Toward a multilevel secure relational data model
SIGMOD '91 Proceedings of the 1991 ACM SIGMOD international conference on Management of data
Database security: research and practice
Information Systems
The multilevel relational (MLR) data model
ACM Transactions on Information and System Security (TISSEC)
Privacy Promises, Access Control, and Privacy Management
ISEC '02 Proceedings of the Third International Symposium on Electronic Commerce
Flexible access control policy specification with constraint logic programming
ACM Transactions on Information and System Security (TISSEC)
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Extending Relational Database Systems to Automatically Enforce Privacy Policies
ICDE '05 Proceedings of the 21st International Conference on Data Engineering
Purpose based access control of complex data for privacy protection
Proceedings of the tenth ACM symposium on Access control models and technologies
Beyond purpose-based privacy access control
ADC '07 Proceedings of the eighteenth conference on Australasian database - Volume 63
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
A Purpose-Based Access Control Model
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Limiting disclosure in hippocratic databases
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Purpose based access control for privacy protection in relational database systems
The VLDB Journal — The International Journal on Very Large Data Bases
Dynamic Purpose-Based Access Control
ISPA '08 Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications
Conditional purpose based access control model for privacy protection
ADC '09 Proceedings of the Twentieth Australasian Conference on Australasian Database - Volume 92
Minimal disclosure in hierarchical hippocratic databases with delegation
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Hi-index | 12.05 |
This paper presents a model for privacy preserving access control which is based on variety of purposes. Conditional purpose is applied along with allowed purpose and prohibited purpose in the model. It allows users using some data for certain purpose with conditions. The structure of conditional purpose-based access control model is defined and investigated through dynamic roles. Access purpose is verified in a dynamic behavior, based on subject attributes, context attributes and authorization policies. Intended purposes are dynamically associated with the requested data object during the access decision. An algorithm is developed to achieve the compliance computation between access purposes and intended purposes and is illustrated with Role-based access control (RBAC) in a dynamic manner to support conditional purpose-based access control. According to this model, more information from data providers can be extracted while at the same time assuring privacy that maximizes the usability of consumers' data. It extends traditional access control models to a further coverage of privacy preserving in data mining atmosphere. The structure helps enterprises to circulate clear privacy promise, to collect and manage user preferences and consent.