Purpose based access control of complex data for privacy protection
Proceedings of the tenth ACM symposium on Access control models and technologies
Privacy-aware role based access control
Proceedings of the 12th ACM symposium on Access control models and technologies
A Purpose-Based Access Control Model
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms
IEEE Transactions on Mobile Computing
Modeling contextual security policies
International Journal of Information Security
PuRBAC: Purpose-Aware Role-Based Access Control
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
A contextual privacy-aware access control model for network monitoring workflows: work in progress
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Secure and privacy-preserving execution model for data services
CAiSE'13 Proceedings of the 25th international conference on Advanced Information Systems Engineering
Fine-grained privacy control for the RFID middleware of EPCglobal networks
Proceedings of the Fifth International Conference on Management of Emergent Digital EcoSystems
A privacy-aware access control model for distributed network monitoring
Computers and Electrical Engineering
| Hi-index | 0.00 |
Typically, informational privacy aims to protect personal data from unauthorized access. In this paper, we propose to use the OrBAC model enhanced by some concepts to model privacy policies. We will take into account the concepts of consent, accuracy, purposes of the access and provisional obligation within role-based access control model. First, we focus on modelling of the requirement of the data owner consent before delivering the sensitive data. The subscriber defines that he must be notified before terminating the access. The access is delayed until the satisfaction of this condition. On the other hand, the accuracy of the sensitive data is usually underestimated within privacy models. We design an object hierarchy based on predefined accuracy levels. For this, we propose a derivation rule of sensitive objects. So, data owner can define authorisations based on different object accuracies. Furthermore, access control models usually permit the access to the stored data based on the role of the requester. We propose to extend this concept to take into account the purpose of the access. For this, we take advantage of the OrBAC user-declared context. Finally, we propose in this work to model the provisional obligations after accessing personal information. Third parties must notify data controller about further usage over collected data. To validate our approach, we show how the resulting model can be used to model the privacy policy for a location-based service. This can be applied within a mobile operator organization.