Privacy-aware Role-based access control

ACM Transactions on Information and System Security

Volumn 13, Issue 3, 2010, Pages

  Ni, Qun ^a   Bertino, Elisa ^a   Lobo, Jorge ^b   Brodi, Carolyn ^b   Karat, Clare Marie ^b   Karat, John ^b   Trombetta, Alberto ^c  

^a Purdue University   (United States)

^b IBM T J WATSON RESEARCH CENTER   (United States)

^c UNIVERSITY OF INSUBRIA   (Italy)

Author keywords

Model; Privacy; Purpose; Role based access control

Indexed keywords

AUTHORING TOOL; HIGH LEVEL SPECIFICATION; KEY COMPONENT; NATURAL LANGUAGE SPECIFICATIONS; NATURAL LANGUAGES; PERSONALLY IDENTIFIABLE INFORMATION; PRIVACY; PRIVACY POLICIES; PRIVACY-AWARE ACCESS CONTROL; RBAC MODEL; ROLE-BASED ACCESS CONTROL;

LINGUISTICS; SECURITY SYSTEMS; SPECIFICATIONS;

ACCESS CONTROL;

EID: 77955210831     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/1805974.1805980     Document Type: Conference Paper

References (21)

1. ANDERSON, A. H. 2006. A comparison of two privacy policy languages: EPAL and XACML. In Proceedings of the 3rd Workshop on Secure Web Services. ACM, New York, 53-60.
2. BARTH, A., MITCHELL, J. C., AND ROSENSTEIN, J. 2004. Conflict and combination in privacy policy languages. In Proceedings of the Workshop on Privacy in the Electronic Society. ACM, New York, 45-46.
3. BYUN, J.-W. AND LI, N. 2008. Purpose-based access control for privacy protection in relational database systems. VLDB J. 17, 4, 603-619.
4. CHANDRAMOULI, R. 2001. A framework for multiple authorization types in a healthcare application system. In Proceedings of the 17th Annual Computer Security Applications Conference. IEEE, Los Alamitos, CA, 137.
5. FERRAIOLO, D. F., SANDHU, R., GAVRILA, S., KUHN, D. R., AND CHANDRAMOULI, R. 2001. Proposed standard for role-based access control. ACM Trans. Inform. Syst. Secur. 4, 3, 224-274.
6. FISCHER-HUBNER, S. 2001. IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. Springer-Verlag, Berlin.
7. HE, Q. 2003. Privacy enforcement with an extended role-based access control model. Tech. rep. TR-2003-2009, Department of Computer Science, North Carolina State University.
8. KARAT, C.-M., KARAT, J., BRODIE, C., AND FENG, J. 2006. Evaluating interfaces for privacy policy rule authoring. In Proceedings of the Conference on Human Factors in Computing Systems. ACM, New York, 83-92.
9. KARAT, J., KARAT, C.-M., BRODIE, C., AND FENG, J. 2005a. Designing natural language and structured entry methods for privacy policy authoring. In Proceedings of the International Conference on Human-Computer Interaction. Springer-Verlag, Berlin, 671-684.
10. KARAT, J., KARAT, C.-M., BRODIE, C., AND FENG, J. 2005b. Privacy in information technology: Designing to enable privacy policy management in organizations. Int. J. Hum.-Comput. Stud. 63, 1-2, 153-174.
11. KARJOTH, G. AND SCHUNTER, M. 2002. A privacy policy model for enterprises. In Proceedings of the 15th Computer Security Foundations Workshop. IEEE, Los Alamitos, CA, 271-281.
12. LAW, U. S. F. 1996. Health insurance portability and accountability act of 1996. Pub. L. 104-191.
13. NI, Q., BERTINO, E., AND LOBO, J. 2008. An obligation model bridging access control policies and privacy policies. In Proceedings of the Symposium on Access Control Methods and Technologies. ACM, New York, 133-142.
14. NI, Q., BERTINO, E., LOBO, J., BRODIE, C.,KARAT, C.-M., KARAT, J., AND TROMBETTA, A. 2009. Privacyaware role-based access control. Tech. rep., CERIAS, Purdue University.
15. NI, Q., LIN, D., BERTINO, E., AND LOBO, J. 2007. Conditional privacy-aware role-based access control. In Proceedings of the European Symposium on Research in Computer Security. Springer- Verlag, Berlin, 72-89.
16. OASIS. 2005. eXtensible Access Control Markup Language (XACML) 2.0. http://www.oasis-open.org/.
17. ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT. 1980. Oecd guidelines on the protection of privacy and transborder ows of personal data of 1980. http://www.oecd.org/.
18. PARK, J. AND SANDHU, R. S. 2004. The uconabc usage control model. ACM Trans. Inform. Syst. Secur. 7, 1, 128-174.
19. POWERS, C. S. 2002. Privacy promises, access control, and privacy management. In Proceedings of the 3rd International Symposium on Electronic Commerce. IEEE, Los Alamitos, CA, 13.
20. SANDHU, R. S., COYNE, E. J., FEINSTEIN, H. L., AND YOUMAN, C. E. 1996. Role-based access control models. IEEE Computer 29, 2, 38-47.
21. SHANKAR, C. AND CAMPBELL, R. 2005. A policy-based management framework for pervasive systems using axiomatized rule-actions. In Proceedings of the 4th International Symposium on Network Computing and Applications. IEEE, Los Alamitos, CA, 255-258.