XACML Policy Evaluation with Dynamic Context Handling

Some fairly recent research has focused on providing XACML-based solutions for dynamic privacy policy management. In this regard, a number of works have provided enhancements to the performance of XACML policy enforcement point (PEP) component, but very few have focused on enhancing the accuracy of that component. This paper improves the accuracy of an XACML PEP by filling some gaps in the existing works. In particular, dynamically incorporating user access context into the privacy policy decision, and its enforcement. We provide an XACML-based implementation of a dynamic privacy policy management framework and an evaluation of the applicability of our system in comparison to some of the existing approaches.

[1]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[2]  Charu C. Aggarwal,et al.  On the design and quantification of privacy preserving data mining algorithms , 2001, PODS.

[3]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[4]  Nicole Tourigny,et al.  Bio2RDF: Towards a mashup to build bioinformatics knowledge systems , 2008, J. Biomed. Informatics.

[5]  Elisa Bertino,et al.  Supporting RBAC with XACML+OWL , 2009, SACMAT '09.

[6]  Azzam Mourad,et al.  Towards efficient evaluation of XACML policies , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[7]  Wouter Joosen,et al.  Middleware for efficient and confidentiality-aware federation of access control policies , 2013, Journal of Internet Services and Applications.

[8]  Alda Lopes Gançarski,et al.  Privacy-Preserving Data Mashup , 2011, AINA.

[9]  C. E. SHANNON,et al.  A mathematical theory of communication , 1948, MOCO.

[10]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[11]  Achim D. Brucker,et al.  Idea: Efficient Evaluation of Access Control Constraints , 2010, ESSoS.

[12]  Brahim Medjahed,et al.  Context-based matching for Web service composition , 2007, Distributed and Parallel Databases.

[13]  David J. DeWitt,et al.  Mondrian Multidimensional K-Anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[14]  Ashwin Machanavajjhala,et al.  On the efficiency of checking perfect privacy , 2006, PODS '06.

[15]  T. Meyyappan,et al.  Detection of sensitive items in market basket database using association rule mining for privacy preserving , 2013, 2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering.

[16]  Romain Laborde,et al.  An Adaptive XACMLv3 Policy Enforcement Point , 2014, 2014 IEEE 38th International Computer Software and Applications Conference Workshops.

[17]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[18]  Elisa Bertino,et al.  A Trust-Based Context-Aware Access Control Model for Web-Services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[19]  Schahram Dustdar,et al.  A survey on context-aware web service systems , 2009, Int. J. Web Inf. Syst..

[20]  Tao Xie,et al.  Designing Fast and Scalable XACML Policy Evaluation Engines , 2011, IEEE Transactions on Computers.

[21]  Claude E. Shannon,et al.  The mathematical theory of communication , 1950 .

[22]  Gavin Brown,et al.  Conditional Likelihood Maximisation: A Unifying Framework for Information Theoretic Feature Selection , 2012, J. Mach. Learn. Res..

[23]  James H. Kaufman,et al.  Protecting Privacy while Sharing Medical Data Between Regional Healthcare Entities , 2007, MedInfo.

[24]  Benjamin C. M. Fung,et al.  Anonymizing healthcare data: a case study on the blood transfusion service , 2009, KDD.

[25]  Romain Laborde,et al.  Specification and Enforcement of Dynamic Authorization Policies Oriented by Situations , 2014, 2014 6th International Conference on New Technologies, Mobility and Security (NTMS).

[26]  Abdelkarim Erradi,et al.  Policy-Driven Middleware for Self-adaptation of Web Services Compositions , 2006, Middleware.

[27]  Sajal K. Das,et al.  Adaptive and context-aware privacy preservation schemes exploiting user interactions in pervasive environments , 2012, 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[28]  David J. DeWitt,et al.  Limiting Disclosure in Hippocratic Databases , 2004, VLDB.

[29]  Christos P. Antonopoulos,et al.  Optimal scheduling of smart homes' appliances for the minimization of energy cost under dynamic pricing , 2012, Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies & Factory Automation (ETFA 2012).

[30]  Rakesh Agrawal,et al.  Securing electronic health records without impeding the flow of information , 2007, Int. J. Medical Informatics.