Accountability in the A Posteriori Access Control: A Requirement and a Mechanism

Dernaika, Farah; Cuppens-Boulahia, Nora; Cuppens, Frédéric; Raynaud, Olivier

doi:10.1007/978-3-030-58793-2_27

Cited by 1 publication

(1 citation statement)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Proposals providing supporting facilities for transforming the GDPR's text into executable access control policies. In this case, the policies are either systematically derived from the GDPR, e.g., [4,5] or generated through intermediate formal structures [6,7].…”

Section: General Data Protection Regulationmentioning

confidence: 99%

Data Protection by Design in the Context of Smart Cities: A Consent and Access Control Proposal

Daoudagh

Marchetti

Savarino

et al. 2021

Sensors

View full text Add to dashboard Cite

The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR’s provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users’ consents, while ensuring selective and minimal disclosure of personal information as well as user’s unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.

show abstract