Privacy-Aware Role-Based Access Control

被引:25
|
作者
Ni, Qun [1 ]
Bertino, Elisa [1 ]
Lobo, Jorge
Calo, Seraphin B.
机构
[1] Purdue Univ, Dept Comp Sci, W Lafayette, IN 47907 USA
来源
IEEE SECURITY & PRIVACY | 2009年 / 7卷 / 04期
关键词
Model; Obligation; Policy; Privacy; Role-based access control;
D O I
10.1109/MSP.2009.102
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
A privacy-aware role-based access control (P-RBAC) model that extends RBAC to express complex privacy-related policies, including such features as conditions and obligations is discussed. P-RBAC is easy to deploy in systems already adopting RBAC, thus allowing seamless integration of access control and privacy policies. Conditional P-RBAC introduces permission assignment sets and complex Boolean expressions. It can express more complex conditions than those supported by core P-RBAC's condition language. Hierarchical P-RBAC introduces the notions of role hierarchy, object hierarchy, and purpose hierarchy. P-RBAC can represent privacy law rules with obligations using a rule from COPPA. P-RBAC features method that deals with obligations with subject binding instead of action binding.
引用
下载
收藏
页码:35 / 43
页数:9
相关论文
共 50 条
  • [1] Privacy-Aware Role-Based Access Control
    Ni, Qun
    Bertino, Elisa
    Lobo, Jorge
    Brodie, Carolyn
    Karat, Clare-Marie
    Karat, John
    Trombetta, Alberto
    ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2010, 13 (03)
  • [2] Privacy-aware Role Based Access Control
    Ni, Qun
    Trombetta, Alberto
    Bertino, Elisa
    Lobo, Jorge
    SACMAT'07: PROCEEDINGS OF THE 12TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, 2007, : 41 - 50
  • [3] Application of Privacy-aware Role-based Access Control Model in IHE-XDS
    Dauletbek, Daniya
    Yuan, Shi-Zhong
    4TH ANNUAL INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY AND APPLICATIONS (ITA 2017), 2017, 12
  • [4] THE PRIVACY-AWARE ACCESS CONTROL SYSTEM USING ATTRIBUTE-AND ROLE-BASED ACCESS CONTROL IN PRIVATE CLOUD
    Mon, Ei Ei
    Naing, Thinn Thu
    2011 4TH IEEE INTERNATIONAL CONFERENCE ON BROADBAND NETWORK AND MULTIMEDIA TECHNOLOGY (4TH IEEE IC-BNMT2011), 2011, : 447 - 451
  • [5] Conditional privacy-aware role based access control
    Ni, Qun
    Lin, Dan
    Bertino, Elisa
    Lobo, Jorge
    COMPUTER SECURITY - ESORICS 2007, PROCEEDINGS, 2007, 4734 : 72 - +
  • [6] Role-Based Consistency Verification for Privacy-Aware Web Services
    Liu, Linyuan
    Huang, Zhiqiu
    Zhu, Haibin
    PROCEEDINGS OF THE 2009 INTERNATIONAL SYMPOSIUM ON COLLABORATIVE TECHNOLOGIES AND SYSTEMS, 2009, : 423 - +
  • [7] A privacy-aware access control system
    Ardagna, C.
    Cremonini, M.
    di Vimercati, S.
    Samarati, P.
    JOURNAL OF COMPUTER SECURITY, 2008, 16 (04) : 369 - 397
  • [8] Multi-domain and Privacy-aware Role Based Access Control in eHealth
    Martino, Lorenzo D.
    Ni, Qun
    Lin, Dan
    Bertino, Elisa
    2008 2ND INTERNATIONAL CONFERENCE ON PERVASIVE COMPUTING TECHNOLOGIES FOR HEALTHCARE, 2008, : 123 - 126
  • [9] A Semantic Framework for Privacy-Aware Access Control
    Lioudakis, Georgios V.
    Dellas, Nikolaos L.
    Koutsoloukas, Eleftherios A.
    Kapitsaki, Georgia M.
    Kaklamani, Dimitra I.
    Venieris, Iakovos S.
    2008 INTERNATIONAL MULTICONFERENCE ON COMPUTER SCIENCE AND INFORMATION TECHNOLOGY (IMCSIT), VOLS 1 AND 2, 2008, : 757 - 764
  • [10] Access control in a privacy-aware eLearning environment
    Franz, Elke
    Wahrig, Hagen
    Boettcher, Alexander
    Borcea-Pfitzmann, Katrin
    FIRST INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, 2006, : 879 - +
12345