A Language Enabling Privacy-Preserving Access Control
نویسندگان
چکیده
We address the problem of privacy-preserving access control in distributed systems. Users commonly reveal more personal data than strictly necessary to be granted access to online resources, even though existing technologies, such as anonymous credential systems, offer functionalities that would allow for privacy-friendly authorization. An important reason for this lack of technology adoption is, as we believe, the absence of a suitable authorization language offering adequate expressivity to address the privacyfriendly functionalities. To overcome this problem, we propose an authorization language that allows for expressing access control requirements in a privacy-preserving way. Our language is independent from concrete technology, thus it allows for specifying requirements regardless of implementation details while it is also applicable for technologies designed without privacy considerations. We see our proposal as an important step towards making access control systems privacy-preserving.
منابع مشابه
A centralized privacy-preserving framework for online social networks
There are some critical privacy concerns in the current online social networks (OSNs). Users' information is disclosed to different entities that they were not supposed to access. Furthermore, the notion of friendship is inadequate in OSNs since the degree of social relationships between users dynamically changes over the time. Additionally, users may define similar privacy settings for their f...
متن کاملPrivacy Preserving Dynamic Access Control Model with Access Delegation for eHealth
eHealth is the concept of using the stored digital data to achieve clinical, educational, and administrative goals and meet the needs of patients, experts, and medical care providers. Expansion of the utilization of information technology and in particular, the Internet of Things (IoT) in eHealth, raises various challenges, where the most important one is security and access control. In this re...
متن کاملAttribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کاملEliciting and characterizing scenarios of disclosure of private health data
Sensitive health information is kept in Electronic Health Records (EHRs) which makes the data accessible, enabling its transfer against patient consent. Hence, the need for privacy-preserving mechanisms is a top priority. As a first step towards the development of privacy-preserving access control language, we used qualitative research methods to characterize scenarios of requests for disclosur...
متن کاملPrivacy-preserving Semantic Interoperation of Heterogeneous Databases
Two major challenges to enabling secure interoperation among web-information sources are resolving semantic heterogeneity across websites and maintaining the privacy of the data and metadata of organizations owning the websites. In this paper, we propose SACE, a novel, implemented middleware toolkit that enables privacy-preserving secure semantic access control and allows queries to be answered...
متن کامل