Xin Qiao,Lixiaoyang Wang,Bo Qin,Hong Chen,Suyun Zhao

DOI: https://doi.org/10.23919/APSIPA.2018.8659546

2018-01-01

Abstract:In the information era, users are increasingly communicating with each other through mobile devices, and making their personal information more and more involved in the network. As a result, security risks also greatly increase. In such a situation, this paper presents a privacy protection scheme based on access control. By adding permission bits to privacy data for access control and classifying multiple privacy situations, we give the corresponding solutions. This article has improved the existing roles concept and put forward the new concept of identity. It gives fine-grained access to different visitors. The visitors' identities are hierarchically defined and the partial order relation is used to determine the identity level. In order to match the basic principle of “High-level identities cannot modify low-level secrets. Low-level identities cannot read high-level information”, the program requires that high-level identities can be transferred into low-level identities and identities must be transferred according to corresponding privacy level. With the flexible permission settings, it can be applied to various privacy protection situations.

Feng Gao,Jingsha He,Shufen Peng,Xu Wu,Xiu Liu

DOI: https://doi.org/10.1109/NSWCTC.2010.227

2010-01-01

Abstract:Privacy protection is one of the important topics in network security. Although a lot of work has been done, there are still some open issues and challenges that need to be addressed. Now, open and dynamic computing environments offer flexible and convenient sharing of information and services for users. Consequently, there exist a lot of different policies for privacy protection to deal with dynamic changes in each application scenario. This raises the issue of privacy policy specification. Although trust can help protect user privacy, the use of unified trust values or a simple trust rank cannot satisfy the requirement for privacy protection because different privacy may need its own trust evidence for the evaluation of trust. To solve this problem, we propose a novel approach for privacy protection based-on ontology in this paper. Our main contributions in this paper include (1) specifying privacy policies in a semantic way and (2) abstracting the policies as trust attributes for privacy ontology. In addition, our method can be used to protect sensitive policies at the same time.

Fei Xu,Jingsha He,Xu Wu,Jing Xu

DOI: https://doi.org/10.1109/NSWCTC.2009.125

2009-01-01

Abstract:Privacy is one of the most important issues in providing high-quality ubiquitous network services to users over the Internet. Although several privacy aware access control models have been proposed in recent years, these models still rely mostly on the traditional access control models designed primarily for security. When privacy becomes a main concern, these models are no longer adequate. In this paper, we propose a three-dimensional access control model enhanced with privacy and show that our model can be used as a general method for defining privacy requirements in systems that respect and protect user privacy. By introducing the notions of privacy-concerning subjects and privacy access rights and enhancing the traditional two-dimensional access control models with a third dimension, we demonstrate that our privacy-enhanced access control model can better describe and support user requirements for protecting private information when access control is used for making access decisions to user information.

Yuan Tian,Biao Song,Mohammad Mehedi Hassan,Eui-Nam Huh

DOI: https://doi.org/10.3837/tiis.2012.10.016

2012-01-01

KSII Transactions on Internet and Information Systems

Abstract:The growing concern for the protection of personal information has made it critical to implement effective technologies for privacy and data management. By observing the limitations of existing approaches, we found that there is an urgent need for a flexible, privacy-aware system that is able to meet the privacy preservation needs at both the role levels and the personal levels. We proposed a conceptual system that considered these two requirements: a graph-based, access control model to safeguard patient privacy. We present a case study of the healthcare field in this paper. While our model was tested in the field of healthcare, it is generic and can be adapted to use in other fields. The proof-of-concept demos were also provided with the aim of valuating the efficacy of our system. In the end, based on the hospital scenarios, we present the experimental results to demonstrate the performance of our system, and we also compared those results to existing privacy-aware systems. As a result, we ensured a high quality of medical care service by preserving patient privacy.

Zhuo CHEN,Hai-li WEI,Zong-tao ZHAO,Xiao-ming WANG,Zhu-lin LI

DOI: https://doi.org/10.3969/j.issn.1673-629X.2005.04.037

2005-01-01

Abstract:Access control is one of the kernel policies of information system security, and it constitutes the security infrastructure used for saving, processing and transmitting data in information system with cryptography, authentication, auditing, intrusion detection etc. Access control is a very important aspect of the computer information protection, which has been greatly emphasized in recent years. In this paper, several main technologies, such as discretionary access control, mandatory access control, role-based access control, are introduced. The formal definition and some rules are given, then the advantage and disadvantage of each technology is analyzed. Role-based access control is discussed in detail,and prove that the RBAC adapts the application requirement evenmore.

