research-article

Free access

Conditional purpose based access control model for privacy protection

Authors:

Md Enamul Kabir,

Hua WangAuthors Info & Claims

ADC '09: Proceedings of the Twentieth Australasian Conference on Australasian Database - Volume 92

Pages 135 - 142

Published: 01 January 2009 Publication History

Abstract

This paper presents a model for privacy preserving access control which is based on variety of purposes. Conditional purpose is applied along with allowed purpose and prohibited purpose in the model. It allows users using some data for certain purpose with conditions. The structure of conditional purpose based access control model is defined and investigated through a practical paradigm with access purpose and intended purpose. An algorithm is developed to achieve the compliance computation between access purposes and intended purposes. According to this model, more information from data providers can be extracted while at the same time assuring privacy that maximizes the usability of consumers' data. This model extends traditional access control models to a further coverage of privacy preserving in data mining atmosphere. Its interior is a new structure for managing collected data in an effective and trustworthy way. This structure helps enterprises to circulate clear privacy promise, to collect and manage user preferences and consent. The implementation of the idea in the paper shows the flexibility of the model, and finally we provide comparisons of our work to other related work.

References

[1]

}}Agrawal, R., Kiernan, J., Srikant, R. & Xu, Y. (2002), Hippocratic databases, in '28th International Conference on Very Large Databases (VLDB)'.

Digital Library

[2]

}}Agrawal, R., Bird, P., Grandison, T., Kiernan, J., Logan, S. & Xu, Y. (2005), Extending relational database systems to automatically enforce privacy policies, in 'ICDE', pp. 1013--1022.

Digital Library

[3]

}}Al-Fedaghi (2007), Beyond Purpose-based privacy access control, in '18th Australian Database Conference (ADC)'.

Digital Library

[4]

}}Barker, S. & Stuckey, P. N. (2003), Flexible access control policy specification with constraint logic programming, in 'ACM Transaction on Information and System Security', Vol. 6(4), November.

Digital Library

[5]

}}Bertino, E., Jajodia, S. & Samarati, P. (1996), Database security: Research and practice, in 'Information systems'.

Digital Library

[6]

}}Bertino, E., Byun, J. W., & Li, N. (2005), Privacy-Preserving database system, in 'FOSAD', pp. 178--206.

Digital Library

[7]

}}Byun, J., Bertino, E. & Li, N. (2005), Purpose based access control of complex data for privacy protection, in 'Symposium on Access Control Model And Technologies (SACMAT)'.

Digital Library

[8]

}}Byun, J., Bertino, E. & Li, N. (2008), 'Purpose based access control for privacy protection in relational database systems', VLDB J 17(4), 603--619.

Digital Library

[9]

}}Denning, D., Lunt, T., Schell, R., Shockley, W. & Heckman, M. (1988), The seaview security model, in 'The IEEE Symposium on Research in Security and Privacy'.

[10]

}}Federal Trade Commission(2000), Privacy online: Fair information practices in the electronic marketplace: A report to congress, May. Available at www.ftc.gov/reports/privacy2000/privacy2000.pdf.

[11]

}}Forrester Research (2001), Privacy concerns cost ecommerce $15 billion. Technical report, September.

[12]

}}IBM, The Enterprise Privacy Authorization Language (EPAL). Available at www.zurich.ibm.com/security/enterprise-privacy/epal.

[13]

}}LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y. & DeWitt, D. (2004), Disclosure in Hippocratic databases, in 'The 30th International Conference on Very Large Databases (VLDB)', August.

Digital Library

[14]

}}Marchiori, M. (2002). The platform for privacy preferences 1.0 (P3P1.0) specification. Technical report, W3C, April.

[15]

}}Massacci, F., Mylopoulos, J. & Zannone, N. (2005), Minimal Disclosure in Hierarchical Hippocratic Databases with Delegation, in 'The 10th Europran Symposium on Research in Computer Security', September 12--14.

Digital Library

[16]

}}OASIS, Core and hierarchical role based access control (rbac) profile of xacml v2.0. Available at http://www.oasis-open.org/.

[17]

}}OASIS, Extensible access control markup language (xacml) 2.0. Available at http://www.oasis-open.org/.

[18]

}}OASIS, Privacy policy profile of xacml v2.0. Available at http://www.oasis-open.org/.

[19]

}}Oracle Corporation (2002), The Virtual Private Database in Oracle9iR2: An Oracle Technical White Paper, January, Available at www.oracle.com.

