Security-control methods for statistical databases: a comparative study
ACM Computing Surveys (CSUR)
Toward a multilevel secure relational data model
SIGMOD '91 Proceedings of the 1991 ACM SIGMOD international conference on Management of data
Role-Based Access Control Models
Computer
The multilevel relational (MLR) data model
ACM Transactions on Information and System Security (TISSEC)
A lattice model of secure information flow
Communications of the ACM
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Protecting Respondents' Identities in Microdata Release
IEEE Transactions on Knowledge and Data Engineering
Achieving k-anonymity privacy protection using generalization and suppression
International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
Interactive deduplication using active learning
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Transforming data to satisfy privacy constraints
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Information sharing across private databases
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
Privacy Promises, Access Control, and Privacy Management
ISEC '02 Proceedings of the Third International Symposium on Electronic Commerce
Purpose based access control of complex data for privacy protection
Proceedings of the tenth ACM symposium on Access control models and technologies
Reference reconciliation in complex information spaces
Proceedings of the 2005 ACM SIGMOD international conference on Management of data
Mondrian Multidimensional K-Anonymity
ICDE '06 Proceedings of the 22nd International Conference on Data Engineering
A crossover operator for the k- anonymity problem
Proceedings of the 8th annual conference on Genetic and evolutionary computation
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Limiting disclosure in hippocratic databases
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
| Hi-index | 0.00 |
Privacy is today an important concern for both data providers and data users. Data generalization can provide significant protection of an individual's privacy, which means the data value can be replaced by a less specific but semantically consistent value and the personal information can be collected in a generalized form. However, over-generalized data may render data of little value. A key question is whether or not a certain generalization strategy provides a sufficient level of privacy and usability? In this paper, we introduce a new approach, called privacy-aware generalization boundaries, which can satisfy the requirements of both data providers and data users. We propose a privacy-aware access control model related to a retention period. Formal definitions of authorization actions and rules are presented. Further, we discuss how to manage a valid access process and analysis the access control policy. Finally, we extend our model to support highly complex privacy-related policies by taking into account features of obligations and conditions.