Enforcing purpose of access for privacy-aware policies based on user roles, purpose dependencies, contextual data, and access history

Research output: Working paper

12 Downloads (Pure)

Abstract

This paper addresses the issue of purpose enforcement for privacy-aware policy. We propose an approach to enforce purpose of access in access control system based on user roles, contextual data, purpose dependencies 1, and past access history of user. Enforcing purpose of access based only on role of user has been introduced. However, this method is not so reliable and it is criticized to be inefficient in capturing purpose of an action since roles and purposes are not always aligned and members of the same organizational role may practice different purposes in their actions. Thus, we propose our approach and we argue that by using the combination of user roles, contextual data related to purpose, relationship between purposes, and past access history of user for enforcing purpose of access, we can get a more re- liable purpose enforcement technique. Furthermore, in this paper, we also propose an access control system architecture supporting purpose enforcement and a prototype implementation in Java as the proof-of-concept for our proposed enforcement technique.
Original languageEnglish
Publication statusUnpublished - 2014

Fingerprint

Access control
Control systems

Keywords

  • Access control
  • purpose enforcement
  • access history
  • privacy-aware policy
  • security

Cite this

@techreport{9c905f8311d14e5f8f0a97095900fa04,
title = "Enforcing purpose of access for privacy-aware policies based on user roles, purpose dependencies, contextual data, and access history",
abstract = "This paper addresses the issue of purpose enforcement for privacy-aware policy. We propose an approach to enforce purpose of access in access control system based on user roles, contextual data, purpose dependencies 1, and past access history of user. Enforcing purpose of access based only on role of user has been introduced. However, this method is not so reliable and it is criticized to be inefficient in capturing purpose of an action since roles and purposes are not always aligned and members of the same organizational role may practice different purposes in their actions. Thus, we propose our approach and we argue that by using the combination of user roles, contextual data related to purpose, relationship between purposes, and past access history of user for enforcing purpose of access, we can get a more re- liable purpose enforcement technique. Furthermore, in this paper, we also propose an access control system architecture supporting purpose enforcement and a prototype implementation in Java as the proof-of-concept for our proposed enforcement technique.",
keywords = "Access control, purpose enforcement , access history , privacy-aware policy, security",
author = "Rath, {Thavy Mony Annanda} and Jean-No{\"e}l Colin",
year = "2014",
language = "English",
type = "WorkingPaper",

}

TY - UNPB

T1 - Enforcing purpose of access for privacy-aware policies based on user roles, purpose dependencies, contextual data, and access history

AU - Rath, Thavy Mony Annanda

AU - Colin, Jean-Noël

PY - 2014

Y1 - 2014

N2 - This paper addresses the issue of purpose enforcement for privacy-aware policy. We propose an approach to enforce purpose of access in access control system based on user roles, contextual data, purpose dependencies 1, and past access history of user. Enforcing purpose of access based only on role of user has been introduced. However, this method is not so reliable and it is criticized to be inefficient in capturing purpose of an action since roles and purposes are not always aligned and members of the same organizational role may practice different purposes in their actions. Thus, we propose our approach and we argue that by using the combination of user roles, contextual data related to purpose, relationship between purposes, and past access history of user for enforcing purpose of access, we can get a more re- liable purpose enforcement technique. Furthermore, in this paper, we also propose an access control system architecture supporting purpose enforcement and a prototype implementation in Java as the proof-of-concept for our proposed enforcement technique.

AB - This paper addresses the issue of purpose enforcement for privacy-aware policy. We propose an approach to enforce purpose of access in access control system based on user roles, contextual data, purpose dependencies 1, and past access history of user. Enforcing purpose of access based only on role of user has been introduced. However, this method is not so reliable and it is criticized to be inefficient in capturing purpose of an action since roles and purposes are not always aligned and members of the same organizational role may practice different purposes in their actions. Thus, we propose our approach and we argue that by using the combination of user roles, contextual data related to purpose, relationship between purposes, and past access history of user for enforcing purpose of access, we can get a more re- liable purpose enforcement technique. Furthermore, in this paper, we also propose an access control system architecture supporting purpose enforcement and a prototype implementation in Java as the proof-of-concept for our proposed enforcement technique.

KW - Access control

KW - purpose enforcement

KW - access history

KW - privacy-aware policy

KW - security

M3 - Working paper

BT - Enforcing purpose of access for privacy-aware policies based on user roles, purpose dependencies, contextual data, and access history

ER -