Role-Based Access Control Models
Computer
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
k-anonymity: a model for protecting privacy
International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
An XPath-based preference language for P3P
WWW '03 Proceedings of the 12th international conference on World Wide Web
Purpose based access control of complex data for privacy protection
Proceedings of the tenth ACM symposium on Access control models and technologies
SWS '04 Proceedings of the 2004 workshop on Secure web service
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
A middleware architecture for privacy protection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Purpose based access control for privacy protection in relational database systems
The VLDB Journal — The International Journal on Very Large Data Bases
P3P: Making Privacy Policies More Useful
IEEE Security and Privacy
Towards the development of privacy-aware systems
Information and Software Technology
Privacy-Preserving database systems
Foundations of Security Analysis and Design III
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Hi-index | 0.00 |
Privacy issue is receiving a great deal of attention since the need of privacy is increasing and new threats are emerging. The growing concern of users for their personal information has made it critical to implant effective technologies for privacy and data management. A common way for privacy preservation is restricting access to data like the classic Role-based Access Control (RBAC) Model. But the RBAC is limited as it does not provide users enough flexibilities and functionalities. In order to minimize the disclosure of data and support higher flexibilities for users to manage their privacy information, this paper provides a privacy data graph based on the traditional RBAC model to illustrate the linkage between data elements. Moreover, the notion of purpose is added to specify the intended usage of data and allow users to set personal privacy preferences through purpose. A case study in the healthcare domain is provided. As our model is generic, it can be also adapted to other fields. A detailed view of our proposed privacy system with experimental result is provided.