Role-Based Access Control Models
Computer
Constraint query languages (preliminary report)
PODS '90 Proceedings of the ninth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
Constraint Databases: A Survey
Selected Papers from a Workshop on Semantics in Databases
Safe Datalog Queries with Linear Constraints
CP '98 Proceedings of the 4th International Conference on Principles and Practice of Constraint Programming
Privacy Promises, Access Control, and Privacy Management
ISEC '02 Proceedings of the Third International Symposium on Electronic Commerce
Obligation Monitoring in Policy Management
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Conflict and combination in privacy policy languages
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
A comparison of two privacy policy languages: EPAL and XACML
Proceedings of the 3rd ACM workshop on Secure web services
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
Privacy-aware role based access control
Proceedings of the 12th ACM symposium on Access control models and technologies
Grand Challenges in Information Security: Process and Output
IEEE Security and Privacy
IT-security and privacy: design and use of privacy-enhancing security mechanisms
IT-security and privacy: design and use of privacy-enhancing security mechanisms
Platform for enterprise privacy practices: privacy-enabled management of customer data
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
An obligation model bridging access control policies and privacy policies
Proceedings of the 13th ACM symposium on Access control models and technologies
Privacy-Aware Access Control through Negotiation in Daily Life Service
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
PuRBAC: Purpose-Aware Role-Based Access Control
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
An Access Control Language for a General Provenance Model
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
Toward practical authorization-dependent user obligation systems
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Privacy-aware role-based access control
ACM Transactions on Information and System Security (TISSEC)
Analysis of privacy and security policies
IBM Journal of Research and Development
Policy framework for security and privacy management
IBM Journal of Research and Development
xfACL: an extensible functional language for access control
Proceedings of the 16th ACM symposium on Access control models and technologies
Privacy in mobile technology for personal healthcare
ACM Computing Surveys (CSUR)
An information flow control meta-model
Proceedings of the 18th ACM symposium on Access control models and technologies
Consistency checking in privacy-aware access control
Proceedings of the 51st ACM Southeast Conference
Consistency checking in access control
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
Privacy is considered critical for all organizations needing to manage individual related information. As such, there is an increasing need for access control models which can adequately support the specification and enforcement of privacy policies. In this paper, we propose a model, referred to as Conditional Privacy-aware Role Based Access Control (P-RBAC), which supports expressive condition languages and flexible relations among permission assignments for more complex privacy policies. Efficient algorithms for detecting conflicts, redundancies, and indeterminism for a set of permission assignments are presented. In the paper we also extend Conditional P-RBAC to Universal P-RBAC by taking into account hierarchical relations among roles, data and purposes. In comparison with other approaches, such as P3P, EPAL, and XACML, our work has achieved both expressiveness and efficiency.