Fei Xu,Jingsha He,Xu Wu,Jing Xu

DOI: https://doi.org/10.1109/IEEC.2010.5533251

2010-01-01

Abstract:Privacy is considered to be a critical issue for providing high quality ubiquitous network services to users over the Internet. User's privacy should be protected and access to privacy information must be controlled in accordance with user's privacy preferences. Existing privacy-aware access control strategies often store all the privacy access control policies on the server side and thus fail to consider the dynamic nature of privacy preferences. In this paper, we propose a user-centric privacy-enhanced access control model and show that our model takes the dynamic nature of user's privacy preferences into consideration and can thus fulfill any kind of privacy requirements. By separating access policies apart from privacy policies, which are now stored at user side and therefore fully under user's control, we demonstrate that our model can provide users with a flexible way of controlling privacy policies that are consistent with their preferences.

Yuan Tian,Biao Song,Eui-nam Huh

DOI: https://doi.org/10.1145/1821748.1821827

2009-01-01

Abstract:Privacy issue is receiving a great deal of attention since the need of privacy is increasing and new threats are emerging. The growing concern of users for their personal information has made it critical to implant effective technologies for privacy and data management. A common way for privacy preservation is restricting access to data like the classic Role-based Access Control (RBAC) Model. But the RBAC is limited as it does not provide users enough flexibilities and functionalities. In order to minimize the disclosure of data and support higher flexibilities for users to manage their privacy information, this paper provides a privacy data graph based on the traditional RBAC model to illustrate the linkage between data elements. Moreover, the notion of purpose is added to specify the intended usage of data and allow users to set personal privacy preferences through purpose. A case study in the healthcare domain is provided. As our model is generic, it can be also adapted to other fields. A detailed view of our proposed privacy system with experimental result is provided.

YANG Qiu-wei,LIU Ling,LI Ken-li,TANG Zhuo

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.06.011

2010-01-01

Computer Science

Abstract:Privacy preservation is a vital problem to share resource and collaboration among multi-domains.We analyzed the privacy leakage problems of current access control models,and then proposed a role-based access control model supporting privacy preservation.The model is based on identify-based encryption,avoiding a number of drawbacks in traditional role-based access model and making privacy preservation among multi-domains come true.Finally,we analyzed and certificated the security of the model in details by random oracle,and the model meets the IND-CCA2 mantic security.According to the simulation,the method is a practical model.

Nafei Zhu,Baocun Chen,Siyu Wang,Da Teng,Jingsha He

DOI: https://doi.org/10.1007/s10796-021-10180-2

2021-01-01

Information Systems Frontiers

Abstract:Privacy protection has received a lot of attention in recent years since in the era of big data, abundant information about individuals can be easily acquired. Meanwhile, as a prerequisite for effective privacy protection, the measurement of privacy disclosure is essential. Although some work has been done on the evaluation of privacy disclosure via quantification for the protection of privacy, not much attention has been placed on exploring the relationships between privacy information, resulting in underestimation, if not ill-formed reasoning, of privacy disclosure. In this paper, we propose an ontology-based approach to measure privacy disclosure by exploring the relationships between privacy information based on the WordNet. We first propose an algorithm for deriving or measuring privacy disclosure based on a set of words or concepts from text data related to individuals to ensure that the disclosure of certain user privacy can still be deduced and measured even if the set of words or concepts don't seem to be much related to it. We then perform a set of experiment by applying the proposed algorithm to some public information of ten public figures from different walks of life to evaluate the effectiveness of the algorithm and to shed some light on the characteristics of privacy disclosure in the real world in the era of big data. The work can thus serve as the foundation for the development of mechanisms for limiting or reducing privacy disclosure to achieve better protection of individual privacy.

Sven Hartmann,Hui Ma,Panrawee Vechsamutvaree

DOI: https://doi.org/10.1007/978-3-662-54054-1_5

2016-01-01

Abstract:Web services have emerged as an open standard-based means for publishing and sharing data through the Internet. Whenever web services disclose sensitive data to service consumers, data privacy becomes a fundamental concern for service providers. In many applications, sensitive data may only be disclosed to particular users for specific purposes. That is, access to sensitive data is often restricted, and web services must be aware of these restrictions such that the required privacy of sensitive data can be guaranteed. Privacy preservation is a major challenge that has attracted much attention by researchers and practitioners. Hippocratic databases have recently emerged to protect privacy in relational database systems where the access decisions, allowed or denied, are based on privacy policies and authorization tables. In particular, the specific purpose of a data access has been considered. Ontologies has been used to represent classification hierarchies, which can be efficiently accessed via ontology query languages. In this paper, we propose an ontology-based data access model so that different levels of data access can be provided to web service users with different roles for different purposes. For this, we utilize ontologies to represent purpose hierarchies and data generalization hierarchies. For more complex service requests that require composite web services we discuss the privacy-aware composition of web services. To demonstrate the usefulness of our access control model we have implemented prototypes of financial web services, and used them to evaluate the performance of the proposed approach.

