Enforcement of Privacy Requirements
نویسندگان
چکیده
Enterprises collect and use private information for various purposes. Access control can limit who can obtain such data. However, the purpose of their use is not clear. In this paper we focus on the purpose of data access and demonstrate that dynamic role-based access control (RBAC) mechanism is not sufficient for enforcement of privacy requirements. To achieve this we extend RBAC with monitoring capability and describe a formal approach to determining whether access control policies actually implement privacy requirements based on the behaviour of the system. We demonstrate the advantages of our approach using various examples and describe the prototype implementation of our technique.
منابع مشابه
Privacy Enforcement with an Extended Role-Based Access Control Model
Privacy enforcement has been one of the most important challenges in IT area. Current privacy practices within companies and organizations, e.g. enabling a P3P compliant policy, incorporating a privacy seal program, etc., cannot truly protect consumer privacy. Privacy protection can only be achieved by enforcing privacy policies within an organization’s online and offline data processing system...
متن کاملA Framework for Composition and Enforcement of Privacy-aware and Context-driven Authorization Mechanism for Complex Systems
Security and privacy of complex systems is a concern due to proliferation of cyber based technologies. Several researchers have pointed out that for the proper enforcement of privacy rules in a complex system, the privacy requirements should be captured in access control systems. In this paper, we present a framework for composition and enforcement of context-aware rules for such systems. The f...
متن کاملA Systematic Approach to Privacy Enforcement and Policy Compliance Checking in Enterprises
Privacy management is important for enterprises that handle personal data: they must deal with privacy laws and people’s expectations. Currently much is done by means of manual processes, which make them difficult and expensive to comply. Key enterprises’ requirements include: automation, simplification, cost reduction and leveraging of current identity management solutions. This paper describe...
متن کاملSePCAR: A Secure and Privacy-Enhancing Protocol for Car Access Provision (Full Version)
We present an efficient secure and privacy-enhancing protocol for car access provision, named SePCAR. The protocol is fully decentralised and allows users to share their cars conveniently without sacrifising their security and privacy. It provides generation, update, revocation, and distribution mechanisms for access tokens to shared cars, as well as procedures to solve disputes and to deal wit...
متن کاملExtending HP Identity Management Solutions to Enforce Privacy Policies and Obligations for Regulatory Compliance by Enterprises
This paper describes issues and requirements related to privacy management as an aspect of improved governance in enterprises. It focuses on the privacy enforcement aspect, in particular related to privacy-aware access control and enforcement of privacy obligations: this is still a green field and, at the same time, is a key aspect to be taken into account to ensure compliance both with regulat...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Computers & Security
دوره 52 شماره
صفحات -
تاریخ انتشار 2013