computing the well-founded semantics. J. Log. Program., 17(2/3&4):279--300, 1993.Google ScholarCross Ref
The Ciao Prolog System, 2004.Google Scholar
E. F. Codd. A relational model of data for large shared data banks. Commun. ACM, 13(6):377--387, 1970. Google ScholarDigital Library
L. F. Cranor. P3P : Making privacy policies more useful. IEEE Security & Privacy, 1(6):50--55, 2003. Google ScholarDigital Library
S. Fischer-Hubner. IT-Security and Privacy. Springer, 2001.Google ScholarCross Ref
D. M. Gabbay. Fibring logics. Oxford University Press, 1999.Google Scholar
K. LeFevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu, and D. J. DeWitt. Limiting disclosure in hippocratic databases. In VLDB, pages 108--119, 2004. Google ScholarDigital Library
Q. Ni, E. Bertino, J. Lobo, and S. B. Calo. Privacy-aware role-based access control. IEEE Security & Privacy, 7(4):35--43, 2009. Google ScholarDigital Library
Q. Ni, A. Trombetta, E. Bertino, and J. Lobo. Privacy-aware role based access control. In SACMAT, pages 41--50, 2007. Google ScholarDigital Library
S. L. Osborn, R. S. Sandhu, and Q. Munawer. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Secur., 3(2):85--106, 2000. Google ScholarDigital Library
M. D. Schroeder and J. H. Saltzer. The protection of information in computer systems. Procs. IEEE 63, 9:1278--1308, 1975.Google ScholarCross Ref
W. Simons, K. Mandl, and I. Kohane. The PING personally controlled electronic medical record system: Technical architecture. Journal of the American Medical Informatics Association, 12(1):45--54, 2005.Google Scholar
A. van Gelder. The alternating fixpoint of logic programs with negation. J. Comput. Syst. Sci., 47(1):185--221, 1993. Google ScholarDigital Library
D. J. Weitzner, J. Hendler, T. Berners-lee, and D. Connolly. Creating the policy-aware web: Discretionary, rules-based access for the world wide web. In in Elena Ferrari and Bhavani Thuraisingham, editors, Web and Information Security. IOS. Idea Group Inc., 2005.Google Scholar
A. Westin. Privacy and Freedom. New York: Atheneum, 1967.Google Scholar

Index Terms

Personalizing access control by generalizing access control
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security

Recommendations

Configuring role-based access control to enforce mandatory and discretionary access control policies

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Read More
Concrete- and abstract-based access control

Access control models allow expressing access control rules (also called policies) stating that certain subjects (or users) have or do not have the right (or privilege) to access certain objects in order to execute certain actions under certain ...
Read More
Reasoning about Relation Based Access Control
NSS '10: Proceedings of the 2010 Fourth International Conference on Network and System Security

Relation Based Access Control (RelBAC) is an access control model that places permissions as first class concepts. Under this model, we discuss in this paper how to formalize typical access control policies with Description Logics. Important security ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies
June 2010
212 pages
ISBN:9781450300490
DOI:10.1145/1809842
General Chair:
James Joshi
University of Pittsburgh, USA
,
Program Chair:
Barbara Carminati
University of Insubria, Italy
Copyright © 2010 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 11 June 2010
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
access control models
integrity
privacy policies
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate177of597submissions,30%
Upcoming Conference
SACMAT 2024

Sponsor:

sigsac

The 29th ACM Symposium on Access Control Models and Technologies

May 15 - 17, 2024

San Antonio , TX , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 7
  Total Citations
  View Citations
- 591
  Total Downloads
- Downloads (Last 12 months)17
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Personalizing access control by generalizing access control

SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies

ABSTRACT

References

Cited By

Index Terms

Recommendations

Configuring role-based access control to enforce mandatory and discretionary access control policies

Concrete- and abstract-based access control

Reasoning about Relation Based Access Control

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Personalizing access control by generalizing access control

SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies

ABSTRACT

References

Cited By

Index Terms

Recommendations

Configuring role-based access control to enforce mandatory and discretionary access control policies

Concrete- and abstract-based access control

Reasoning about Relation Based Access Control

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media