Xuezhen Huang,Jiqiang Liu,Zhen Han

DOI: https://doi.org/10.1007/978-3-319-27998-5_13

2015-01-01

Abstract:With development of information technology and communication, corporations and individuals will collect some digital information to support information-based decisions. However, under some conditions, if all original data are released, some privacy will be disclosed, which will threaten data security and data privacy. Therefore, data owners will take some security measures. Role-based access control may authorize related original data accessed by users according to their roles. Privacy-preserving technology release processed data to avoid privacy disclosure. Nevertheless, existing privacy-preserving technologies lack continuity and are quite inefficient. This paper establishes an access model about on anonymized data and combines with the foregoing two security measures. On the premise that data security and data privacy are ensured, there is more flexibility and diversity and work efficiency is improved as well.

Qingsheng Zhang,Yong Qi,Jizhong Zhao,Di Hou,Tianhai Zhao,Liang Li

DOI: https://doi.org/10.1109/icccn.2007.4318009

2007-01-01

Abstract:By using personal information in a pervasive computing environment, context-aware applications can provide appropriate services for people. This personal information is often involved in personal privacy. In order to protect personal privacy concerns about personal information, privacy role is proposed to control access personal information. We also construct an information system about the privacy decision of personal information disclosure based on people's interaction history. In the initial period of personal information disclosure, the privacy decision is made by people and the information system is constructed based on the decision data. Then privacy disclosure policies are extracted from this information system using rough set theory. According to deducing from the privacy disclosure policies and people's context information, the context-aware application is assigned to an adequate privacy role. It reduces the distraction of privacy decision for people. A case study further shows the proposed method is effective. Finally, it provides about the overload performance of privacy role analysis engine.

QIAN Ji-an,JIANG Xing-hao,SUN Tan-feng

DOI: https://doi.org/10.3969/j.issn.1009-8054.2011.02.029

2011-01-01

Abstract:With more and more information collected via networks,customers' requirements for privacy protection could be satisfied by making privacy policies by themselves.Privacy ontology reflects the common knowledge of privacy and customers' basic needs for privacy protection.Privacy ontology-based personalized access control(PO-PAC)model adopts common policies in combination with personalized policies based on privacy ontology.Users' personalized requirements with different granularity are realized by multi-level chain activation mode.

Bai Wen-yang

2010-01-01

Abstract:The development of modern information technology and digitalization of the daily lives brings security database new challenges. It is necessary for a security database to provide access control and privacy protection mechanism to ensure the legal use of data and to prevent privacy breach. This paper introduced an integrated security model which could provide the functions of privacy protection and access control simultaneously by building the connection between the validity of query in parameterized authorization view model and the suspiciousness of a conjunctive select-project-join query in online query audit model, it also designed a polynomial time detecting algorithm and two incorporating frameworks for the integrated model to provide higher performance and fine-grained access control in modern database systems.

Malik Imran-Daud

DOI: https://doi.org/10.48550/arXiv.1612.09527

2016-12-30

Cryptography and Security

Abstract:Thanks to the advent of the Internet, it is now possible to easily share vast amounts of electronic information and computer resources (which include hardware, computer services, etc.) in open distributed environments. These environments serve as a common platform for heterogeneous users (e.g., corporate, individuals etc.) by hosting customized user applications and systems, providing ubiquitous access to the shared resources and requiring less administrative efforts; as a result, they enable users and companies to increase their productivity. Unfortunately, sharing of resources in open environments has significantly increased the privacy threats to the users. Indeed, shared electronic data may be exploited by third parties, such as Data Brokers, which may aggregate, infer and redistribute (sensitive) personal features, thus potentially impairing the privacy of the individuals. A way to palliate this problem consists on controlling the access of users over the potentially sensitive resources. Specifically, access control management regulates the access to the shared resources according to the credentials of the users, the type of resource and the privacy preferences of the resource/data owners. The efficient management of access control is crucial in large and dynamic environments. Moreover, in order to propose a feasible and scalable solution, we need to get rid of manual management of rules/constraints (in which most available solutions rely) that constitutes a serious burden for the users and the administrators. Finally, access control management should be intuitive for the end users, who usually lack technical expertise, and they may find access control mechanism more difficult to understand and rigid to apply due to its complex configuration settings.

