ABSTRACT
New access control models have been developed to accommodate the implementation of new privacy policies. One of these models is the P-RBAC model by Ni et al. [8] which supports a wide range of privacy policies. However, while modeling policies has become more complex, there has been only very limited support to verify the consistency of policies in an access control system. We extend the so-called condition component of the P-RBAC model to overcome some limitations on the expressive power of the model. Based on the extended P-RBAC model, we investigate an algorithm that detects conflicts and redundancies in the privacy policies.
- Ardagna, C., Vimercati, S. D. C. d., Neven, G., Paraboschi, S., Preiss, F., Samarati, P., Verdicchio, M. 2010. Enabling privacy-preserving credential-based access control with XACML and SAML. In Proc. of the 3rd IEEE International Symposium on Trust, Security and Privacy for Emerging Applications. TSP-10, 1090--1095. Google ScholarDigital Library
- Barker, S. 2010. Personalizing access control by generalizing access control. In Proc. of the Symposium on Access Control Models and Technologies. SACMAT'10, 149--158. Google ScholarDigital Library
- Biere, A., Heule, M., Van Maaren, H., Walsh, T. 2009. Handbook of Satisfiability. Frontiers in Artificial Intelligence and Applications 185. IOS Press. Google ScholarDigital Library
- Byun, J., Li, N. 2008. Purpose based access control for privacy protection in the relational database systems. The VLDB Journal 17, 4 (July 2008), 603--619. Google ScholarDigital Library
- Faresi, A. A., Wijesekera, D., Moidu, K. 2010. A comprehensive privacy-aware authorization framework founded on HIPAA privacy rules. In Proc. of the 1st ACM International Health Informatics Symposium. IHI'10, 637--646. Google ScholarDigital Library
- Ferraiolo, D. F., Sandhu, R., Serban G., Kuhn, D. R., Chandramouli, R. 2003. Proposed NIST standard for role-based access control. ACM Trans. on Information and System Security (TISSEC) 4, 3 (Aug. 2001), 224--274. Google ScholarDigital Library
- Karata, J., Karata, C., Brodiea, C., Fengb, J. 2005. Privacy in information technology: designing to enable privacy policy management in organizations, Int. Journal of HumanComputer Studies 63, 1--2 (July 2005), 153--174. Google ScholarDigital Library
- Ni, Q., Bertino, E., Lobo, J., Brodie, C., Karat, C., Karat, J., Trombetta, A. 2010. Privacy-aware role-based access control. ACM Trans. Inf. Syst. Secur. 13, 3 (July 2010), 1--31. Google ScholarDigital Library
- Ni, Q., Lin, D., Bertino, E., and Lobo, J. 2007. Conditional privacy-aware role based access control. 12th European Symposium On Research In Computer Security (Dresden, Germany, September 2007). ESORICS 2007. 72--89. Google ScholarDigital Library
- Sandhu, R. S., Coyne, E. J., Feinstein, H. L., Youman, C. E. 1996. Role-based access control models. IEEE Computer Society 29, 2 (February 1996), 38--47. Google ScholarDigital Library
Index Terms
- Consistency checking in privacy-aware access control
Recommendations
A privacy-aware access control system
20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)The protection of privacy is an increasing concern in our networked society because of the growing amount of personal information that is being collected by a number of commercial and public services. Emerging scenarios of user-service interactions in ...
Privacy-enhanced access control in primelife
DIM '10: Proceedings of the 6th ACM workshop on Digital identity managementThis talk gives an overview of the PrimeLife1 project, funded by the European Commission's 7th Framework Programme, with a particular focus on its research results in privacy-preserving access control in distributed systems. Users commonly reveal more ...
A Lattice-Based Privacy Aware Access Control Model
CSE '09: Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03As the amount of data being collected by service providers increases, privacy concerns increase for the data owners that must provide private data to get services. Legislative acts require enterprises protect the privacy of their customers and privacy ...
Comments