[20]

}}Rizvi, S., Mendelzon, A. O., Sudarshan, S. & Roy, P. (2004), Extending query rewriting techniques for fine-grained access control, in 'SIGMOD Conference', pp. 551--562.

Digital Library

[21]

}}Powers, C. S., Ashley, P. & Schunter, M. (2002), Privacy promises, access control, and privacy management, in 'The 3rd International Symposium on Electronic Commerce'.

Digital Library

[22]

}}Sandhu, R. & Jajodia, S. (1991), Toward a multilevel secure relational data model, in 'ACM Transactional Conference on Management of Data (SIGMOD)'.

Digital Library

[23]

}}Sandhu, R. & Chen, F. (1998), The multilevel relational data model, in 'ACM Transaction on Information and System Security'.

Digital Library

[24]

}}Stonebraker, M. & Wong, E. (1974), Access control in a relational database management system by query modification, in 'ACM CSC-ER Proceedings of the 1974 Annual Conference', January.

Digital Library

[25]

}}World Wide Web Consortium (W3C), Platform for Privacy Preferences (P3P), Available at www.w3.org/P3P.

[26]

}}Yang, N., Barringer, H. & Zhang, N. (2007), A Purpose-Based Access Control Model, in 'Third International Symposium on Information Assurance and Security', pp. 143--148.

Digital Library

Cited By

Lin LHu JZhang J(2016)PacketFrontiers of Computer Science: Selected Publications from Chinese Universities10.1007/s11704-016-5503-910:6(1142-1157)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1007/s11704-016-5503-9
Colombo PFerrari E(2015)Privacy Aware Access Control for Big DataBig Data Research10.1016/j.bdr.2015.08.0012:4(145-154)Online publication date: 1-Dec-2015
https://dl.acm.org/doi/10.1016/j.bdr.2015.08.001

Index Terms

Conditional purpose based access control model for privacy protection
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime
    2. Privacy policies

Recommendations

Purpose based access control of complex data for privacy protection
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologies

As privacy becomes a major concern for both consumers and enterprises, many research efforts have been devoted to the development of privacy protecting technology. We recently proposed a privacy preserving access control model for relational databases,...
A conditional purpose-based access control model with dynamic roles

This paper presents a model for privacy preserving access control which is based on variety of purposes. Conditional purpose is applied along with allowed purpose and prohibited purpose in the model. It allows users using some data for certain purpose ...
A role-involved purpose-based access control model

This paper presents a role-involved purpose-based access control (RPAC) model, where a conditional purpose is defined as the intention of data accesses or usages under certain conditions. RPAC allows users using some data for a certain purpose with ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image DL Hosted proceedings

ADC '09: Proceedings of the Twentieth Australasian Conference on Australasian Database - Volume 92

January 2009

184 pages

ISBN:9781920682736

Editors:
Athman Bouguettaya
CSIRO
,
Xuemin Lin
University of New South Wales

Sponsors

Helium, New Zealand
Australian Comp Soc: Australian Computer Society
CityLink, New Zealand
Security Assessment, New Zealand
New Zealand Computer Society
CSIRO
CORE - Computing Research and Education
Victoria University of Wellington
The University of New South Wales
ARC research network in enterprise information infrastructure
Xero
Catalyst, New Zealand

Publisher

Australian Computer Society, Inc.

Australia

Publication History

Published: 01 January 2009

Author Tags

Qualifiers

Research-article

Conference

ADC '09

Sponsor:

Australian Comp Soc

ADC '09: Australasian Database

January 1, 2009

Wellington, New Zealand

Acceptance Rates

ADC '09 Paper Acceptance Rate 17 of 43 submissions, 40%;

Overall Acceptance Rate 98 of 224 submissions, 44%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
182
Total Downloads

Downloads (Last 12 months)28
Downloads (Last 6 weeks)2

Reflects downloads up to 22 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lin LHu JZhang J(2016)PacketFrontiers of Computer Science: Selected Publications from Chinese Universities10.1007/s11704-016-5503-910:6(1142-1157)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1007/s11704-016-5503-9
Colombo PFerrari E(2015)Privacy Aware Access Control for Big DataBig Data Research10.1016/j.bdr.2015.08.0012:4(145-154)Online publication date: 1-Dec-2015
https://dl.acm.org/doi/10.1016/j.bdr.2015.08.001

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten