Browse > Article

An Extended Role-based Access Control Model with Privacy Enforcement  

박종화 (세명대학교 소프트웨어학과)
김동규 (아주대학교 정보 및 컴퓨터공학부)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.29, no.8C, 2004 , pp. 1076-1085 More about this Journal
Abstract
Privacy enforcement has been one of the most important problems in IT area. Privacy protection can be achieved by enforcing privacy policies within an organization's data processing systems. Traditional security models are more or less inappropriate for enforcing basic privacy requirements, such as privacy binding. This paper proposes an extended role-based access control (RBAC) model for enforcing privacy policies within an organization. For providing privacy protection and context based access control, this model combines RBAC, Domain-Type Enforcement, and privacy policies Privacy policies are to assign privacy levels to user roles according to their tasks and to assign data privacy levels to data according to consented consumer privacy preferences recorded as data usage policies. For application of this model, small hospital model is considered.
Keywords
Privacy Protection; Context-Based Access Control; Purpose Binding; Data Usage Policy; Extended Role-Based Access Control;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Security and Electronic Signature Standards /
[] / Proposed Rule. Federal Register
2 Role-Based Access Control Models /
[ Ravi S. Sandhu;Edward J. Coyne;Hall L. Feinstein;Charles E. Youman ] / IEEE Computer
3 Role-Based Access Control on the Web /
[ Joon S. Park;Ravi Sandhu;Gail-Joon Ahn ] / ACM Transactions on Information and System Security   DOI
4 Proposed NIST Standard for Role-Based Access Control /
[ David F. Ferraiolo;Ravi Sandhu;Serban Gavrial(et al.) ] / ACM Transactions on Information and System Security   DOI
5 A Framework for Multiple Authorization Types in a Healthcare Application System /
[ Ramaswamy Chandramouli ] / Proc. of the 17th Annual Computer Security Applications Conference(ACSAC 2001)
6 Lattice-Based Access Control Models /
[ Ravi S. Sandhu ] / IEEE Computer   DOI
7 Security Models for Web-Based Applications /
[ James B. D. Joshi;Walid G. Aref;Arif Ghafoor;Eugene H. Spafford ] / Communications of the ACM   DOI   ScienceOn
8 Privacy Promises, Access Control, and Privacy Management /
[ Calvin S. Powers;Paul Ashley;Matthias Schunter ] / Proc. of the 3rd International Symposium on Electronic Commerce
9 eMEDAC : Role-Based Access Control Supporting Discretionary and Mandatory Features /
[ Mavridis I.;Pangalos G.;Khair M. ] / Proceedings of 13th IFIP WG 11.3 Working Conference on Database Security
10 /
[ Castano S.;Fugini M.;Martella G.;Samarati P. ] / Database Security
11 Implementing RBAC on a Type Enforced System /
[ John Hoffman ] / Proc. of the 13th Annual Computer Security Applications Conference
12 Access Control:Principles and Practice /
[ R. Sandhu;P. Samarati ] / IEEE Communications Magazine   DOI   ScienceOn
13 IT-Security and Privacy /
[ Simone Fischer-Hubner ] / Lecture Notes in Computer Science 1958 (LNCS 1958)