Role-Based Access Control Models
Computer
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A Privacy Policy Model for Enterprises
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A Framework for Multiple Authorization Types in a Healthcare Application System
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Privacy Promises, Access Control, and Privacy Management
ISEC '02 Proceedings of the Third International Symposium on Electronic Commerce
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Conflict and combination in privacy policy languages
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Privacy in information technology: designing to enable privacy policy management in organizations
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
A Policy-based Management Framework for Pervasive Systems using Axiomatized Rule-Actions
NCA '05 Proceedings of the Fourth IEEE International Symposium on Network Computing and Applications
Evaluating interfaces for privacy policy rule authoring
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A comparison of two privacy policy languages: EPAL and XACML
Proceedings of the 3rd ACM workshop on Secure web services
An obligation model bridging access control policies and privacy policies
Proceedings of the 13th ACM symposium on Access control models and technologies
Purpose based access control for privacy protection in relational database systems
The VLDB Journal — The International Journal on Very Large Data Bases
IT-security and privacy: design and use of privacy-enhancing security mechanisms
IT-security and privacy: design and use of privacy-enhancing security mechanisms
Designing natural language and structured entry methods for privacy policy authoring
INTERACT'05 Proceedings of the 2005 IFIP TC13 international conference on Human-Computer Interaction
Conditional privacy-aware role based access control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Policy framework for security and privacy management
IBM Journal of Research and Development
Evaluating access control of open source electronic health record systems
Proceedings of the 3rd Workshop on Software Engineering in Health Care
Challenges in model-based evolution and merging of access control policies
Proceedings of the 12th International Workshop on Principles of Software Evolution and the 7th annual ERCIM Workshop on Software Evolution
Proceedings of the 50th Annual Southeast Regional Conference
A contextual privacy-aware access control model for network monitoring workflows: work in progress
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
A design phase for data sharing agreements
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
A workflow checking approach for inherent privacy awareness in network monitoring
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy
Modified hierarchical privacy-aware role based access control model
Proceedings of the 2012 ACM Research in Applied Computation Symposium
Consistency checking in privacy-aware access control
Proceedings of the 51st ACM Southeast Conference
Towards purpose enforcement model for privacy-aware usage control policy in distributed healthcare
International Journal of Security and Networks
A privacy-aware access control model for distributed network monitoring
Computers and Electrical Engineering
Consistency checking in access control
Proceedings of the 4th ACM conference on Data and application security and privacy
Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
A Role Based Privacy-Aware Secure Routing Protocol for Wireless Mesh Networks
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
In this article, we introduce a comprehensive framework supporting a privacy-aware access control mechanism, that is, a mechanism tailored to enforce access control to data containing personally identifiable information and, as such, privacy sensitive. The key component of the framework is a family of models (P-RBAC) that extend the well-known RBAC model in order to provide full support for expressing highly complex privacy-related policies, taking into account features like purposes and obligations. We formally define the notion of privacy-aware permissions and the notion of conflicting permission assignments in P-RBAC, together with efficient conflict-checking algorithms. The framework also includes a flexible authoring tool, based on the use of the SPARCLE system, supporting the high-level specification of P-RBAC permissions. SPARCLE supports the use of natural language for authoring policies and is able to automatically generate P-RBAC permissions from these natural language specifications. In the article, we also report performance evaluation results and contrast our approach with other relevant access control and privacy policy frameworks such as P3P, EPAL, and XACML.