The architecture of a privacy-aware access control decision component

Authors:
Claudio A. Ardagna;Marco Cremonini;Ernesto Damiani;Sabrina De Capitani di Vimercati;Pierangela Samarati
Affiliations:
Dipartimento di Tecnologie dell'Informazione, Università degli Studi di Milano, Crema, Italy;Dipartimento di Tecnologie dell'Informazione, Università degli Studi di Milano, Crema, Italy;Dipartimento di Tecnologie dell'Informazione, Università degli Studi di Milano, Crema, Italy;Dipartimento di Tecnologie dell'Informazione, Università degli Studi di Milano, Crema, Italy;Dipartimento di Tecnologie dell'Informazione, Università degli Studi di Milano, Crema, Italy
Venue:
CASSIS'05 Proceedings of the Second international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Year:
2005

Citing 9
Cited 1

Flexible support for multiple access control policies

ACM Transactions on Database Systems (TODS)
A uniform framework for regulating service access and information release on the web

Journal of Computer Security
E-P3P privacy policies and privacy authorization

Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Privacy-Enabled Services for Enterprises

DEXA '02 Proceedings of the 13th International Workshop on Database and Expert Systems Applications
Access Control: Policies, Models, and Mechanisms

FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Access control: principles and solutions

Software—Practice & Experience - Special issue: Security software
Driving and Monitoring Provisional Trust Negotiation with Metapolicies

POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
A formal privacy system and its application to location based services

PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
Towards privacy-enhanced authorization policies and languages

DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security

Privacy-Aware Access Control through Negotiation in Daily Life Service

PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics

Quantified Score

Hi-index	0.00

Visualization

Abstract

Today many interactions are carried out online through Web sites and e-services and often private and/or sensitive information is required by service providers. A growing concern related to this widespread diffusion of on-line applications that collect personal information is that users' privacy is often poorly managed and sometimes abused. For instance, it is well known how personal information is often disclosed to third parties without the consent of legitimate data owners or that there are professional services specialized on gathering and correlating data from heterogeneous repositories, which permit to build user profiles and possibly to disclose sensitive information not voluntarily released by their owners. For these reasons, it has gained great importance to design systems able to fully preserve information privacy by managing in a trustworthy and responsible way all identity and profile information. In this paper, we investigate some problems concerning identity management for e-services and present the architecture of the Access Control Decision Function, a software component in charge of managing access request in a privacy-aware fashion. The content of this paper is a result of our ongoing activity in the framework of the PRIME project (Privacy and Identity Management for Europe) [18], funded by the European Commission, whose objective is the development of privacy-aware solutions for enforcing security.