Purpose based access control for privacy protection in relational database systems

VLDB Journal

Volumn 17, Issue 4, 2008, Pages 603-619

  Byun, Ji Won ^a   Li, Ninghui ^a  

^a Purdue University   (United States)

Author keywords

Access control; Privacy; Private data management; Purpose

Indexed keywords

EID: 45749089618     PISSN: 10668888     EISSN: 0949877X     Source Type: Journal    
DOI: 10.1007/s00778-006-0023-0     Document Type: Article

References (31)

1. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic. In: Proceedings of the 28th International Conference on Very Large Databases (VLDB) (2002)
2. ANSI: American national standard for information technology-role based access control. ANSI INCITS 359-2004 (2004)
3. Ashley, P., Powers, C.S., Schunter, M.: Privacy promises, access control, and privacy management. In: Third International Symposium on Electronic Commerce (2002)
4. Barker S., Stuckey P.J. (2003). Flexible access control policy specification with constraint logic programming. ACM Trans. Inf. Syst. Secu. 6(4):501-546
5. Bell, D.E., LaPadula, L.J.: Secure computer systems: mathematical foundations and model Technical report, MITRE Corporation (1974)
6. Bertino E., Jajodia S., Samarati P. (1995). Database security: research and practice. Inf. Syst. 20(7):537-556
7. Bitton, D., DeWitt, D.J., Turbyfill, C.: Benchmarking database systems: a systematic approach. In: Ninth International Conference on Very Large Data Bases (1983)
8. Chen, F., Sandhu, R.: Constraints for role-based access control. In: The first ACM Workshop on Role-based access control (1996)
9. Denning, D., Lunt, T., Schell, R., Shockley, W., Heckman, M.: The seaview security model. In: The IEEE Symposium on Research in Security and Privacy (1988)
10. Dong, X., Halevy, A., Madhavan, J., Nemes, E.: Reference reconciliation in complex information spaces. In: ACM International Conference on Management of Data (SIGMOD) (2005)
11. Federal Trade Commision: Children's online privacy protection act of 1998. Available at www.cdt.org/legislation/105th/privacy/ coppa.html
12. Federal Trade Commission: Privacy online: fair information practices in the electronic marketplace: a report to congress, May 2000. Available at www.ftc.gov/reports/privacy2000/privacy2000.pdf
13. Fellegi, I.P., Sunter, A.B.: A theory for record linkage. J. Am. Stat. Assoc. (1969)
14. Ferraiolo, D.F., Richard Kuhn, D., Chandramouli, R.: Role-Based Access Control. Artech House (2003)
15. Ferraiolo D.F., Sandhu R.S., Gavrila S., Kuhn D.R., Chandramouli R. (2001). Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Sec. 4(3):224-274
16. Goh, C., Baldwin, A.: Towards a more complete model of role. In: The 3rd ACM workshop on Role-based access control. (1998)
17. IBM: The Enterprise Privacy Authorization Language (EPAL). Available at www.zurich.ibm.com/security/enterprise-privacy/epal
18. Jajodia, S., Sandhu, R.: Toward a multilevel secure relational data model. In: ACM International Conference on Management of Data (SIGMOD) pp. 50-59. ACM Press, New York (1991)
19. Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practice: Privacy-enabled management of customer data. In: The 2nd Workshop on Privacy Enhancing Technologies (PET 2002) (2002)
20. Kobsa A. (2002). Personalized hypermedia and international privacy. Communic ACM. 45(5):64-67
21. Kumar A., Karnik N., Chafle G. (2002). Context sensitivity in role-based access control. ACM SIGOPS Oper. Syst. Rev. 36(3):53-66
22. LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.: Disclosure in hippocratic databases. In: The 30th International Conference on Very Large Databases (VLDB) (2004)
23. Oracle Corporation: The Virtual Private Database in Oracle9iR2: An Oracle Technical White Paper, January 2002. Available at www.oracle.com.
24. Oracle Corporation: The Oracle Database SQL References, December 2003. Availabe at www.oracle.com.
25. Sandhu R., Chen F. (1998). The multilevel relational data model. ACM Trans. Inf. Syst. Secu. 1(1):93-132
26. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: Proceedings of the Fifth ACM Workshop on Role-Based Access Control (RBAC 2000), pp. 47-63 (2000)
27. Sandhu R.S., Coyne E.J., Feinstein H.L., Youman C.E. (1996). Role-based access control models. IEEE Comput. 29(2):38-47
28. Sarawagi, S., Bhamidipaty, A.: Interactive deduplication using active learning. In: ACM International conference on Knowledge discovery and data mining (SIGKDD) (2002)
29. Stonebraker, M., Wong, E.: Access control in a relational data base management system by query modification. In: ACM CSC-ER Proceedings of the 1974 Annual Conference (1974)
30. World Wide Web Consortium (W3C): A P3P Preference Exchange Language 1.0 (APPEL 1.0). Available at www.w3.org/TR/P3P-preferences
31. World Wide Web Consortium (W3C): Platform for Privacy Preferences (P3P). Available at www.w3.org/P3P.