Privacy-Aware Role-Based Access Control

被引：25

作者：

Ni, Qun ^{[1
]}

Bertino, Elisa ^{[1
]}

Lobo, Jorge

Calo, Seraphin B.

机构：

[1] Purdue Univ, Dept Comp Sci, W Lafayette, IN 47907 USA

来源：

IEEE SECURITY & PRIVACY | 2009年 / 7卷 / 04期

关键词：

Model; Obligation; Policy; Privacy; Role-based access control;

D O I：

10.1109/MSP.2009.102

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

A privacy-aware role-based access control (P-RBAC) model that extends RBAC to express complex privacy-related policies, including such features as conditions and obligations is discussed. P-RBAC is easy to deploy in systems already adopting RBAC, thus allowing seamless integration of access control and privacy policies. Conditional P-RBAC introduces permission assignment sets and complex Boolean expressions. It can express more complex conditions than those supported by core P-RBAC's condition language. Hierarchical P-RBAC introduces the notions of role hierarchy, object hierarchy, and purpose hierarchy. P-RBAC can represent privacy law rules with obligations using a rule from COPPA. P-RBAC features method that deals with obligations with subject binding instead of action binding.

引用

页码：35 / 43

页数：9

共 50 条

[1] Privacy-Aware Role-Based Access Control
Ni, Qun
Bertino, Elisa
Lobo, Jorge
Brodie, Carolyn
Karat, Clare-Marie
Karat, John
Trombetta, Alberto
[J]. ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2010, 13 (03)
[2] Privacy-aware Role Based Access Control
Ni, Qun
Trombetta, Alberto
Bertino, Elisa
Lobo, Jorge
[J]. SACMAT'07: PROCEEDINGS OF THE 12TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, 2007, : 41 - 50
[3] Application of Privacy-aware Role-based Access Control Model in IHE-XDS
Dauletbek, Daniya
Yuan, Shi-Zhong
[J]. 4TH ANNUAL INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY AND APPLICATIONS (ITA 2017), 2017, 12
[4] THE PRIVACY-AWARE ACCESS CONTROL SYSTEM USING ATTRIBUTE-AND ROLE-BASED ACCESS CONTROL IN PRIVATE CLOUD
Mon, Ei Ei
Naing, Thinn Thu
[J]. 2011 4TH IEEE INTERNATIONAL CONFERENCE ON BROADBAND NETWORK AND MULTIMEDIA TECHNOLOGY (4TH IEEE IC-BNMT2011), 2011, : 447 - 451
[5] Conditional privacy-aware role based access control
Ni, Qun
Lin, Dan
Bertino, Elisa
Lobo, Jorge
[J]. COMPUTER SECURITY - ESORICS 2007, PROCEEDINGS, 2007, 4734 : 72 - +
[6] Role-Based Consistency Verification for Privacy-Aware Web Services
Liu, Linyuan
Huang, Zhiqiu
Zhu, Haibin
[J]. PROCEEDINGS OF THE 2009 INTERNATIONAL SYMPOSIUM ON COLLABORATIVE TECHNOLOGIES AND SYSTEMS, 2009, : 423 - +
[7] A privacy-aware access control system
Ardagna, C.
Cremonini, M.
di Vimercati, S.
Samarati, P.
[J]. JOURNAL OF COMPUTER SECURITY, 2008, 16 (04) : 369 - 397
[8] Multi-domain and Privacy-aware Role Based Access Control in eHealth
Martino, Lorenzo D.
Ni, Qun
Lin, Dan
Bertino, Elisa
[J]. 2008 2ND INTERNATIONAL CONFERENCE ON PERVASIVE COMPUTING TECHNOLOGIES FOR HEALTHCARE, 2008, : 123 - 126
[9] A Semantic Framework for Privacy-Aware Access Control
Lioudakis, Georgios V.
Dellas, Nikolaos L.
Koutsoloukas, Eleftherios A.
Kapitsaki, Georgia M.
Kaklamani, Dimitra I.
Venieris, Iakovos S.
[J]. 2008 INTERNATIONAL MULTICONFERENCE ON COMPUTER SCIENCE AND INFORMATION TECHNOLOGY (IMCSIT), VOLS 1 AND 2, 2008, : 757 - 764
[10] Access control in a privacy-aware eLearning environment
Franz, Elke
Wahrig, Hagen
Boettcher, Alexander
Borcea-Pfitzmann, Katrin
[J]. FIRST INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, 2006, : 879 - +

← 1 2 3 4 5 →