Privacy-aware Role-Based Access Control

Get BibTex-formatted data

Author

Qun Ni

Entry type

phdthesis

Abstract

Current proposals for access control languages cannot specify policies required by speciﬁc application scenarios (e.g. a database system to enforce privacy regulations), may also contain design ﬂaws, and are incompatible. In this dissertation, we extend RBAC with new components to meet requirements from privacy-aware access control which is required to enforce privacy laws and regulations in organizational computing environments. We propose an access control language for provenance access control which re- quires aggregating access decisions from diﬀerent sources and controlling the access to diﬀerent sections of provenance information. We investigate various problems in risk-based access control. Risk-based access control is particularly useful for making access decisions in an emergency. Sub jects without suﬃcient privilege in an emergency have to be given authorization to access sensitive information in diﬀerent ways, based on their risk estimations. We also identify design ﬂaws in representative proposals, e.g. XACML, and present corresponding solutions. We ﬁnally propose an extensible functional access control language that com- bines the beneﬁts of XACML and RBAC without their drawbacks. The language is attribute-based and context-centric and supports sophisticated error handling and ﬂexible decision aggregation methods. We also show the language is able to meet requirements from all speciﬁc application domains discussed in this dissertation.

Date

2010 – 5 – 1

Key alpha

Publication Date

2010-05-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Phdthesis{ Ni,
	title = "Privacy-aware Role-Based Access Control",
	author = "Qun Ni",
	year = "2010",
	month = "5",
	day = "1",
	abstract = "Current proposals for access control languages cannot specify policies required by 
speciﬁc application scenarios (e.g. a database system to enforce privacy regulations), 
may also contain design ﬂaws, and are incompatible. In this dissertation, we extend 
RBAC with new components to meet requirements from privacy-aware access control 
which is required to enforce privacy laws and regulations in organizational computing 
environments.

We propose an access control language for provenance access control which re- 
quires aggregating access decisions from diﬀerent sources and controlling the access 
to diﬀerent sections of provenance information. 
We investigate various problems in risk-based access control. Risk-based access 
control is particularly useful for making access decisions in an emergency. Sub jects 
without suﬃcient privilege in an emergency have to be given authorization to access 
sensitive information in diﬀerent ways, based on their risk estimations. 
We also identify design ﬂaws in representative proposals, e.g. XACML, and 
present corresponding solutions.

We ﬁnally propose an extensible functional access control language that com- 
bines the beneﬁts of XACML and RBAC without their drawbacks. The language 
is attribute-based and context-centric and supports sophisticated error handling and 
ﬂexible decision aggregation methods. We also show the language is able to meet 
requirements from all speciﬁc application domains discussed in this dissertation.",
}