Computer Science ›› 2016, Vol. 43 ›› Issue (1): 166-171.doi: 10.11896/j.issn.1002-137X.2016.01.038

Previous Articles     Next Articles

Research on Privacy Access Control Based on RBAC

ZHANG Xue-ming, HUANG Zhi-qiu and SUN Yi   

  • Online:2018-12-01 Published:2018-12-01

Abstract: RBAC can be used to control the service provider to access the privacy of users in Web service.In order to solve the problem that RBAC cannot precisely describe the privacy access control policy for the lack of privacy attri-butes when it is applied in the privacy scene,this paper put forward a privacy access control model focused on RBAC,and provided the ranking method of the credibility of the service provider.Service providers with different credibility ranks were assigned with different roles to control their access to the sensitive privacy information.This paper also verified the validity and feasibility of the model through a specific example.

Key words: Role-based access control,Privacy authorization,Credibility,Sensitivity

[1] Cranor L F.Platform for privacy preferences (p3p)[M]∥Encyclopedia of Cryptography and Security.Springer US,2011:940-941
[2] Ashley P,Hada S,Karjoth G,et al.Enterprise privacy authorization language (EPAL 1.2)[Z].Submission to W3C,2003
[3] Ni Q,Bertino E,Lobo J,et al.Privacy-aware role-based access control[J].ACM Transactions on Information and System Security (TISSEC),2010,13(3):24
[4] Ardagna C A,Cremonini M,De Capitani di Vimercati S,et al.A privacy-aware access control system[J].Journal of Computer Security,2008,16(4):369-397
[5] Ardagna C A,Damiani E,di Vimercati S D C,et al.Towards privacy-enhanced authorization policies and languages[M]∥Data and Applications Security XIX.Springer Berlin Heidelberg,2005:16-27
[6] Kolter J,Schillinger R,Pernul G.A privacy-enhanced attribute-based access control system[C]∥Proc.of the 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security.Edondo Beach,CA,USA,July 2007
[7] Ferraiolo D F,Sandhu R,Gavrila S,et al.Proposed NIST stan-dard for role-based access control[J].ACM Transactions on Information and System Security (TISSEC),2001,4(3):224-274
[8] Ferraiolo D,Cugini J,Kuhn D R.Role-based access control(RBAC):Features and motivations[C]∥Proceedings of 11th Annual Computer Security Application Conference.1995:241-248
[9] Anderson A.A comparison of two privacy policy languages:EPAL and XACML[C]∥Proceedings of the 3rd ACM Workshop on Secure Web Service.2005
[10] Ardagna C A,Cremonini M,De Capitani di Vimercati S,et al.A privacy-aware access control system[J].Journal of Computer Security,2008,16(4):369-397
[11] Ke Chang-bo,Huang Zhi-qiu,Tang Mei.Supporting negotiation mechanism privacy authority method in cloud computing[J].Knowledge-Based Syst.,2013,51:48-59
[12] Lv Fu-jun.Web Services Reputation Evaluation Model Based on QoS and User Recommendation[D].Qinghuangdao:Yanshan University,2010(in Chinese)吕福军.一种基于 QoS 与用户推荐的 Web 服务信誉度评价模型[D].秦皇岛:燕山大学,2010
[13] Liu Lin-yuan.Research on Privacy Analysis and Verification of Web Service Composition [D].Nanjing:Nanjing University of Aeronautics and Astronautics,2011(in Chinese)刘林源.Web服务组合隐私分析与验证研究[D].南京:南京航空航天大学,2011
[14] Smari W W,Clemente P,Lalande J F.An extended attributebased access control model with trust and privacy:Application to a collaborative crisis management system[J].Future Generation Computer Systems,2014,31:147-168
[15] Liu Yi-min,Wang Zhi-hui,Wang Wei.Research and Implementation of purpose-Based Privacy Access Control Policy in XML Data Mode[J].Computer Applications and Software,2013,30(2):148-151(in Chinese)刘逸敏,王智慧,汪卫.XML数据模式下基于 purpose 的隐私访问控制策略研究与实现[J].计算机应用与软件,2013,30(2):148-151
[16] Nabeel M,Bertino E,Kantarcioglu M,et al.Towards privacypreserving access control in the cloud[C]∥2011 7th International Conference on Collaborative Computing:Networking,Applications and Worksharing (CollaborateCom).IEEE,2011:172-180
[17] Ruj S,Stojmenovic M,Nayak A.Privacy preserving access control with authentication for securing data in clouds[C]∥2012 12th IEEE/ACM International Symposium on Cluster,Cloud and Grid Computing (CCGrid).IEEE,2012:556-563
[18] Takabi H.Privacy aware access control for data sharing in cloud computing environments[C]∥Proceedings of the 2nd International Workshop on Security in Cloud Computing.ACM,2014:27-34
[19] Nabeel M,Bertino E.Privacy preserving delegated access control in the storage as a service model[C]∥2012 IEEE 13th International Conference on Information Reuse and Integration (IRI).IEEE,2012:645-652
[20] Kim Y,Song E.Privacy-aware role based access control model:Revisited for multi-policy conflict detection[C]∥2010 International Conference on Information Science and Applications (ICISA).IEEE,2010:1-7

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!