An Implementation of a Privacy Enforcement Scheme based on the Java Security Framework using XACML Policies
نویسندگان
چکیده
In this paper we discuss implementation issues of a distributed privacy enforcement scheme to support Owner-Retained Access Control for digital data repositories. Our approach is based on the Java Security Framework. In order to achieve policy enforcement dependent on the accessed data object, we had to implement our own class loader that supports instance-level policy assignment. Access policies are described using XACML and stored together with the data as sticky policies. Enforcement of generic policies over sticky policy objects required the extension of XACML with XPath specific functions. Our use-case scenario is the user-controlled distribution of Electronic Health Records.
منابع مشابه
An automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملPrivacy enforcement with data owner-defined policies
Data privacy continues to be a very important topic, as our dependency on electronic communication maintains its current growth and private data is shared between multiple devices, users and locations. The growing amount and the ubiquitous availability of personal private data increases the likelihood of data misuse, where private data may be used against the privacy preferences of the person t...
متن کاملGuest Editorial: Security and Dependability in SOA and Business Processes
THIS special issue presents recent research results in a field of research that is itself rather new. When Service Oriented Architectures (SOA) came of age, no specific security technology for web services was available and transport protocols security mechanisms were used instead. For instance, web services message confidentiality was achieved using transport security protocols like SSL and HT...
متن کاملStream on the Sky: Outsourcing Access Control Enforcement for Stream Data to the Cloud
There is an increasing trend for businesses to migrate their systems towards the cloud. Security concerns that arise when outsourcing data and computation to the cloud include data confidentiality and privacy. Given that a tremendous amount of data is being generated everyday from plethora of devices equipped with sensing capabilities, we focus on the problem of access controls over live stream...
متن کاملLanguage-Based Enforcement of Privacy Policies
We develop a language-based approach for modeling and verifying aspects of privacy policies. Our approach relies on information-flow control. Concretely, we use the programming language Jif, an extension of Java with information-flow types. We address basic leaks of private information and also consider other aspects of privacy policies supported by the Platform for Privacy Preferences (P3P) an...
متن کامل