Yuying Qi,Xuanxia Yao,Tao Zhu,Huansheng Ning

DOI: https://doi.org/10.1016/j.comnet.2019.03.017

IF: 5.493

2019-01-01

Computer Networks

Abstract:Web Ontology Language (OWL) designed to represent the class and relationships between classes is bringing a technological revolution in the Semantic Web. More and more knowledge is stored in the form of OWL. OWL repository refers to the systems that can store, query and infer OWL data. In OWL repository, information that users are forbidden to access (sensitive triples) can be inferred from information that the user have access to (non-sensitive triples) through inference rules, which brings about a security problem that some users’ sensitive information may be leaked. To protect sensitive triples, some researches have been done on the security problem, which mainly focus on removing some non-sensitive triples with low access frequency to achieve inference control. However, access frequency of a triple is unstable and it can not fully represent the importance of semantic information. In this paper, an inference control algorithm based on Semantic Value and access frequency is proposed. We introduced the concept of Degree of triples and Semantic Value, which can fully represent the importance of the semantic information represented by the triple. Moreover, we did experiments from the perspective of protecting sensitive triples of every user. Experimental results show that this algorithm can effectively prevent illegal inference and minimize the loss of semantic information.

Haiwei Xue,Yiqi Dai

DOI: https://doi.org/10.1504/ijcc.2012.049768

2012-01-01

International Journal of Cloud Computing

Abstract:Transparent computing system provides services, including OS, applications, data, etc., for end users, in which users can request the computing and storages resources according to their requirement. It is important to protect the data in transparent computing system, especially to enhance the privacy protection. In some cases, security threats are not only from malicious users or viruses but also include inside leaks, which cannot be prevented by current security systems. We proposed system-based privacy protection model for transparent computing systems in this paper. Our model is based from mandatory access control and we use formal methods to analysis the privacy protection problem. Our model is a state machine model, which have five state transition rules and all these rules can be proved to be safe by formally description method. So if we use these rules in transparent computing system, and make sure that the initial state is secure, the transparent computing system is always keep state secure.

Shunan Ma,Jingsha He,Xunbo Shuai,Zhao Wang

DOI: https://doi.org/10.1109/SocialCom.2010.154

2010-01-01

Abstract:In an open distributed environment, protection of sensitive files and data becomes more difficult. Traditional access control mechanisms are not suitable for such dynamic environment. Trust can be an effective approach to solve the access control problem. In this paper, by considering fuzziness and uncertainty of trust, we propose a trust quantification algorithm based on grey fuzzy comprehensive evaluation method. Then we present an access control model based on trust quantification. Simulation results show that our mechanism is suitable for dynamic access control in distributed environment.

Jihane El Mokhtari,Anas Abou El Kalam,Siham Benhaddou,Jean-Philippe Leroy

DOI: https://doi.org/10.18280/ijsse.110504

2021-10-31

International Journal of Safety and Security Engineering

Abstract:This article is devoted to the topic of coupling access and inference controls into security policies. The coupling of these two mechanisms is necessary to strengthen the protection of the privacy of complex systems users. Although the PrivOrBAC access control model covers several privacy protection requirements, the risk of inferring sensitive data may exist. Indeed, the accumulation of several pieces of data to which access is authorized can create an inference. This work proposes an inference control mechanism implemented through multidimensional analysis. This analysis will take into account several elements such as the history of access to the data that may create an inference, as well as their influence on the inference. The idea is that this mechanism delivers metrics that reflect the level of risk. These measures will be considered in the access control rules and will participate in the refusal or authorization decision with or without obligation. This is how the coupling of access and inference controls will be applied. The implementation of this coupling will be done via the multidimensional OLAP databases which will be requested by the Policy Information Point, the gateway brick of XACML to the various external data sources, which will route the inference measurements to the decision-making point.

Li Cai,Cheng Lu,Chunjie Zhang

DOI: https://doi.org/10.1109/ITAPP.2010.5566223

2010-01-01

Abstract:With the rapid development of the Internet, people increasingly pay attention to the users' online privacy issues. And so , building privacy domain-specific ontology is a necessary method for using and protecting privacy data among computer systems. Ontology is an explicit conceptualization for specific domain and is used in natural language processing, information retrieval, knowledge sharing and other fields widely. This paper introduces the principles and steps of building a privacy ontology, and studies a basic concept of privacy ontology and describes the ontology with OWL, and then gives the methods system of the privacy ontology establishment. At the same time, this paper makes a preliminary analysis of the consistency of privacy ontology. The privacy ontology building realizes knowledge sharing and the reuse of privacy domain and helps to protect and manage the online privacy of Internet users.