Li, Min and Wang, Hua and Plank, Ashley (2009) Privacy-aware access control with generalization boundaries. In: 32nd Australasian Computer Science Conference (ACSC 2009), 19-23 Jan 2009, Wellington, New Zealand.
Text (Published Version )
Privacy is today an important concern for both data providers and data users. Data generalization can provide signicant protection of an individual's privacy, which means the data value can be replaced by a less specic but semantically consistent value and the personal information can be collected in a generalized form. However, over-generalized data may render data of little value. A key question is whether or not a certain generalization strategy provides a sufficient level of privacy and usability? In this paper, we introduce a new approach, called privacy-aware generalization boundaries, which can satisfy the requirements of both data providers and data users. We propose a privacy-aware access control model related to a retention period. Formal definitions of authorization actions and rules are presented. Further, we discuss how to manage a valid access process and analysis the access control policy. Finally, we extend our model to support highly complex privacy-related policies by taking into account features of obligations and conditions.
|Item Type:||Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)|
|Additional Information:||Deposited in accordance with the copyright policy of the publisher. Copyright c 2009, Australian Computer Society, Inc. This paper appeared at the Thirty-Second Australasian Computer Science Conference (ACSC2009), Wellington, New Zealand. Conferences in Research and Practice in Information Technology (CRPIT), Vol. 91, Bernard Mans, Ed. Reproduction for academic, not-for profit purposes permitted provided this text is included.|
|Uncontrolled Keywords:||privacy; access control; generalization|
|Subjects:||280000 Information, Computing and Communication Sciences > 280500 Data Format > 280505 Data Security
280000 Information, Computing and Communication Sciences > 280100 Information Systems > 280102 Information Systems Management
280000 Information, Computing and Communication Sciences > 280100 Information Systems > 280108 Database Management
|Depositing User:||Ms Min Li|
|Date Deposited:||01 Jul 2010 03:18|
|Last Modified:||29 Jul 2013 06:25|
Actions (login required)
|Archive Repository Staff Only|