As privacy becomes a major concern for consumers
and enterprises, many research have been focused on the privacy
protecting technology in recent years. In this paper, we present a
comprehensive approach for usage access control based on the notion
purpose. In our model, purpose information associated with a given
data element specifies the intended use of the subjects and objects in
the usage access control model. A key feature of our model is that it
allows when an access is required, the access purpose is checked
against the intended purposes for the data item. We propose an
approach to represent purpose information to support access control
based on purpose information. Our proposed solution relies on usage
access control (UAC) models as well as the components which based
on the notions of the purpose information used in subjects and
objects. Finally, comparisons with related works are analyzed.
[1] Agrawal, R., Kiernan J., Srikant R. and Xu Y. (2002): Hippocratic
databases. Proc. 28th Int-l Conf. on Very Large Data Bases. Hong Kong,
China, 143-154.
[2] Bertion, E., Byun, J.-W. and Li, N. (2005): Privacy-preserving database
systems. Lecture Notes in Computer Science. Springer Berlin,
Heidelberg, 178-206.
[3] Bertion, E. and Ferrari E. (2002): Secure and selective dissemination of
xml documents. ACM trans, Inf. Syst. Secure., 5(3):290-331.
[4] Bertion, E. and Sandhu, R. (2005): Database security-concepts,
approaches, and challenges. IEEE Transactions on Dependable and
Secure Computing. 02(1), 2-19.
[5] Byun, J.-W., Bertion, E. and Li, N. (2005): Purpose based access control
of complex data for privacy protection. ÔÇÿSACMAT-05: Proceedings of
tenth ACM symposium on Access control models and technologies.
ACM. New York, NY, USA, 102-110.
[6] Byun, J.-W. and Li, N. (2004): Purpose-based access control for privacy
protection in relational database systems. Technical Report 2004-52.
Purdue University.
[7] Cao, J., Sun, L. and Wang, H. (2005): Towards secure xml documents
with usage control. Lecture Notes in Computer Science. 3399, 296-307.
[8] Damiani, E., Paraboschi, S. and Samarati, P. (2002): A fine-grained
access control system for xml documents. ACM Trans. Inf. Syst. Secur.,
5(2):169-202.
[9] Park, J. and Sandhu, R. (2002): Towards usage control models: beyond
traditional access control. In Proceedings of the seventh ACM
symposium on Access control models and technologies, page 57-64.
ACM Press.
[10] Park, J., Sandhu, R., and Schifalacqua, J. (2003): Security architectures
for controlled digital information dissemination. In Proceedings of 16th
Annual Computer Security Application Conference, December 2003.
[11] Rabitti, F., Bertino, E., Kim, W. and Woelk, D. (1991): A model of
authorization for next-generation database systems. In ACM
Transactions on Database Systems (TODS).
[12] Sandhu, R. and Park, J. (2003): Usage control: A vision for next
generation access control. In MMM-ACNS 2003, 17-31, Springer-Verlag
Berlin Heideberg.
[13] Sun, L. and Li, Y. (2006): DTD level authorization in xml documents
with usage control. In International Journal of Science Network Security,
244-250(6).
[14] Sun, L. and Li, Y. (2007): XML schems in xml documents with usage
control. In International Journal of Science Network Security, 170-
177(6).
[15] Sun, L. and Li, Y. (2008): Using usage control to access xml database,
International Journal of Information Systems in the Service Sector, 32-
44(1).
[16] Wang, H., Cao, J. and Zhang, Y. (2005): A flexible payment scheme and
its role based access control. IEEE Transactions on knowledge and Data
Engineering. 17(3), 425-436.
[17] Wang, H., Cao, J. and Zhang, Y. (2008): Access control management
for ubiquitous computing. Future Generation Computer Systems journal.
870-878(24).
[18] Wang, H., Cao, J. and Zhang, Y. (2006): Ubiquitous computing
environments and its usage access control, Proceedings of the First
International Conference on Scalable Information Systems. ACM Press,
Hong Kong, China, 72-81.
[19] World Wide Web Consortium (W3C). Platform for Privacy Preferences
(P3P). Available at www.w3.org.P3P.
[20] Zhang, X., Park, J. and Parisi-Presicce, F. (2004): A logical specification
for usage control. In SACMAT-4. ACM Press.
[21] Zhang, X., Park, J. and Sandhu, R. (2003): Schema based xml security:
Rbac approach. In Proceedings of the IFIP WG. ACM Press.
[1] Agrawal, R., Kiernan J., Srikant R. and Xu Y. (2002): Hippocratic
databases. Proc. 28th Int-l Conf. on Very Large Data Bases. Hong Kong,
China, 143-154.
