A Purpose-Involved Role-Based Access Control Model

Now, organizations are required to comply with existing privacy protection regulations on data collection, use, and disclosure. Privacy preservation in a data-sharing computing environment is becoming a challenging problem. The core part of privacy protection is purposes for and circumstances under which the data can be accessed. It must be ensured that data can only be used for its intended purposes, so the access purpose should be compliant with the intended purposes. In this paper, the role-based access control (RBAC) model is extended to incorporate the notion of purpose. Relationships between purposes are defined. It is investigated that how different components in the RBAC model are related to purpose and how the purpose information can be used to determine whether a subject has access to a given object. The model can suit for applications consisting of static and dynamic objects, where both access purpose and intended purpose are needed for consideration before granting access.

[1]  Jun Gu,et al.  Dynamic Purpose-Based Access Control , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications.

[2]  M. Fragkakis,et al.  Comparing the Trust and Security Models of Mobile Agents , 2007 .

[3]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[4]  D. Richard Kuhn,et al.  Adding Attributes to Role-Based Access Control , 2010, Computer.

[5]  Jane Sinclair,et al.  Introduction to formal specification and Z , 1991, Prentice Hall International Series in Computer Science.

[6]  Jorge Lobo,et al.  Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.

[7]  Elisa Bertino,et al.  A role-involved purpose-based access control model , 2012, Inf. Syst. Frontiers.

[8]  S. Swamynathan,et al.  Purpose Based Access Control for Privacy Protection in Object Relational Database Systems , 2010, 2010 International Conference on Data Storage and Data Engineering.

[9]  John Mylopoulos,et al.  Minimal Disclosure in Hierarchical Hippocratic Databases with Delegation , 2005, ESORICS.

[10]  Ning Zhang,et al.  A Purpose-Based Access Control Model , 2007 .

[11]  Amirreza Masoumzadeh,et al.  PuRBAC: Purpose-Aware Role-Based Access Control , 2008, OTM Conferences.

[12]  Jorge Lobo,et al.  Conditional Privacy-Aware Role Based Access Control , 2007, ESORICS.

[13]  Elisa Bertino,et al.  Privacy Protection , 2022 .

[14]  Matthias Schunter,et al.  Privacy promises, access control, and privacy management. Enforcing privacy throughout an enterprise by extending access control , 2002, Proceedings. Third International Symposium on Electronic Commerce,.

[15]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.