Fine-grained privacy control for the RFID middleware of EPCglobal networks

Authors:
Wiem Tounsi;Nora Cuppens-Boulahia;Frédéric Cuppens;Joaquin Garcia-Alfaro
Affiliations:
Institut Mines-Telecom, TELECOM Bretagne, France;Institut Mines-Telecom, TELECOM Bretagne, France;Institut Mines-Telecom, TELECOM Bretagne, France;Institut Mines-Telecom, TELECOM SudParis, France
Venue:
Proceedings of the Fifth International Conference on Management of Emergent Digital EcoSystems
Year:
2013

Citing 8
Cited 0

Role-Based Access Control Models

Computer
Organization based access control

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Balancing confidentiality and efficiency in untrusted relational DBMSs

Proceedings of the 10th ACM conference on Computer and communications security
Privacy-aware role based access control

Proceedings of the 12th ACM symposium on Access control models and technologies
A Purpose-Based Access Control Model

IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
On the correctness criteria of fine-grained access control in relational databases

VLDB '07 Proceedings of the 33rd international conference on Very large data bases
PuRBAC: Purpose-Aware Role-Based Access Control

OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Contextual privacy management in extended role based access control model

DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Electronic Product Code (EPC) is a Radio Frequency IDentification (RFID) that offers a new way of automating identification. However, once RFID tags carry more than just an identifier, privacy may be violated. Treating the privacy in early stages helps to master the data view before interpreting and storing it in databases. An RFID middleware is the entity that sits between tag readers and database applications. It is in charge of collecting, filtering, aggregating and grouping the requested events from heterogeneous RFID environments. Thus, the system, at this point, is likely to suffer from parameter manipulation and eavesdropping, raising privacy concerns. We propose a privacy controller module that enhances the Filtering and Collection middleware of the RFID EPCglobal network. We provide a privacy policy-driven model using some enhanced contextual concepts of the extended Role Based Access Control model. To show the feasibility of our privacy-enhanced model, we provide a proof-of-concept prototype integrated into the middleware of the Fosstrak framework, an open-source implementation of the EPCglobal specifications.