A conditional role-involved purpose-based access control model

Kabir, Md Enamul and Wang, Hua and Bertino, Elisa (2011) A conditional role-involved purpose-based access control model. Journal of Organizational Computing and Electronic Commerce, 21 (1). pp. 71-91. ISSN 1091-9392


This paper presents a conditional role-involved purpose-based access control (CPAC) model, where users dynamically activate conditional roles in accordance with the context attributes. Based on conditional role, access permissions are assigned that represent what can be accessed for what purpose to roles under certain conditions. On the other hand, conditional purpose is applied along with allowed purpose and prohibited purpose in the model. It allows users using some data for certain purpose with conditions (for instance, Tony agrees that his income information can be used for marketing purposes by removing his name). The structure of a CPAC model is defined and investigated. Access purpose is verified in a dynamic behavior, based on user attributes, context attributes, and authorization policies. Intended purposes are dynamically associated with the requested data object during the access decision. An algorithm is developed to achieve the compliance computation between access purposes and intended purposes and is illustrated with role-based access control (RBAC). Access purpose authorization and authentication in the model are studied with the hierarchical purpose structure. The model separates authorization of access purpose from access decision that improves the flexibility of private data control.

Statistics for USQ ePrint 18228
Statistics for this ePrint Item
Item Type: Article (Commonwealth Reporting Category C)
Refereed: Yes
Item Status: Live Archive
Additional Information: © Taylor & Francis Group, LLC. Permanent restricted access to published version due to publisher copyright policy.
Depositing User: Mr Md Enamul Kabir
Faculty / Department / School: Historic - Faculty of Sciences - Department of Maths and Computing
Date Deposited: 29 Jun 2011 12:57
Last Modified: 13 Oct 2014 22:28
Uncontrolled Keywords: access control; privacy; purpose; role-based access control (RBAC); conditional role-involved purpose-based access control (CPAC)
Fields of Research (FOR2008): 08 Information and Computing Sciences > 0806 Information Systems > 080604 Database Management
08 Information and Computing Sciences > 0804 Data Format > 080402 Data Encryption
08 Information and Computing Sciences > 0803 Computer Software > 080303 Computer System Security
Socio-Economic Objective (SEO2008): B Economic Development > 89 Information and Communication Services > 8902 Computer Software and Services > 890299 Computer Software and Services not elsewhere classified
Identification Number or DOI: doi: 10.1080/10919392.2011.541007
URI: http://eprints.usq.edu.au/id/eprint/18228

Actions (login required)

View Item Archive Repository Staff Only