A privacy-aware access control system

Journal of Computer Security

Volumn 16, Issue 4, 2008, Pages 369-397

  Ardagna, C A ^a   Cremonini, M ^a   De Capitani Di Vimercati, S ^a   Samarati, P ^a  

^a UNIVERSITY OF MILAN   (Italy)

Author keywords

Access control; Data handling policies; Privacy

Indexed keywords

ACCESS CONTROL; DATA HANDLING; DATA PRIVACY; SECURITY SYSTEMS;

ACCESS CONTROL POLICIES; ACCESS CONTROL SYSTEMS; DIGITAL WORLD; LANGUAGES (TRADITIONAL); PERSONAL INFORMATION; PRIVACY CONTROL; PROTECTION OF PRIVACY; PUBLIC SERVICES; USER-SERVICE INTERACTIONS;

CONTROL SYSTEMS;

EID: 48249091293     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2008-0328     Document Type: Article

References (36)

1. R. Agrawal, J. Kiernan, R. Srikant and Y. Xu, An xpath based preference language for P3P, in: Proc. of the 12th International World Wide Web Conference, Budapest, Hungary, May 2003.
2. G.-J. Ahn and J. Lam, Managing privacy preferences in federated identity management, in: Proc. of the ACM Workshop on Digital Identity Management, Fairfax, VA, USA, November 2005.
3. C.A. Ardagna, M. Cremonini, E. Damiani, S. De Capitani di Vimercati and P. Samarati, Supporting location-based conditions in access control policies, in: Proc. of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'06), Taipei, Taiwan, March 2006.
4. C.A. Ardagna, E. Damiani, S. De Capitani di Vimercati and P. Samarati, Towards privacy-enhanced authorization policies and languages, in: Proc. of the 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Storrs, CA, USA, August 2005.
5. C.A. Ardagna, S. De Capitani di Vimercati and P. Samarati, Enhancing user privacy through data handling policies, in: Proc. of the 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July/August 2006.
6. C. Bettini, S. Jajodia, X. Sean Wang and D. Wijesekera, Provisions and obligations in policy management and security applications, in: Proc. of the 28th VLDB Conference, Hong Kong, China, August 2002.
7. J. Biskup and H.H. Brüggemann, The personal model of data: Towards a privacy oriented information system, Computers & Security 7 (1988), 575-597.
8. J. Biskup and H.H. Brüggemann, The personal model of data - towards a privacy oriented information system, in: Proc. of the Fifth International Conference on Data Engineering (ICDE 1989), Los Angeles, CA, USA, February 1989.
9. P.A. Bonatti and D. Olmedilla, Driving and monitoring provisional trust negotiation with metapolicies, in: Proc. of the IEEE 6th International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), Stockholm, Sweden, June 2005.
10. P.A. Bonatti and P. Samarati, A unified framework for regulating access and information release on the web, Journal of Computer Security 10(3) (2002), 241-272.
11. H.H. Brüggemann, Interaction of authorities and acquaintances in the DORIS privacy model of data, in: Proc. of the 2nd Symposium on Mathematical Fundamentals of Database Systems (MFDBS 1989), Visegrad, Hungary, June 1989.
12. M. Casassa Mont and F. Beato, On parametric obligation policies: Enabling privacy-aware information lifecycle management in enterprises, in: Proc. of the 8th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2007), Bologna, Italy, June 2007.
13. R. Chandramouli, Privacy protection of enterprise information through inference analysis, in: IEEE 6th International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), Stockholm, Sweden, June 2005.
14. L.F. Cranor, Web Privacy with P3P, O'Reilly & Associates, Sebastopol, CA, USA, 2002.
15. E. Damiani, S. De Capitani di Vimercati, C. Fugazza and P. Samarati, Extending policy languages to the semantic web, in: Proc. of the International Conference on Web Engineering, Munich, Germany, July 2004.
16. Directive 95/46/ec of the European Parliament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L 281 (23/11/1995), 031-050.
