Contextual Privacy Management in Extended Role Based Access Control Model

Ajam, Nabil; Cuppens-Boulahia, Nora; Cuppens, Frédéric

doi:10.1007/978-3-642-11207-2_10

Cited by 19 publications

(28 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The approach we apply in the EPCglobal middleware is policy-driven. It ensures the following features: (i) enforcing a privacy policy without interfering with the standard middleware interface, (ii) using an existing privacy-aware model [1] to store and manage privacy policy preferences, and (iii) taking into account the declared purpose, the accuracy and the consent dimensions as privacy requirements. To show the feasibility of our approach, we provide a proof-ofconcept prototype that we apply on the open-source software for track and trace Fosstrak [7].…”

Section: Introductionmentioning

confidence: 99%

Fine-grained privacy control for the RFID middleware of EPCglobal networks

Tounsi

Cuppens-Boulahia

Cuppens

et al. 2013

Proceedings of the Fifth International Conference on Management of Emergent Digital EcoSystems

Self Cite

View full text Add to dashboard Cite

The Electronic Product Code (EPC) is a Radio Frequency IDentification (RFID) that offers a new way of automating identification. However, once RFID tags carry more than just an identifier, privacy may be violated. Treating the privacy in early stages helps to master the data view before interpreting and storing it in databases. An RFID middleware is the entity that sits between tag readers and database applications. It is in charge of collecting, filtering, aggregating and grouping the requested events from heterogeneous RFID environments. Thus, the system, at this point, is likely to suffer from parameter manipulation and eavesdropping, raising privacy concerns. We propose a privacy controller module that enhances the Filtering and Collection middleware of the RFID EPCglobal network. We provide a privacy policy-driven model using some enhanced contextual concepts of the extended Role Based Access Control model. To show the feasibility of our privacy-enhanced model, we provide a proof-of-concept prototype integrated into the middleware of the Fosstrak framework, an opensource implementation of the EPCglobal specifications.

show abstract

Section: Introductionmentioning

confidence: 99%

Fine-grained privacy control for the RFID middleware of EPCglobal networks

Tounsi

Cuppens-Boulahia

Cuppens

et al. 2013

Proceedings of the Fifth International Conference on Management of Emergent Digital EcoSystems

Self Cite

View full text Add to dashboard Cite

show abstract

“…We defined the notion of meta-criterion to represent abstractions of access control models like the role in RBAC [11], views and activities in OrBAC [15], purposes hierarchies in PRBAC [12], etc. The prefix meta in the scientific vocabulary allows to designate a higher level of abstraction.…”

Section: Meta-criteriamentioning

confidence: 99%

“…The abstraction of roles limits the number of rules. Other notions and abstractions have been introduced in access control models to facilitate the definition and management of authorization policies especially for privacy like the concept of purpose [12], sensitivity of a resource [13], trust [14], accuracy or consent [15]. These access control models offer the possibility to write high level rules that are suited to complex environment.…”

Section: Introductionmentioning

confidence: 99%

KAPUER: A Decision Support System for Privacy Policies Specification

Oglaza¹,

Zaraté²,

Laborde³

2014

Ann. Data. Sci.

View full text Add to dashboard Cite

International audienceWe are using more and more devices connected to the Internet. Our smartphones, tablets and now everyday items can share data to make our life easier. Sharing data may harm our privacy and there is a need to control them. However, this task is complex especially for non technical users. To facilitate this task, we present a decision support system, named KAPUER, that proposes high level authorization policies by learning users’ privacy preferences. KAPUER has been integrated into XACML and three learning algorithms have been evaluated

show abstract

“…OrBAC provides a mature framework for managing contextual policies, and several extensions, e.g., for dynamically deploying security policies [40], whereas a privacy-enhancing version of OrBAC is presented in [43]. However, the contextual representation of privacy concepts decreases the flexibility of the resulting model, since it limits the integration of complex structures of actions (e.g., paths or subworkflows) that may benefit from automatically being evaluated at design time.…”

Section: Related Workmentioning

confidence: 99%

“…Although this could be modelled as a special context (like in [43]), we have chosen to treat purpose as a stand-alone concept, in order to highlight its significance regarding privacy-awareness, as well as distinguish it from realtime parameters and events. Thus, the Purposes (Pu) set is defined, with its members forming hierarchies by means of OR (isA) relations modelling particularisation of a high level purpose to more specific ones; for instance, a purpose PerimeterSecurity specialises the more general purpose NetworkSecurity.…”

Section: Purposesmentioning

confidence: 99%

A privacy-aware access control model for distributed network monitoring

Papagiannakopoulou

Koukovini

Lioudakis

et al. 2013

Computers & Electrical Engineering

Self Cite

View full text Add to dashboard Cite

Despite the usefulness of network monitoring for the operation, maintenance, control and protection of communication networks, as well as law enforcement, network monitoring activities are surrounded by serious privacy implications. Their inherent leakage-proneness is harshened due to the increasing complexity of the monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. However, current approaches present limitations in effectively addressing such privacy issues, as they have not been designed for meeting the particular requirements of distributed network monitoring and conceptualising the corresponding functionalities and infrastructures; additionally, they are not suitable for highly dynamic and distributed environments and for automating privacy-awareness. In this paper, we introduce a new access control model that aims at addressing these concerns; it is conceived on the basis of data protection legislation, as well as distributed network monitoring. The proposed approach provides rich expressiveness, captures all the underlying concepts along with their associations and enables the specification of contextual authorisation policies and * Corresponding author.Email address: epapag@icbnet.ntua.gr (Eugenia I. Papagiannakopoulou) ⋆ This is a revised and expanded version of a paper that appeared in the proceedings of the 4th MITACS Workshop on Foundations & Practice of Security, Paris, France, May 2011, pp. 208-217 [44]. Computers & Electrical Engineering 2011 June 7, 2012 expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules in any possible level of abstraction and in enabling a verification procedure which results in inherently privacy-aware workflows, thus minimising run-time reasoning overheads and fostering the realisation of the Privacy by Design vision. Preprint submitted to Elsevier

show abstract

Contextual Privacy Management in Extended Role Based Access Control Model

Cited by 19 publications

References 6 publications

Fine-grained privacy control for the RFID middleware of EPCglobal networks

Fine-grained privacy control for the RFID middleware of EPCglobal networks

KAPUER: A Decision Support System for Privacy Policies Specification

A privacy-aware access control model for distributed network monitoring

Contact Info

Product

Resources

About