[2] Bertion, E., Byun, J.-W. and Li, N. (2005): Privacy-preserving database
systems. Lecture Notes in Computer Science. Springer Berlin,
Heidelberg, 178-206.
[3] Bertion, E. and Ferrari E. (2002): Secure and selective dissemination of
xml documents. ACM trans, Inf. Syst. Secure., 5(3):290-331.
[4] Bertion, E. and Sandhu, R. (2005): Database security-concepts,
approaches, and challenges. IEEE Transactions on Dependable and
Secure Computing. 02(1), 2-19.
[5] Byun, J.-W., Bertion, E. and Li, N. (2005): Purpose based access control
of complex data for privacy protection. ÔÇÿSACMAT-05: Proceedings of
tenth ACM symposium on Access control models and technologies.
ACM. New York, NY, USA, 102-110.
[6] Byun, J.-W. and Li, N. (2004): Purpose-based access control for privacy
protection in relational database systems. Technical Report 2004-52.
Purdue University.
[7] Cao, J., Sun, L. and Wang, H. (2005): Towards secure xml documents
with usage control. Lecture Notes in Computer Science. 3399, 296-307.
[8] Damiani, E., Paraboschi, S. and Samarati, P. (2002): A fine-grained
access control system for xml documents. ACM Trans. Inf. Syst. Secur.,
5(2):169-202.
[9] Park, J. and Sandhu, R. (2002): Towards usage control models: beyond
traditional access control. In Proceedings of the seventh ACM
symposium on Access control models and technologies, page 57-64.
ACM Press.
[10] Park, J., Sandhu, R., and Schifalacqua, J. (2003): Security architectures
for controlled digital information dissemination. In Proceedings of 16th
Annual Computer Security Application Conference, December 2003.
[11] Rabitti, F., Bertino, E., Kim, W. and Woelk, D. (1991): A model of
authorization for next-generation database systems. In ACM
Transactions on Database Systems (TODS).
[12] Sandhu, R. and Park, J. (2003): Usage control: A vision for next
generation access control. In MMM-ACNS 2003, 17-31, Springer-Verlag
Berlin Heideberg.
[13] Sun, L. and Li, Y. (2006): DTD level authorization in xml documents
with usage control. In International Journal of Science Network Security,
244-250(6).
[14] Sun, L. and Li, Y. (2007): XML schems in xml documents with usage
control. In International Journal of Science Network Security, 170-
177(6).
[15] Sun, L. and Li, Y. (2008): Using usage control to access xml database,
International Journal of Information Systems in the Service Sector, 32-
44(1).
[16] Wang, H., Cao, J. and Zhang, Y. (2005): A flexible payment scheme and
its role based access control. IEEE Transactions on knowledge and Data
Engineering. 17(3), 425-436.
[17] Wang, H., Cao, J. and Zhang, Y. (2008): Access control management
for ubiquitous computing. Future Generation Computer Systems journal.
870-878(24).
[18] Wang, H., Cao, J. and Zhang, Y. (2006): Ubiquitous computing
environments and its usage access control, Proceedings of the First
International Conference on Scalable Information Systems. ACM Press,
Hong Kong, China, 72-81.
[19] World Wide Web Consortium (W3C). Platform for Privacy Preferences
(P3P). Available at www.w3.org.P3P.
[20] Zhang, X., Park, J. and Parisi-Presicce, F. (2004): A logical specification
for usage control. In SACMAT-4. ACM Press.
[21] Zhang, X., Park, J. and Sandhu, R. (2003): Schema based xml security:
Rbac approach. In Proceedings of the IFIP WG. ACM Press.
@article{"International Journal of Engineering, Mathematical and Physical Sciences:54602", author = "Lili Sun and Hua Wang", title = "A Purpose Based Usage Access Control Model", abstract = "As privacy becomes a major concern for consumers
and enterprises, many research have been focused on the privacy
protecting technology in recent years. In this paper, we present a
comprehensive approach for usage access control based on the notion
purpose. In our model, purpose information associated with a given
data element specifies the intended use of the subjects and objects in
the usage access control model. A key feature of our model is that it
allows when an access is required, the access purpose is checked
against the intended purposes for the data item. We propose an
approach to represent purpose information to support access control
based on purpose information. Our proposed solution relies on usage
access control (UAC) models as well as the components which based
on the notions of the purpose information used in subjects and
objects. Finally, comparisons with related works are analyzed.", keywords = "Purpose, privacy, access control, authorization", volume = "4", number = "1", pages = "40-8", }
