skip to main content
10.1145/1809842.1809866acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

Personalizing access control by generalizing access control

Published: 11 June 2010 Publication History

Abstract

We address the problem of providing data subjects with self-selected controls on access to their personal information. Existing approaches for this are not always sufficient in terms of offering the degrees of control and scope for individualization of access policies that are needed for personal data protection (and usage). We introduce a conceptual framework, a syntax, a semantics, and an axiomatization of a generalized form of access control meta-model, which may be specialized in various ways to enable data subjects to specify flexibly what access controls are to apply on their personal data.

References

[1]
M. Abadi, M. Burrows, B. W. Lampson, and G. D. Plotkin. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst., 15(4):706--734, 1993.
[2]
A. H. Anderson. A comparison of two privacy policy languages: EPAL and XACMl. In SWS, pages 53--60, 2006.
[3]
ANSI. RBAC, 2004. INCITS 359-2004.
[4]
K. R. Apt and H. Blair. Arithmetic classification of perfect models of stratified programs. Fundamenta Informaticae, XIII:1--17, 1990.
[5]
M. Backes, M. Dürmuth, and G. Karjoth. Unification in privacy policy evaluation - translating EPAL into Prolog. In POLICY, pages 185--188, 2004.
[6]
S. Barker. The next 700 access control models or a unifying meta-model? In SACMAT, pages 187--196, 2009.
[7]
S. Barker, M. Leuschel, and M. Varea. Efficient and flexible access control via jones-optimal logic program specialisation. Higher-Order and Symbolic Computation, 21(1):5--35, 2008.
[8]
S. Barker and G. Lowen. Event-oriented web-based e-trading. Electr. Notes Theor. Comput. Sci., 235:35--53, 2009.
[9]
S. Barker, M. J. Sergot, and D. Wijesekera. Status-based access control. ACM Trans. Inf. Syst. Secur., 12(1), 2008.
[10]
S. Barker and P. Stuckey. Flexible access control policy specification with constraint logic programming. ACM Trans. on Information and System Security, 6(4):501--546, 2003.
[11]
D. E. Bell and L. J. LaPadula. Secure computer system: Unified exposition and multics interpretation. MITRE-2997, 1976.
[12]
H. A. Blair, V. W. Marek, and J. S. Schlipf. The expressiveness of locally stratified programs. Ann. Math. Artif. Intell., 15(2):209--229, 1995.
[13]
H. Boley, S. Tabet, and G. Wagner. Design rationale of ruleml: A markup language for semantic web rules. In SWWS 2001, pages 381--401, 2001.
[14]
D. F. C. Brewer and M. J. Nash. The Chinese Wall security policy. In IEEE Symposium on Security and Privacy, pages 206--214, 1989.
[15]
W. Chen and D. S. Warren. A goal-oriented approach to computing the well-founded semantics. J. Log. Program., 17(2/3&4):279--300, 1993.
[16]
The Ciao Prolog System, 2004.
[17]
E. F. Codd. A relational model of data for large shared data banks. Commun. ACM, 13(6):377--387, 1970.
[18]
L. F. Cranor. P3P : Making privacy policies more useful. IEEE Security & Privacy, 1(6):50--55, 2003.
[19]
S. Fischer-Hubner. IT-Security and Privacy. Springer, 2001.
[20]
D. M. Gabbay. Fibring logics. Oxford University Press, 1999.
[21]
K. LeFevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu, and D. J. DeWitt. Limiting disclosure in hippocratic databases. In VLDB, pages 108--119, 2004.
[22]
Q. Ni, E. Bertino, J. Lobo, and S. B. Calo. Privacy-aware role-based access control. IEEE Security & Privacy, 7(4):35--43, 2009.
[23]
Q. Ni, A. Trombetta, E. Bertino, and J. Lobo. Privacy-aware role based access control. In SACMAT, pages 41--50, 2007.
[24]
S. L. Osborn, R. S. Sandhu, and Q. Munawer. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Secur., 3(2):85--106, 2000.
[25]
M. D. Schroeder and J. H. Saltzer. The protection of information in computer systems. Procs. IEEE 63, 9:1278--1308, 1975.
[26]
W. Simons, K. Mandl, and I. Kohane. The PING personally controlled electronic medical record system: Technical architecture. Journal of the American Medical Informatics Association, 12(1):45--54, 2005.
[27]
A. van Gelder. The alternating fixpoint of logic programs with negation. J. Comput. Syst. Sci., 47(1):185--221, 1993.
[28]
D. J. Weitzner, J. Hendler, T. Berners-lee, and D. Connolly. Creating the policy-aware web: Discretionary, rules-based access for the world wide web. In in Elena Ferrari and Bhavani Thuraisingham, editors, Web and Information Security. IOS. Idea Group Inc., 2005.
[29]
A. Westin. Privacy and Freedom. New York: Atheneum, 1967.

Cited By

View all
  • (2021)Towards Models for Privacy Preservation in the Face of Metadata ExploitationPrivacy and Identity Management10.1007/978-3-030-72465-8_14(247-264)Online publication date: 1-Apr-2021
  • (2014)TRAAC: Trust and risk aware access control2014 Twelfth Annual International Conference on Privacy, Security and Trust10.1109/PST.2014.6890962(371-378)Online publication date: Jul-2014
  • (2014)Integrity Management in a Trusted Utilitarian Data Exchange PlatformOn the Move to Meaningful Internet Systems: OTM 2014 Conferences10.1007/978-3-662-45563-0_38(623-638)Online publication date: 2014
  • Show More Cited By

Index Terms

  1. Personalizing access control by generalizing access control

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies
      June 2010
      212 pages
      ISBN:9781450300490
      DOI:10.1145/1809842
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 11 June 2010

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. access control models
      2. integrity
      3. privacy policies

      Qualifiers

      • Research-article

      Conference

      SACMAT'10
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 177 of 597 submissions, 30%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)6
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 13 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2021)Towards Models for Privacy Preservation in the Face of Metadata ExploitationPrivacy and Identity Management10.1007/978-3-030-72465-8_14(247-264)Online publication date: 1-Apr-2021
      • (2014)TRAAC: Trust and risk aware access control2014 Twelfth Annual International Conference on Privacy, Security and Trust10.1109/PST.2014.6890962(371-378)Online publication date: Jul-2014
      • (2014)Integrity Management in a Trusted Utilitarian Data Exchange PlatformOn the Move to Meaningful Internet Systems: OTM 2014 Conferences10.1007/978-3-662-45563-0_38(623-638)Online publication date: 2014
      • (2013)Consistency checking in privacy-aware access controlProceedings of the 51st annual ACM Southeast Conference10.1145/2498328.2500080(1-6)Online publication date: 4-Apr-2013
      • (2013)An information flow control meta-modelProceedings of the 18th ACM symposium on Access control models and technologies10.1145/2462410.2462414(101-112)Online publication date: 12-Jun-2013
      • (2012)Access Control with Privacy Enhancements a Unified ApproachIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2012.229:5(670-683)Online publication date: 1-Sep-2012
      • (2011)GPFProceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and Networks10.1109/POLICY.2011.31(117-120)Online publication date: 6-Jun-2011

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media