Browse > Article
http://dx.doi.org/10.13089/JKIISC.2010.20.4.135

Integrated Privacy Protection Model based on RBAC  

Cho, Hyug-Hyun (Chonnam National University)
Park, Hee-Man (Chonnam National University)
Lee, Young-Lok (Chonnam National University)
Noh, Bong-Nam (Chonnam National University)
Lee, Hyung-Hyo (Wonkwang University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.20, no.4, 2010 , pp. 135-144 More about this Journal
Abstract
Privacy protection can only be achieved by enforcing privacy policies within an enterprise's on and offline data processing systems. There are P-RBAC model and purpose based model and obligations model among privacy policy models. But only these models each can not dynamically deal with the rapidly changing business environment. Even though users are in the same role, on occasion, secure system has to opt for a figure among them who is smart, capable and supremely confident and to give him/her a special mission during a given period and to strengthen privacy protection by permitting to present fluently access control conditions. For this, we propose Integrated Privacy Protection Model based on RBAC. Our model includes purpose model and P-RBAC and obligation model. And lastly, we define high level policy language model based XML to be independent of platforms and applications.
Keywords
Privacy Protection; RBAC; P-RBAC;
Citations & Related Records
연도 인용수 순위
  • Reference
1 OASIS, "eXtensible Access Control Markup Language(XACML) ver2.0," Feb. 2005.
2 W3C, "The Platform for Privacy Preferences (P3P1.1) Specification," Feb. 2004. http://www.w3.org/TR/2004/WD-P3P11-20040210/
3 Qingfeng He, "Privacy Enforcement with an Extended Role-Based Access Control Model," NCSU Computer Science Technical Report TR-2003-09, Feb. 2003.
4 IBM, "The Enterprise Privacy Authorization Language(EPAL1.1)," Jun. 2003.
5 Simone Fischer-Hubner, "IT-Security and Privicy:Design and Use of Privacy-Enhancing Security mechanisms," Lecture Notes in Computer Science 1958, 2001.
6 R.S. Sandhu and E.J. Coyne, "Role-Based Access Control Models," IEEE Computer, pp. 38-47, Feb. 1996.
7 Anne. H. Anderson, ''A Comparison of Two Privacy Languages : EPAL and XACML," Proceedings of the 3rd ACM Workshop on Secure Web Services, pp. 53-60, Nov. 2006.
8 J.W. Byun, E. Bertino and N. Li. "Purpose Based Access Control of Complex Data for Privacy Protection," SACMAT'05, Jun. 2005.
9 Qun Ni, E. Bertino and J. Lobo, "An Obligation Model Bridging Access Control Policies and Privacy Policies," SACMAT'08, Jun. 2008.
10 J.W. Byun and N. Li. "Purpose Based Access Control for Privacy Protection in Relational Database Systems", The International Journal on VLDB, Vol. 17, pp. 603-619, Jul. 2008.   DOI   ScienceOn
11 Qun Ni, A. Trombetta, E. Bertino and J. Lobo, "Privacy-aware Role Based Access Control" The Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 41-50, Jun. 2007.
12 Qun Ni, Dan Lin, E. Bertino and J. Lobo, "Conditional Privacy-aware Role Based Access Control," The Proceedings of the 12th European Symposium on Research in Computer Security, LNCS 4734, pp. 72-89, 2007.
13 P. Kumaraguru, L.F. Cranor, J. Lobo and S.B. Calo, "A Survay of Privacy Policy Languages," Proceeding of the 3rd Symposium on Usable Privacy and Security, Jul. 2007.