Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.3.39

An Access Control Model for Privacy Protection using Purpose Classification  

Na Seok-Hyun (Sogang University)
Park Seog (Sogang University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.3, 2006 , pp. 39-52 More about this Journal
Abstract
Recently purpose is used by an crucial part to security management when collecting data about privacy. The W3C(World Wide Web Consortium) describes a standard spec to control personal data that is provided by data providers who visit the web site. But they don't say anymore about security management about personal data in transit after data collection. Recently several researches, such as Hippocratic Databases, Purpose Based Access Control and Hippocratic in Databases, are dealing with security management using purpose concept and access control mechanism after data collection a W3C's standard spec about data collection mechanism but they couldn't suggest an efficient mechanism for privacy protection about personal data because they couldn't represent purpose expression and management of purposes sufficiently. In this paper we suggest a mechanism to improve the purpose expression. And then we suggest an accesscontrol mechanism that is under least privilege principle using the purpose classification for privacy protection. We classify purpose into Along purpose structure, Inheritance purpose structure and Stream purpose structure. We suggest different mechanisms to deal with then We use the role hierarchy structure of RBAC(Role-Based Access Control) for flexibility about access control and suggest mechanisms that provide the least privilege for processing the task in case that is satisfying using several features of purpose to get least privilege of a task that is a nit of business process.
Keywords
Hippocratic Databases; Purpose; Task; Privacy; RBAC;
Citations & Related Records
연도 인용수 순위
  • Reference
1 IBM: Enterprise Privacy Authorization Language (EPAL); Submission request to W3C,http://www.w3.org/Submission/ EPAL/, November 2003
2 World Wide Web Consortium (W3C). Platform for Privacy Preferences (P3P). Available at www.W3.org/P3P
3 R.Sandhu, E. Coyne, H. Feinstein, and C. Younman, 'Role-Based Access Control Models', IEEE Computer Magazine Vol. 29, 1996, pp.38-47
4 Cunter Karjoth, Matthias Schunter, and Michael Waidner, 'Privacy-enabled Management of Customer Data', Bulletin of the IEEE Computer Society Technical Committee on Data Engineering, 2004
5 Ravi Sandhu, Venkata Bhamidipati and Qamar Munawer, 'The ARBAC97 Model for Role-Based Administration of Roles', ACM Transactions on Information and System Security, Vol. 2, No. 1, February 1999, Page 105-135   DOI
6 Ji-Won Byun, Elisa Bertino, Ninghui Li, 'Purpose Based Access Control of Complex Data for privacy Protection', SACMAT'05, 2005, Stockholm, Sweden
7 이재길, 한욱신, 황규영, 'Hippocratic XML Databases: A Model and Access Control Mechanism', 정보과학회논문지: 데이타베이스 제 31 권 제 6호 (2004.12)
8 Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu, 'Hippocratic Databases', Proceedings of the 28th VLDB Conference, Hong Kong, China, 2002