17. R. Gavriloaie, W. Nejdl, D. Olmedilla, K. Seamons and M. Winslett, No registration needed: How to use declarative policies and negotiation to access sensitive resources on the semantic web, in: Proc. of the First European Semantic Web Symposium, Heraklion, Greece, May 2004.
18. G. Karjoth and M. Schunter, Privacy policy model for enterprises, in: Proc. of the 15th IEEE Computer Security Foundations Workshop, Cape Breton, NS, Canada, June 2002.
19. G. Karjoth, M. Schunter and M. Waidner, Privacy-enabled services for enterprises, in: Proc. of the 13th International Conference on Database and Expert Systems Applications (DEXA'02), Aix-en-Provence, France, September 2002.
20. J. Kolter, R. Schillinger and G. Pernul, A privacy-enhanced attribute-based access control system, in: Proc. of the 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Redondo Beach, CA, USA, July 2007.
21. Organization for Economic Co-operation and Development, OECD guidelines on the protection of privacy and transborder flows of personal data, http://www.oecd.org/document/18/0,2340,en_2649_ 34255_1815186_119820_1_1_1,00. html, 1980.
22. Privacy and identity management for Europe (PRIME), http://www.prime- project.eu.org/
23. T. Ryutov, L. Zhou, C. Neuman, T. Leithead and K.E. Seamons, Adaptive trust negotiation and access control, in: Proc. of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, June 2005.
24. P. Samarati and S. De Capitani di Vimercati, Access control: Policies, models, and mechanisms, in: Foundations of Security Analysis and Design, R. Focardi and R. Gorrieri, eds, LNCS, Vol. 2171, Springer-Verlag, Berlin, 2001, pp. 137-196.
25. K.E. Seamons, W. Winsborough and M. Winslett, Internet credential acceptance policies, in: Proc. of the Workshop on Logic Programming for Internet Applications, Leuven, Belgium, July 1997.
26. B. Thuraisingham, Privacy constraint processing in a privacy-enhanced database management system, Data & Knowledge Engineering 55(2) (2005), 159-188.
27. T.W. van der Horst, T. Sundelin, K.E. Seamons and C.D. Knutson, Mobile trust negotiation: Authentication and authorization in dynamic mobile networks, in: Proc. of the Eighth IFIP Conference on Communications and Multimedia Security, Lake Windermere, England, September 2004.
28. W. Winsborough, K.E. Seamons and V. Jones, Automated trust negotiation, in: Proc. of the DARPA Information Survivability Conf. & Exposition, Hilton Head Island, SC, USA, January 2000.
29. M. Winslett, N. Ching, V. Jones and I. Slepchin, Assuring security and privacy for digital library transactions on the web: Client and server security policies, in: Proc. of the ADL'97 - Forum on Research and Tech. Advances in Digital Libraries, Washington, DC, USA, May 1997.
30. World Wide Web Consortium, A P3P Preference Exchange Language 1.0 (APPEL1.0), http://www. w3.org/TR/P3P-preferences/, April 2002.
31. World Wide Web Consortium, The Platform for Privacy Preferences 1.1 (P3P1.1) Specification, http://www.w3.org/TR/2005/WD-P3P11-20050701, July 2005.
32. M. Youssef, V. Atluri and N.R. Adam, Preserving mobile customer privacy: An access control system for moving objects and customer profiles, in: Proc. of the 6th International Conference on Mobile Data Management, Ayia Napa, Cyprus, May 2005.
33. T. Yu, X. Ma and M. Winslett, An efficient complete strategy for automated trust negotiation over the internet, in: Proc. of the 7th ACM Computer and Communication Security, Athens, Greece, November 2000.
34. T. Yu and M. Winslett, A unified scheme for resource protection in automated trust negotiation, in: Proc. of the IEEE Symposium on Security and Privacy, Berkeley, CA, May 2003.
35. T. Yu, M. Winslett and K.E. Seamons, Interoperable strategies in automated trust negotiation, in: ACM Conference on Computer and Communications Security (CCS 2001), Philadelphia, PA, USA, November 2001.
36. T. Yu, M. Winslett and K.E. Seamons, Supporting structured credentials and sensitive policies trough interoperable strategies for automated trust, ACM Transactions on Information and System Security (TISSEC) 6(1) (2003), 1-42.