Building access control policy model for privacy preserving and testing policy conflicting problems

This paper proposes a purpose-based access control model in distributed computing environment for privacy preserving policies and mechanisms, and describes algorithms for policy conflicting problems. The mechanism enforces access policy to data containing personally identifiable information. The key component is purpose involved access control models for expressing highly complex privacy-related policies with various features. A policy refers to an access right that a subject can have on an object, based on attribute predicates, obligation actions, and system conditions. Policy conflicting problems may arise when new access policies are generated that are possible to be conflicted to existing policies. As a result of the policy conflicts, private information cannot be well protected. The structure of purpose involved access control policy is studied, and efficient conflict-checking algorithms are developed and implemented. Finally a discussion of our work in comparison with other related work such as EPAL is presented.

[1]  Joshua Zhexue Huang,et al.  Privacy preserving distributed DBSCAN clustering , 2012, EDBT-ICDT '12.

[2]  Sylvia L. Osborn,et al.  Mixing privacy with role-based access control , 2011, C3S2E '11.

[3]  Yanchun Zhang,et al.  Authorization Algorithms for the Mobility of User-Role Relationship , 2005, ACSC.

[4]  Chris Clifton,et al.  Using Sample Size to Limit Exposure to Data Mining , 2000, J. Comput. Secur..

[5]  Konstantin Beznosov,et al.  Supporting relationships in access control using role based access control , 1999, RBAC '99.

[6]  Nicola Zannone,et al.  Purpose Control: Did You Process the Data for the Intended Purpose? , 2011, Secure Data Management.

[7]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[8]  Robert H. Deng,et al.  A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[9]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[10]  Yanchun Zhang,et al.  Optimal Privacy-Aware Path in Hippocratic Databases , 2009, DASFAA.

[11]  Elisa Bertino,et al.  A Conditional Role-Involved Purpose-Based Access Control Model , 2011, J. Organ. Comput. Electron. Commer..

[12]  Hua Wang,et al.  (p+, α)-sensitive k-anonymity: A new enhanced privacy protection model , 2008, 2008 8th IEEE International Conference on Computer and Information Technology.

[13]  Adam Barth,et al.  Conflict and Combination in Privacy Policy Languages (Summary) , 2004 .

[14]  Hua Wang,et al.  Authorization approaches for advanced permission-role assignments , 2008, 2008 12th International Conference on Computer Supported Cooperative Work in Design.

[15]  Hua Wang,et al.  Microdata Protection Through Approximate Microaggregation , 2009, ACSC.

[16]  Jie Wu,et al.  Achieving fine‐grained access control for secure data sharing on cloud servers , 2011, Concurr. Comput. Pract. Exp..

[17]  Ran Canetti,et al.  Perfectly One-Way Probabilistic Hash Functions , 1998, Symposium on the Theory of Computing.

[18]  Hua Wang,et al.  Satisfying Privacy Requirements: One Step before Anonymization , 2010, PAKDD.

[19]  Yiannis Tsiounis,et al.  "Indirect Discourse Proof": Achieving Efficient Fair Off-Line E-cash , 1996, ASIACRYPT.

[20]  Yanchun Zhang,et al.  A flexible payment scheme and its role-based access control , 2005, IEEE Transactions on Knowledge and Data Engineering.

[21]  Elisa Bertino,et al.  Privacy-Preserving Database Systems , 2005, FOSAD.

[22]  Hua Wang,et al.  A purpose‐based access control in native XML databases , 2012, Concurr. Comput. Pract. Exp..

[23]  Hua Wang,et al.  A framework for role-based group deligation in distributed environments , 2006, ACSC.

[24]  Yanchun Zhang,et al.  Delegating revocations and authorizations in collaborative business environments , 2009, Inf. Syst. Frontiers.

[25]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[26]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[27]  Vicenç Torra Towards Knowledge Intensive Data Privacy , 2010, DPM/SETOP.

[28]  Yanchun Zhang,et al.  Satisfying Privacy Requirements Before Data Anonymization , 2012, Comput. J..

[29]  Ninghui Li,et al.  A semantics based approach to privacy languages , 2006, Comput. Syst. Sci. Eng..

[30]  Yanchun Zhang,et al.  Ubiquitous computing environments and its usage access control , 2006, InfoScale '06.

[31]  Ran Canetti,et al.  Perfectly one-way probabilistic hash functions (preliminary version) , 1998, STOC '98.

[32]  Jian Pei,et al.  Publishing anonymous survey rating data , 2011, Data Mining and Knowledge Discovery.

[33]  Yanchun Zhang,et al.  An approximate microaggregation approach for microdata protection , 2012, Expert Syst. Appl..

[34]  Hua Wang,et al.  Enhanced P-Sensitive K-Anonymity Models for Privacy Preserving Data Publishing , 2008, Trans. Data Priv..

[35]  Hua Wang,et al.  Secure and Efficient Information Sharing in Multi-university E-Learning Environments , 2007, ICWL.

[36]  Hua Wang,et al.  An efficient hash-based algorithm for minimal k-anonymity , 2008, ACSC.

[37]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[38]  David J. DeWitt,et al.  Limiting Disclosure in Hippocratic Databases , 2004, VLDB.

[39]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[40]  Tatsuaki Okamoto,et al.  Single-Term Divisible Electronic Coins , 1994, EUROCRYPT.

