Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.2.33

Design of a Policy based Privacy Protection System using Encryption Techniques  

Mun Hyung-Jin (Chungbuk University)
Li Yong-Zhen (Chungbuk University)
Lee Dong-Heui (Keukdong College)
Lee Sang-Ho (Chungbuk University)
Lee Keon-Myung (Chungbuk University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.2, 2006 , pp. 33-43 More about this Journal
Abstract
In order to provide the efficient personalized services, the organizations and the companies collect and manage the personal information. However, there have been increasing privacy concerns since the personal information might be misused and spread over in public by the database administrators or the information users. Even in the systems in which organizations or companies control access to personal information according to their access policy in order to protect personal information, it is not easy to fully reflect the information subjects' intention on the access control to their own Personal information. This paper proposes a policy-based access control mechanism for the personal information which prevents unauthorized information users from illegally accessing the personal information and enables the information subjects to control access over their own information. In the proposed mechanism, the individuals' personal information which is encrypted with different keys is stored into the directory repository. For the access control, information subjects set up their own access control policy for their personal information and the policies are used to provide legal information users with the access keys.
Keywords
$P^2MS$; privacy; access control; personal information;
Citations & Related Records
연도 인용수 순위
  • Reference
1 W. Stallings, Cryptography and Network Security, ISBN 0-13-091429-0
2 W.k. Huan, and V. Atluri, 'Secure-Flow : A secure Web-enabled Workflow Management System,' Proc. of 4th ACM Workshop on Role-based Access Control, 1999
3 OASIS, eXtensible Access Control Markup Language(XACML) version 2.0. OASIS, Feb. 2005
4 S. Oh, and S. Park, 'A Process of Abstracting T-RBAC Aspects from Enterprise Environment,' DASFAA'01. April.2001
5 R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, 'Role- Based Access Control Models,' IEEE Computer, Vol29, No2, pp38-47. 1996
6 P.K.Thomas, and R.S.Sandhu, 'Task-based Authorization Control(TBAC) : A Family of Models for Active and Enterprise-oriented Authorization Management,' Proc of the IFIP WG11.3 Workshop on Database Security. 1997
7 W3C, Platform for Privacy Preference(P3P) version1.1, http://www.w3c.org/P3P
8 M.C. Mont, S. Pearson, and P. Bramhall., 'An Adaptive Privacy Management System For Data Repositories,' http://www.hpl.hp.com/techre ports/2004/HPL-2004 -211.html
9 S. Oh, and S. Park, 'An Integration Model of Role-based Access Control and Activity-based Access Control Using Task,' Proc. of 14th Annual IFIP WG11.3 Working Conference on Database Security, Aug. April. 2000