Conditional privacy-aware role based access control

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4734 LNCS, Issue , 2007, Pages 72-89

  Ni, Qun ^a   Lin, Dan ^a   Bertino, Elisa ^a   Lobo, Jorge ^b  

^a Purdue University   (United States)

^b IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL; MATHEMATICAL MODELS; PUBLIC POLICY; REDUNDANCY; SOCIETIES AND INSTITUTIONS;

CONDITIONAL PRIVACY; EXPRESSIVE CONDITION LANGUAGES; PRIVACY POLICIES;

DATA PRIVACY;

EID: 38049002527     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-74835-9_6     Document Type: Conference Paper

References (29)

1. Agrawal, D., Giles, J., Lee, K.-W., Lobo, J.: Policy ratification. In: POLICY'05. Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks, Stockholm Sweden, pp. 223-232. IEEE Computer Society, Los Alamitos (2005)
2. Amazon.com: Amazon privacy notice, available at http://www.amazon.com/ exec/obidos/tg/browse/-/468496/102-8997954-0573735
3. Anderson, A.H.: A comparison of two privacy policy languages: Epal and xacml. In: SWS '06: Proceedings of the 3rd ACM workshop on Secure web services, pp. 53-60. ACM Press, New York (2006)
4. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (epal 1.2). W3C Member Submission 10 (November 2003), available at http://www.w3.org/Submission/EPAL/
5. Barth, A., Mitchell, J.C., Rosenstein, J.: Conflict and combination in privacy policy languages. In: WPES '04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pp. 45-46. ACM Press, New York (2004)
6. Bettini, C., Jajodia, S., Wang, X., Wijesekera, D.: Obligation monitoring in policy management. In: POLICY'02. Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks, Washington, DC, USA, p. 2. IEEE Computer Society, Los Alamitos (2002)
7. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224-274 (2001)
8. Fischer-Hubner, S.: IT-security and privacy: design and use of privacy-enhancing security mechanisms. Springer, Heidelberg (2001)
9. Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: Inverardi, P., Jazayeri, M. (eds.) ICSE 2005. LNCS, vol. 4309, pp. 196-205. Springer, Heidelberg (2006)
10. IBM Zurich Research Laboratory, Switzerland: The enterprise privacy authorization language (epal 1.1), available at http://www.zurich.ibm.com/ security/enterprise-privacy/epal/
11. Irwin, K., Yu, T., Winsborough, W.H.: On the modeling and analysis of obligations. In: CCS '06: Proceedings of the 13th ACM conference on Computer and communications security, pp. 134-143. ACM Press, New York (2006)
12. Kanellakis, P.C., Kuper, G.M., Revesz, P.Z.: Constraint query languages (preliminary report). In: PODS '90: Proceedings of the ninth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems, pp. 299-313. ACM Press, New York (1990)
13. Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: Privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69-84. Springer, Heidelberg (2003)
14. Kolovski, V., Hendler, J., Parsia, B.: Formalizing xacml using defeasible description logics, available at http://www.mindsvap.org/~kolovski/xacml.tr.pdf
15. Li, N., Mitchell, J.C.: Datalog with constraints: A foundation for trust management languages. In: Dahl, V., Wadler, P. (eds.) PADL 2003. LNCS, vol. 2562, pp. 58-73. Springer, Heidelberg (2002)
16. Mont, M.C., Beato, F.: On parametric obligation policies: Enabling privacyaware information lifecycle management in enterprises. Tech. Report HPL-2007-7, Trusted Systems Laboratory, HP Laboratories Bristol, available at http://www.hpl.hp.com/techreports/2007/HPL-2007-7.pdf
17. Ni, Q., Trombetta, A., Bertino, E., Lobo, J.: Privacy aware role based access control. In: SACMAT '07. Proceedings of the 12th ACM symposium on Access control models and technologies. ACM Press, Sophia Antipolis, France (2007)
18. OASIS: extensible access control markup language (xacml) 2.0, available at http://www.oasis-open.org/
19. Organisation for Economic Co-operation and Development: Oecd guidelines on the protection of privacy and transborder flows of personal data of 1980, available at http ://www.oecd.org/
20. Powers, CS.: Privacy promises, access control, and privacy management. In: ISEC '02: Proceedings of the Third International Symposium on Electronic Commerce, Washington, DC, USA, p. 13. IEEE Computer Society, Los Alamitos (2002)
21. Revesz, P.Z.: Constraint databases: A survey. In: Thalheim, B. (ed.) Semantics in Databases. LNCS, vol. 1358, pp. 209-246. Springer, Heidelberg (1998)
22. Revesz, P.Z.: Safe datalog queries with linear constraints, In: Maher, M.J., Puget, J.-F. (eds.) CP 1998. LNCS, vol. 1520, pp. 355-369. Springer, Heidelberg (1998)
23. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38-47 (1996)
24. Smith, S.W., Spafford, E.H.: Grand challenges in information security: Process and output. IEEE Security and Privacy, 69-71 (January 2004)
25. TRUSTe.org: An independent, nonprofit enabling trust based on privacy for personal information on the internet, available at http://www.truste.org/
26. Tschantz, M.C., Krishnamurthi, S.: Towards reasonability properties for accesscontrol policy languages with extended xacml analysis. Tech. Report CS-06-04, CS, Brown University, available at http://www.cs.brown.edu/ publications/techreports/reports/CS-06-04.html
27. United State Department of Health: Health insurance portability and accountability act of 1996, available at http://www.hhs.gov/ocr/hipaa/
28. U.S. Senate Committee on Banking, Housing, and Urban Affairs: Information regarding the gramm-leach-bliley act of 1999, available at http://banking. senate.gov/conf/
29. W3C: Platform for privacy preferences (p3p) project, available at http://www.w3.org/P3P