A Category-Based Framework for Privacy-Aware Collaborative Access Control

The increased availability of portable devices with high computational power gave birth to such phenomenon as Bring Your Own Device (BYOD)-a situation when an employee uses his own device for accessing enterprise sensitive resources. This situation in turn created a new conflict-an employee wants to keep his data private, and an employer want to preserve the confidentiality of their sensitive resources. Since in case of BYOD both employees' and employers' data are stored on the employee's device, a problem of distributed and collaborative access control appears. In this paper we propose a novel framework for distributed systems with multiparty data ownership. The underlying formal model is based on the notion of Category-Based Access Control (CBAC). It is expanded with a concept of categories, representing a remote third-party policy decision point. The model is designed and evaluated against requirements for collaborative systems.