A system architecture for subject-centric data sharing

With the rapid growth of online social networks, the mindset of the people about sharing of their personal information has changed significantly. Individuals (data subjects) are more willing to share their personal information with others. However, contemporary data sharing mechanisms often do not capture the individual's fine-grained data sharing requirements. Furthermore, data subjects have to use diverse access control mechanisms available for each different data custodian to control its dissemination, which often lead to data and privacy leakage. To overcome these limitations, we present a novel system architecture puts the data subject in charge of selectively assigning access rights to resources using a centralized authorization manager. We have also implemented a prototype to show how the proposed subject-centric and privacy-preserving data sharing framework works.

[1]  Jennifer Seberry,et al.  Public Key Cryptography , 2000, Lecture Notes in Computer Science.

[2]  Xinwen Zhang,et al.  xDAuth: a scalable and lightweight framework for cross domain access control and delegation , 2011, SACMAT '11.

[3]  Gerrit Hornung,et al.  A General Data Protection Regulation for Europe? Light and shade in the Commission’s draft of 25 January 2012 , 2012 .

[4]  Stuart S. Shapiro,et al.  Privacy by design , 2010, Commun. ACM.

[5]  Douglas Crockford,et al.  The application/json Media Type for JavaScript Object Notation (JSON) , 2006, RFC.

[6]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[7]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[8]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[9]  Eve Maler,et al.  User-managed access to web resources , 2010, DIM '10.

[10]  Liang Chen,et al.  Set Covering Problems in Role-Based Access Control , 2009, ESORICS.

[11]  Ann Cavoukian,et al.  Privacy by Design [Leading Edge] , 2012, IEEE Technol. Soc. Mag..

[12]  Yanchun Zhang,et al.  Effective Collaboration with Information Sharing in Virtual Universities , 2009, IEEE Transactions on Knowledge and Data Engineering.

[13]  Abdul Ghafoor,et al.  User Centric Access control policy management framework for Cloud applications , 2013, 2013 2nd National Conference on Information Assurance (NCIA).

[14]  Jun Han,et al.  A Policy Framework for Subject-Driven Data Sharing , 2018, HICSS.

[15]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[16]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[17]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[18]  Sushil Jajodia,et al.  A logic-based framework for attribute based access control , 2004, FMSE '04.

[19]  D. Elliott Bell Secure Computer Systems: A Refinement of the Mathematical Model , 1974 .

[20]  Md. Moniruzzaman,et al.  Delegation of access rights in a privacy preserving access control model , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[21]  Jerome H. Saltzer,et al.  Kerberos authentication and authorization system , 1987 .

[22]  James B. D. Joshi,et al.  LoT-RBAC: A Location and Time-Based RBAC Model , 2005, WISE.

[23]  Maciej P. Machulak,et al.  User-Managed Access (UMA) Profile of OAuth 2.0 , 2016 .

[24]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.