Security: Privacy-aware Role Based Access Control (P-RBAC)

Privacy-aware Role Based Access Control
Qun Ni, Purdue University, USA, ni@cs.purdue.edu
Alberto Trombetta, Insubria University, Italy, alberto.trombetta@uninsubria.it
Elisa Bertino, Purdue University, USA, bertino@cs.purdue.edu
Jorge Lobo, IBM T.J. Watson, USA, jlobo@us.ibm.com

SACMAT’07, June 20-22, 2007, Sophia Antipolis, France.
Copyright 2007 ACM 978-1-59593-745-2/07/0006 ...$5.00.

1. INTRODUCTION
Privacy is today a key issue in information technology and has received increasing attention from consumers, companies, researchers and legislators. Legislative acts, such as Health Insurance Portability and Accountability Act (HIPAA) [25] for healthcare and Gramm Leach Bliley Act (GLBA) [26] for financial institutions, require enterprises to protect the privacy of their customers. Although enterprises have adopted various strategies to protect customer privacy and to communicate their privacy policies to customers, ... in these approaches there are not systematic mechanisms that describe how consumer personal data is actually handled after it is collected. Privacy protection can only be achieved by enforcing privacy policies within an enterprise’s online and offline data processing systems. Otherwise, enterprises’ actual practices might intentionally or unintentionally violate the privacy policies published at their websites.

Conventional access models, such as Mandatory Access Control (MAC), Discretionary Access Control (DAC), and Role Based Access Control (RBAC) [11, 22], are not designed to enforce privacy policies and barely meet privacy protection requirements[12], particularly, purpose binding (i.e. data collected for one purpose should not used for another purpose without user consent), conditions and obligations. The significance of purposes, conditions, and obligations
originates from OECD Guidelines [19] on the Protection of Privacy and Transborder Flows of Personal Data, current privacy laws in the United States, and public privacy policies of some well know organizations. The OECD guidelines are, to the best of our knowledge, the most well
known set of private information protection principles, on which many other guidelines, data-protection laws, and public privacy policies are based. Purposes are directly applied in the OECD Data Quality Principle, Purpose Specification Principle, and Use Limitation Principle. Purposes are also widely used for specifying privacy rules in legislative acts and actual public policies. HIPPA[25] rules clearly state purposes. The majority of public privacy documents posted at well known sites also specify purposes.
[Page 41]

ACM Digital Library Article (Member Access Only)