Enforcement of Privacy Requirements

Abstract : Enterprises collect and use private information for various purposes. Access control can limit who can obtain such data. However, the purpose of their use is not clear. In this paper we focus on the purpose of data access and demonstrate that dynamic role-based access control (RBAC) mechanism is not sufficient for enforcement of privacy requirements. To achieve this we extend RBAC with monitoring capability and describe a formal approach to determining whether access control policies actually implement privacy requirements based on the behaviour of the system. We demonstrate the advantages of our approach using various examples and describe the prototype implementation of our technique.
Type de document :
Communication dans un congrès
Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.272-285, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_21〉
Liste complète des métadonnées

Littérature citée [19 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01463860
Contributeur : Hal Ifip <>
Soumis le : jeudi 9 février 2017 - 17:31:11
Dernière modification le : jeudi 9 février 2017 - 17:37:18
Document(s) archivé(s) le : mercredi 10 mai 2017 - 14:52:14

Fichier

978-3-642-39218-4_21_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Padmanabhan Krishnan, Kostyantyn Vorobyov. Enforcement of Privacy Requirements. Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.272-285, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_21〉. 〈hal-01463860〉

Partager

Métriques

Consultations de la notice

313

Téléchargements de fichiers

23