A Role-Involved Conditional Purpose-Based Access Control Model

This paper presents a role-involved conditional purpose-based access control (RCPBAC) model, where a purpose is defined as the intension of data accesses or usages. RCPBAC allows users using some data for certain purpose with conditions. The structure of RCPBAC model is defined and investigated. An algorithm is developed to achieve the compliance computation between access purposes (related to data access) and intended purposes (related to data objects) and is illustrated with role-based access control (RBAC) to support RCPBAC. According to this model, more information from data providers can be extracted while at the same time assuring privacy that maximizes the usability of consumers’ data. It extends traditional access control models to a further coverage of privacy preserving in data mining environment as RBAC is one of the most popular approach towards access control to achieve database security and available in database management systems. The structure helps enterprises to circulate clear privacy promise, to collect and manage user preferences and consent.

[1]  Jun Gu,et al.  Dynamic Purpose-Based Access Control , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications.

[2]  M. Fragkakis,et al.  Comparing the Trust and Security Models of Mobile Agents , 2007 .

[3]  Ning Zhang,et al.  A Purpose-Based Access Control Model , 2007, Third International Symposium on Information Assurance and Security.

[4]  C. Powers Privacy Promises, Access Control, and Privacy Management , 2002 .

[5]  Rakesh Agrawal,et al.  Extending relational database systems to automatically enforce privacy policies , 2005, 21st International Conference on Data Engineering (ICDE'05).

[6]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[7]  Fang Chen,et al.  The multilevel relational (MLR) data model , 1998, TSEC.

[8]  Md. Enamul Kabir,et al.  Conditional Purpose Based Access Control Model for Privacy Protection , 2009, ADC.

[9]  Terrence A. Brooks,et al.  World Wide Web Consortium (W3C) , 2010 .

[10]  David J. DeWitt,et al.  Limiting Disclosure in Hippocratic Databases , 2004, VLDB.

[11]  Matthias Schunter,et al.  Privacy promises, access control, and privacy management. Enforcing privacy throughout an enterprise by extending access control , 2002, Proceedings. Third International Symposium on Electronic Commerce,.

[12]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[13]  Elisa Bertino,et al.  Database Security: Research and Practice , 1995, Inf. Syst..

[14]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[15]  Dorothy E. Denning,et al.  A Multilevel Relational Data Model , 1987, 1987 IEEE Symposium on Security and Privacy.

[16]  Sabah S. Al-Fedaghi,et al.  Beyond Purpose-Based Privacy Access Control , 2007, ADC.

[17]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[18]  Dorothy E. Denning,et al.  The SeaView Security Model , 1990, IEEE Trans. Software Eng..

[19]  John Mylopoulos,et al.  Minimal Disclosure in Hierarchical Hippocratic Databases with Delegation , 2005, ESORICS.

[20]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[21]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[22]  Peter J. Stuckey,et al.  Flexible access control policy specification with constraint logic programming , 2003, TSEC.

[23]  Patrick C. K. Hung,et al.  Towards a Privacy Access Control Model for e-Healthcare Services , 2005, PST.

[24]  Elisa Bertino,et al.  Purpose based access control of complex data for privacy protection , 2005, SACMAT '05.

[25]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.