Browse > Article

Privacy Control Using GRBAC In An Extended Role-Based Access Control Model  

Park Chong hwa (세명대학교 소프트웨어학과)
Kim Ji hong (세명대학교 정보보호학과)
Kim Dong kyoo (아주대학교 컴퓨터공학부)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.30, no.3C, 2005 , pp. 167-175 More about this Journal
Abstract
Privacy enforcement has been one of the most important problems in IT area. Privacy protection can be achieved by enforcing privacy policies within an organization's online and offline data processing systems. Traditional security models are more or less inappropriate for enforcing basic privacy requirements, such as purpose binding. This paper proposes a new approach in which a privacy control model is derived from integration of an existing security model. To this, we use an extended role-based access control model for existing security mechanism, in which this model provides context-based access control by combining RBAC and domain-type enforcement. For implementation of privacy control model we use GRBAC(Generalized Role-Based Access Control), which is expressive enough to deal with privacy preference. And small hospital model is considered for application of this model.
Keywords
Security; Access Control; Privacy; Generalized Role-Based Access Control;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Ravi S. Sandhu, Edward J. Coyne, Hall L. Feinstein, Charles E. Youman,'Role-Based Access Control Models,' IEEE Computer, Vol 29 Issue 2, pp. 38-47, Feb. 1996
2 Ravi S. Sandhu, Edward J. Coyne, Hall L. Feinstein, Charles E. Youman,'Role-Based Access Control Models,' IEEE Computer, Vol 29 Issue 2, pp. 38-47, Feb. 1996
3 David F. Ferraiolo, Ravi Sandhu, Serban GavriaI, et al., 'Proposed NIST Standard for Role-Based Access Control,' ACM Transactions on Information and System Security, Vol 4 No.3, pp. 224-274, August 2001   DOI
4 Calvin S. Powers, Paul Ashley, Matthias Schunter, 'Privacy Promises, Access Control, and Privacy Management,' Proc. of the 3rd International Symposium on Electronic Commerce, pp. 13-21, IEEE, 2002
5 M. J. Moyer, M. Ahamad, 'Generalized role-based access control,' In Proceedings of 21 st International Conference on Distributed Computing Systems, pp. 391-398, 2001
6 Ravi S. Sandhu, 'Lattice-Based Access Control Models,' IEEE Computer, Vol. 26 Issue 11, pp. 9-19, Nov. 1993   DOI
7 Ramaswamy Chandramouli, 'A Framework for Multiple Authorization Types in a Healthcare Application System,' Proc. of the 17th Annual Computer Security Applications Conference (ACSAC 2001), pp. 137-148, IEEE, 2001
8 John Hoffman, 'Implementing RBAC on a Type Enforced System,' Proc. of the 13th Annual Computer Security Applications Conference, pp. 158-163, IEEE, 1997
9 Simone Fischer-Hubner, 'IT -Security and Privacy,' Lecture Notes in Computer Science 1958 (LNCS 1958), Springer-Verlag, 2001
10 Mavridis I., Pangalos G., Khair M., 'eMEDAC: Role-Based Access Control Supporting Discretionary and Mandatory Features,' Proceedings of 13th IFIP WG 11.3 Working Conference on Database Security, Seattle, Washington, USA, 1999
11 James B. D. Joshi, Walid G. Aref, Arif Ghafoor, Eugene H. Spafford, 'Security Models for Web-Based Applications,' Communications of the ACM, Vol 44 No.2, pp.38-44, Feb. 2001
12 R. Sandhu, P. Samarati, 'Access Control: Principles and Practice,' IEEE Communications Magazine, Vol. 32 Issue 9, pp. 40-48, Sep. 1994
13 Security and Electronic Signature Standards; Proposed Rule. Federal Register, Vol 63, No. 155, August 12,1998
14 Joon S. Park, Ravi Sandhu, Gail-Joon Ahn,'Role-Based Access Control on the Web,' ACM Transactions on Information and System Security, Vol 4 No.1. pp. 37-71, Feb.2001   DOI