A Purpose-Based Access Control Model

Author

Yang, Naikuo ; Barringer, Howard ; Zhang, Ning

Author_Institution

Univ. of Manchester, Manchester

fYear

2007

fDate

29-31 Aug. 2007

Firstpage

143

Lastpage

148

Abstract

Achieving privacy preservation in a data-sharing computing environment is a challenging problem. The requirements for a privacy preserving data access policy should be formally specified in order to be able to establish consistency between the privacy policy and its purported implementation in practice. Previous work has shown that when specifying a privacy policy, the notion of purpose should be used as the basis for access control. A privacy policy should ensure that data can only be used for its intended purpose, and the access purpose should be compliant with the data´s intended purpose. This paper presents a mechanism to specify privacy policy using VDM. The entities in the purpose-based access control model are specified, the invariants corresponding to the privacy requirements in privacy policy are specified, and the operations in the model and their proof obligations are defined and investigated.

Keywords

Vienna development method; authorisation; data privacy; access purpose; data-sharing computing; privacy policy; privacy preservation; privacy requirements; purpose-based access control model; Access control; Authorization; Computer science; Computer security; Data privacy; Data security; Information security; Information systems; Information technology; Protection;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance and Security, 2007. IAS 2007. Third International Symposium on

Conference_Location

Manchester

Print_ISBN

0-7695-2876-7

Electronic_ISBN

978-0-7695-2876-2

Type

conf

DOI

10.1109/IAS.2007.29

Filename

4299765