Privacy-aware role based access control
Proceedings of the 12th ACM symposium on Access control models and technologies
Formal consistency verification between BPEL process and privacy policy
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Enforcing purpose of use via workflows
Proceedings of the 8th ACM workshop on Privacy in the electronic society
Towards defining semantic foundations for purpose-based privacy policies
Proceedings of the first ACM conference on Data and application security and privacy
A feature-based approach for modeling role-based access control systems
Journal of Systems and Software
UCONLEGAL: a usage control model for HIPAA
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Language-Based enforcement of privacy policies
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
Hi-index | 0.00 |
Privacy enforcement has been one of the most important challenges in IT area. Current privacy practices within companies and organizations, e.g. enabling a P3P compliant policy, incorporating a privacy seal program, etc., cannot truly protect consumer privacy. Privacy protection can only be achieved by enforcing privacy policies within an organizations online and offline data processing systems. Traditional security models are more or less inappropriate for enforcing basic privacy requirements, such as purpose binding. This paper proposes an extended role-based access control (RBAC) model, called Privacy-Aware Role-Based Access Control (PARBAC) model, for enforcing privacy policies within an organization. The PARBAC model combines RBAC, Domain-Type Enforcement, and privacy protection by modeling business purposes and data policies. Consented consumer privacy preferences are recorded as data policies, which govern how to use actual consumer data. One of the key elements in a privacy policy is purpose. The actual purpose of a business operation to consumer data must be consistent with the purpose consented by the consumer. This is the so-called purpose binding privacy requirement. This paper focuses on enforcing this requirement. Privacy enforcement mechanism with the PARBAC model is then discussed and a privacy scenario is illustrated to describe its application.