[41]  Anne Adams,et al.  Privacy in Multimedia Communications: Protecting Users, Not Just Data , 2001, BCS HCI/IHM.

[42]  Vijay Varadharajan,et al.  Purpose-Based Access Control Policies and Conflicting Analysis , 2010, SEC.

[43]  Yanchun Zhang,et al.  Access control management for ubiquitous computing , 2008, Future Gener. Comput. Syst..

[44]  Tatsuaki Okamoto,et al.  An Efficient Divisible Electronic Cash Scheme , 1995, CRYPTO.

[45]  Hua Wang,et al.  Access control and authorization for protecting disseminative information in E‐learning workflow , 2011, Concurr. Comput. Pract. Exp..

[46]  Matthew K. Franklin,et al.  Secure and Efficient Off-Line Digital Money (Extended Abstract) , 1993, ICALP.

[47]  Yanchun Zhang,et al.  Privacy-aware access control with trust management in web service , 2011, World Wide Web.

[48]  Jinli Cao,et al.  Towards Secure XML Document with Usage Control , 2005, APWeb.

[49]  Elisa Bertino,et al.  A conditional purpose-based access control model with dynamic roles , 2011, Expert Syst. Appl..

[50]  Yanchun Zhang,et al.  Effective Collaboration with Information Sharing in Virtual Universities , 2009, IEEE Transactions on Knowledge and Data Engineering.

[51]  Hua Wang,et al.  Priority Driven K-Anonymisation for Privacy Protection , 2008, AusDM.

[52]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[53]  John C. Mitchell,et al.  Conflict and combination in privacy policy languages , 2004, WPES '04.

[54]  Elisa Bertino,et al.  Purpose based access control of complex data for privacy protection , 2005, SACMAT '05.

[55]  Md. Enamul Kabir,et al.  Microdata Protection Method Through Microaggregation: A Median-Based Approach , 2011, Inf. Secur. J. A Glob. Perspect..

[56]  David Pointcheval,et al.  Self-Scrambling Anonymizers , 2000, Financial Cryptography.

[57]  Jinli Cao,et al.  Role-Based Delegation with Negative Authorization , 2006, APWeb.

[58]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[59]  Hua Wang,et al.  Integrating recommendation models for improved web page prediction accuracy , 2008, ACSC.

[60]  Ramarathnam Venkatesan,et al.  Speeding up Discrete Log and Factoring Based Schemes via Precomputations , 1998, EUROCRYPT.

[61]  Michael Stumm,et al.  NetCents: A Lightweight Protocol for Secure Micropayments , 1998, USENIX Workshop on Electronic Commerce.

[62]  Hua Wang,et al.  A family of enhanced (L, alpha)-diversity models for privacy preserving data publishing , 2011, Future Gener. Comput. Syst..

[63]  Jennifer Widom,et al.  The Lowell database research self-assessment , 2003, CACM.

[64]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[65]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[66]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[67]  Md. Enamul Kabir,et al.  Conditional Purpose Based Access Control Model for Privacy Protection , 2009, ADC.

[68]  Jorge Lobo,et al.  Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.

[69]  Hua Wang,et al.  Extended k-anonymity models against sensitive attribute disclosure , 2011, Comput. Commun..

[70]  Hua Wang,et al.  Authorization Algorithms for Permission-Role Assignments , 2009, J. Univers. Comput. Sci..

[71]  Francesco Folino,et al.  Combining Markov Models and Association Analysis for Disease Prediction , 2011, ITBAM.

[72]  Hua Wang,et al.  ABDM: An extended flexible delegation model in RBAC , 2008, 2008 8th IEEE International Conference on Computer and Information Technology.

[73]  Yan Li,et al.  M-service and its framework , 2005, 2005 Asia-Pacific Conference on Communications.

[74]  Ravi S. Sandhu,et al.  Role activation hierarchies , 1998, RBAC '98.

[75]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[76]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[77]  Elisa Bertino,et al.  Specifying and enforcing access control policies for XML document sources , 2004, World Wide Web.

[78]  Yiannis Tsiounis,et al.  On the Security of ElGamal Based Encryption , 1998, Public Key Cryptography.

[79]  Ji Zhang,et al.  Detecting anomalies from high-dimensional wireless network data streams: a case study , 2011, Soft Comput..

[80]  Elisa Bertino,et al.  An Extended Authorization Model for Relational Databases , 1997, IEEE Trans. Knowl. Data Eng..

[81]  Hua Wang,et al.  Privacy-aware Access Control with Generalization Boundaries , 2009, ACSC.

[82]  Elisa Bertino,et al.  Efficient systematic clustering method for k-anonymization , 2011, Acta Informatica.

[83]  Hua Wang,et al.  Advanced Permission-Role Relationship in Role-Based Access Control , 2008, ACISP.

[84]  Hua Wang,et al.  Injecting purpose and trust into data anonymisation , 2009, CIKM.

[85]  Hua Wang,et al.  Trust-Involved Access Control in Collaborative Open Social Networks , 2010, 2010 Fourth International Conference on Network and System Security.

[86]  Hua Wang,et al.  Extended K-Anonymity Models Against Attribute Disclosure , 2009, 2009 Third International Conference on Network and System Security.

[87]  Hua Wang,et al.  Purpose Based Access Control for Privacy Protection in E-Healthcare Services , 2012, J. Softw..