Toward a multilevel secure relational data model
SIGMOD '91 Proceedings of the 1991 ACM SIGMOD international conference on Management of data
Database security: research and practice
Information Systems
Role-Based Access Control Models
Computer
The multilevel relational (MLR) data model
ACM Transactions on Information and System Security (TISSEC)
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Privacy Promises, Access Control, and Privacy Management
ISEC '02 Proceedings of the Third International Symposium on Electronic Commerce
Flexible access control policy specification with constraint logic programming
ACM Transactions on Information and System Security (TISSEC)
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Extending Relational Database Systems to Automatically Enforce Privacy Policies
ICDE '05 Proceedings of the 21st International Conference on Data Engineering
Purpose based access control of complex data for privacy protection
Proceedings of the tenth ACM symposium on Access control models and technologies
Privacy-aware role based access control
Proceedings of the 12th ACM symposium on Access control models and technologies
Beyond purpose-based privacy access control
ADC '07 Proceedings of the eighteenth conference on Australasian database - Volume 63
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
A Purpose-Based Access Control Model
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Limiting disclosure in hippocratic databases
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Purpose based access control for privacy protection in relational database systems
The VLDB Journal — The International Journal on Very Large Data Bases
Dynamic Purpose-Based Access Control
ISPA '08 Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications
Conditional purpose based access control model for privacy protection
ADC '09 Proceedings of the Twentieth Australasian Conference on Australasian Database - Volume 92
SP'88 Proceedings of the 1988 IEEE conference on Security and privacy
Minimal disclosure in hierarchical hippocratic databases with delegation
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Hi-index | 0.00 |
This paper presents a role-involved purpose-based access control (RPAC) model, where a conditional purpose is defined as the intention of data accesses or usages under certain conditions. RPAC allows users using some data for a certain purpose with Conditions (For instance, Tony agrees that his income information can be used for marketing purposes by removing his name). The structure of RPAC model is investigated after defining access purposes, intended purposes and conditional purposes. An algorithm is developed with role-based access control (RBAC) to achieve the compliance computation between access purposes (related to data access) and intended purposes (related to data objects). Access purpose authorization and authentication in the RPAC model are studied with the hierarchical purpose structure. According to the model, more information from data providers can be extracted while at the same time assuring privacy that maximizes the usability of consumers' data. It extends role-based access control models to a further coverage of privacy preservation in database management systems by adopting purposes and conditional intended purposes and to achieve a fine-grained access control. The work in this paper helps enterprises to circulate a clear privacy promise, and to collect and manage user preferences and consent.