Distributed Access Control: A Privacy-conscious Approach

Bogdan Cautis 1
1 GEMO - Integration of data and knowledge distributed over the web
LRI - Laboratoire de Recherche en Informatique, UP11 - Université Paris-Sud - Paris 11, Inria Saclay - Ile de France, CNRS - Centre National de la Recherche Scientifique : UMR8623
Abstract : With more and more information being exchanged or published on the Web or in peer-to-peer, and with the significant growth in numbers of distributed, heterogeneous data sources, issues like access control and data privacy are becoming increasingly complex and difficult to manage. Very often, when dealing with sensitive information in such settings, the specification of access control policies and their enforcement are no longer handled by the actual data sources, and are (partially) delegated to third-parties. Besides practical reasons, this is the case when decisions regarding access depend on factors which overpass the scope and knowledge of some of the entities involved. More specifically, policies may depend on \emph{private} aspects concerning users (accessing data) or data owners. In this case, the only solution is to entrust some third-party authority with all the information needed to apply access policies. However, as the policies themselves depend on sensitive information, this outsourcing raises new privacy issues, that were not present in centralized environments. In particular, information leaks may occur during access control enforcement. In this paper, we consider these issues and, starting from non-conventional digital signatures, we take a first step towards an implementation solution for such settings where both data and access policies are distributed. Our approach involves rewriting user queries into forms which are authorized, and we illustrate this for both structured (relational) and semi-structured (XML) data and queries.
Type de document :
Communication dans un congrès
ACM Symposium on Access Control Models and Technologies (SACMAT), 2007, Sophia-Antipolis, France. 2007
Liste complète des métadonnées

Littérature citée [29 références]  Voir  Masquer  Télécharger

Contributeur : Bogdan Cautis <>
Soumis le : vendredi 20 avril 2007 - 14:23:27
Dernière modification le : jeudi 5 avril 2018 - 12:30:12
Document(s) archivé(s) le : mercredi 7 avril 2010 - 03:22:21


Fichiers produits par l'(les) auteur(s)


  • HAL Id : inria-00142672, version 1



Bogdan Cautis. Distributed Access Control: A Privacy-conscious Approach. ACM Symposium on Access Control Models and Technologies (SACMAT), 2007, Sophia-Antipolis, France. 2007. 〈inria-00142672〉



Consultations de la notice


Téléchargements de fichiers