research-article

Mixing privacy with role-based access control

Authors:

Aiman Lafi Al-Harbi,

Sylvia L. OsbornAuthors Info & Claims

C3S2E '11: Proceedings of The Fourth International C* Conference on Computer Science and Software Engineering

Pages 1 - 7

https://doi.org/10.1145/1992896.1992897

Published: 16 May 2011 Publication History

Get Access

Abstract

In this paper we investigate different alternatives for including privacy purposes into role-based access control. We emphasize that not all permissions have a purpose, only those which deal with the use of data about individuals stored in a system need to have privacy labels. We develop a model for including privacy purposes in the Role Graph Model, and show its implementation in a prototype.

References

[1]

American National Standards Institute, Inc. Role-Based Access Control. ANSI INCITS 359-2004. Approved Feb. 3, 2004.

Google Scholar

[2]

J.-W. Byun and N. Li. Purpose based access control for privacy protection in relational database systems. VLDB J., 17(4):603--619, 2008.

Digital Library

Google Scholar

[3]

D. Ferraiolo and R. Kuhn. Role-based access control. In Proceedings of the NIST-NSA National Computer Security Conference, pages 554--563, 1992.

Google Scholar

[4]

D. Ferraiolo, R. Sandhu, S. Gavrila, D. Kuhn, and R. Ch andramouli. Proposed NIST standard for role-based access control. ACM TISSEC, 4(3):224--275, 2001.

Digital Library

Google Scholar

[5]

C. Ionita and S. Osborn. Privilege administration for the role graph model. In 16th IFIP WG11.3 Working Conference on Database & Application Security, pages 15--25. Kluwer Academic Publishers, 2002.

Google Scholar

[6]

Q. Ni, A. Trombetta, E. Bertino, and J. Lobo. Privacy-aware role based access control. In SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies, pages 41--50, New York, NY, USA, 2007. ACM.

Digital Library

Google Scholar

[7]

M. Nyanchama and S. Osborn. Access rights administration in role-based security systems. In Database Security, VIII Status and Prospects, pages 37--56. North Holland, 1994.

Digital Library

Google Scholar

[8]

M. Nyanchama and S. Osborn. The role graph model and conflict of interest. ACM Trans. Information and Systems Security, 2(1):3--33, 1999.

Digital Library

Google Scholar

[9]

S. L. Osborn. Role-based access control. In M. Petkovic and W. Jonker, editors, Security, Privacy and Trust in Modern Data Management, pages 55--70. Springer, 2007.

Google Scholar

[10]

R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, 1996.

Digital Library

Google Scholar

[11]

C. E. Shyni and S. Swamynathan. Purpose based access control for privacy protection in objectrelational database systems. In 2010 International Conference on Data Storage and Data Engineering, pages 90--94, 2010.

Digital Library

Google Scholar

[12]

H. Wang and S. L. Osborn. Static and dynamic delegation in the role graph model. to appear, IEEE Trans. on Knowledge and Data Management, 2010.

Digital Library

Google Scholar

Cited By

View all

Osborn S(2019)Is It Privacy or Is It Access Control?Cyber Law, Privacy, and Security10.4018/978-1-5225-8897-9.ch053(1133-1141)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-8897-9.ch053
Osborn S(2019)Is It Privacy or Is It Access Control?Censorship, Surveillance, and Privacy10.4018/978-1-5225-7113-1.ch101(2044-2052)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-7113-1.ch101
Wang HSun LBertino E(2019)Building access control policy model for privacy preserving and testing policy conflicting problemsJournal of Computer and System Sciences10.1016/j.jcss.2014.04.01780:8(1493-1503)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1016/j.jcss.2014.04.017
Show More Cited By

Index Terms

Mixing privacy with role-based access control

Recommendations

Configuring role-based access control to enforce mandatory and discretionary access control policies

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Delegation in role-based access control

User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
Privacy-Aware Role-Based Access Control

A privacy-aware role-based access control model extends RBAC to express highly complex privacy-related policies, including consideration of such features as conditions and obligations. Because it's based on the RBAC model, the full-fledged P-RBAC ...

Comments

Information & Contributors

Information

Published In

C3S2E '11: Proceedings of The Fourth International C* Conference on Computer Science and Software Engineering

May 2011

162 pages

ISBN:9781450306263

DOI:10.1145/1992896

General Chair:
Bipin C. Desai
Concordia University, Montréal, QC, Canada
,
Program Chairs:
Alain Abran
École de technologie supérieure (ETS) de l'université du Québec
,
Sudhir P. Mudur
Concordia University, Canada

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 May 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

C3S2E '11

Sponsor:

ACM
Concordia University

C3S2E '11: Fourth International C* Conference on Computer Science & Software Engineering

May 16 - 18, 2011

Quebec, Montreal, Canada

Acceptance Rates

Overall Acceptance Rate 12 of 42 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
188
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)1

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Osborn S(2019)Is It Privacy or Is It Access Control?Cyber Law, Privacy, and Security10.4018/978-1-5225-8897-9.ch053(1133-1141)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-8897-9.ch053
Osborn S(2019)Is It Privacy or Is It Access Control?Censorship, Surveillance, and Privacy10.4018/978-1-5225-7113-1.ch101(2044-2052)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-7113-1.ch101
Wang HSun LBertino E(2019)Building access control policy model for privacy preserving and testing policy conflicting problemsJournal of Computer and System Sciences10.1016/j.jcss.2014.04.01780:8(1493-1503)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1016/j.jcss.2014.04.017
Osborn S(2014)Is It Privacy or Is It Access Control?Information Security in Diverse Computing Environments10.4018/978-1-4666-6158-5.ch004(51-58)Online publication date: 2014
https://doi.org/10.4018/978-1-4666-6158-5.ch004
Mahmud MOsborn S(2012)Tradeoff Analysis of Relational Database Storage of Privacy PreferencesSecure Data Management10.1007/978-3-642-32873-2_1(1-13)Online publication date: 2012
https://doi.org/10.1007/978-3-642-32873-2_1

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Configuring role-based access control to enforce mandatory and discretionary access control policies

Delegation in role-based access control

Privacy-Aware Role-Based Access Control