Privacy-aware role based access control

Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Volumn , Issue , 2007, Pages 41-50

  Ni, Qun ^a   Trombetta, Alberto ^b   Bertino, Elisa ^a   Lobo, Jorge ^c  

^a PURDUE UNIVERSITY   (United States)

^b UNIVERSITY OF INSUBRIA   (Italy)

^c IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

Model; Privacy; Purpose; Role based access control

Indexed keywords

ADMINISTRATIVE DATA PROCESSING; COMPUTER PRIVACY; DATA STRUCTURES; KNOWLEDGE BASED SYSTEMS;

COMPLEX PRIVACY-RELATED POLICIES; ROLE BASED ACCESS CONTROL;

ACCESS CONTROL;

EID: 34548016110     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1266840.1266848     Document Type: Conference Paper

References (26)

1. The enterprise privacy authorization language(epal 1.1). IBM Zurich Research Laboratory,Switzerland. Available at http://www.zurich.ibm.com/security /enterprise-privacy/epal/.
2. Amazon.com. Amazon privacy notice. Available at http://www.amazon.com/ exec/obidos/tg/browse/-/468496/102-8997954-0573735.
3. A. H. Anderson. A comparison of two privacy policy languages: Epal and xacml. In SWS '06: Proceedings of the 3rd ACM workshop on Secure web services, pages 53-60, New York, NY, USA, 2006. ACM Press.
4. A. Barth, A. Datta, J. C. Mitchell, and H. Nissenbaum. Privacy and contextual integrity: Framework and applications. In SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), pages 184-198, Washington, DC, USA, 2006. IEEE Computer Society.
5. A. Barth, J. C. Mitchell, and J. Rosenstein. Conflict and combination in privacy policy languages. In WPES '04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pages 45-46, New York, NY, USA, 2004. ACM Press.
6. Blizzard.com. Blizzard entertainment online privacy policy. Available at http://www.blizzard.com/privacy.shtml.
7. J.-W. Byun and N. Li. Purpose based access control for privacy protection in relational database systems. The VLDB Journal The International Journal on Very Large Data Bases, Sep 2006.
8. R. Chandramouli. A framework for multiple authorization types in a healthcare application system. In ACSAC '01: Proceedings of the 17th Annual Computer Security Applications Conference, page 137, Washington, DC, USA, 2001. IEEE Computer Society.
9. eBay.com. ebay privacy policy. Available at http://pages.ebay.com/help/ policies/privacy-policy.html.
10. Federal Trade Commision. Children's online privacy protection act of 1998. Available at http://www.cdt.org/legislation/105th/privacy/coppa.html.
11. D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3):224-274, 2001.
12. S. Fischer-Hubner. IT-security and privacy: design and use of privacy-enhancing security mechanisms. Springer-Verlag New York, Inc., New York, NY, USA, 2001.
13. Q. He. Privacy enforcement with an extended role-based access control model. NCSU Computer Science Technical Report TR-2003-09, February 28, 2003.
14. G. Karjoth and M. Schunter. A privacy policy model for enterprises. In CSFW, pages 271-281, 2002.
15. OASIS. Core and hierarchical role based access control (rbac) profile of xacml v2.0. Available at http://www.oasis-open.org/.
16. OASIS, extensible access control markup language (xacml) 2.0. Available at http://www.oasis-open.org/.
17. OASIS. Hierarchical resource profile of xacml v2.0. Available at http://www.oasis-open.org/.
18. OASIS. Privacy policy profile of xacml v2.0. Available at http://www.oasis-open.org/.
19. Organisation for Economic Co-operation and Development. Oecd guidelines on the protection of privacy and transborder flows of personal data of 1980. Available at http://www.oecd.org/.
20. C. S. Powers. Privacy promises, access control, and privacy management. In ISEC '02: Proceedings of the Third International Symposium on Electronic Commerce, page 13, Washington, DC, USA, 2002. IEEE Computer Society.
21. E. B. J. L. Qun Ni, Alberto Trombetta. Privacy aware role-based access control. CERIAS Technical Report.
22. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38-47, 1996.
23. C. Shankar and R. Campbell. A policy-based management framework for pervasive systems using axiomatized rule-actions. In NCA '05: Proceedings of the Fourth IEEE International Symposium on Network Computing and Applications, pages 255-258, Washington, DC, USA, 2005. IEEE Computer Society.
24. TRUSTe.org. An independent, nonprofit enabling trust based on privacy for personal information on the internet. Available at http://www.truste.org/.
25. United State Department of Health. Health insurance portability and accountability act of 1996. Available at http://www.hhs.gov/ocr/hipaa/.
26. U.S. Senate Committee on Banking, Housing, and Urban Affairs. Information regarding the gramm-leach-bliley act of 1999. Available at http://banking. senate.gov/conf/.