MD Arif
, IJRIT 332 International Journal of Research in Information Technology
(IJRIT)
www.ijrit.com ISSN 2001-5569
Purpose Based Access Control; an Approach towards Privacy Preserving In Relational Database
MD Arif, Pushpalatha S,Henin Roland Karkada, Sunil Saumya, Shilpa V
M.Tech in Computer Network & Engineering
Center for PG Studies VTU, Belgaum, Karnataka, India [email protected]
Professor, Department of Computer Network & Engineering Center for PG Studies VTU, Belgaum, Karnataka, India
M.Tech Student, Department of Computer Science and Engineering Center for PG Studies VTU, Belgaum, Karnataka, India
M.Tech in Computer Network & Engineering Center for P.G Studies VTU, Belgaum, Karnataka, India
M.Tech in Computer Network & Engineering Center for PG Studies VTU, Belgaum, Karnataka, India
Abstract
Ever since the evolution of internet, privacy of information is the main concern and the access of this information is the most important issue in privacy preserving. The existing system provides just access based on roles. To overcome the issue of excess use of data by the subjects Purpose Based Access Control has been proposed. This system also allows client to restrict the exposure of personal information to the different subjects who request the information to process the query. This system can be considered as the next generation access control. It enables the Finer-grained access control for the subjects who wants to access the information and provides access based upon the purpose for what they need to access the data.
This work provides a foundation for developing appropriate security solutions for organizations secures information and contributes to the highest security.
Keywords: IP, AIP, PIP, Access, Policy, Purpose.
1. Introduction
The current information technologies allows users to perform their business task virtually anytime and anywhere and also allows to store all kinds of information which client reveals during their activities.
Nowadays the demand is increasing for more effective healthcare services, since these E-Healthcare service portals contains a lot of useful and sensitive information about the user. The fact that this private
MD Arif
, IJRIT 333
information of user can be attacked by a false user and can be collected and stored. And this information can be used against the user without even his consent. E-healthcare centers provide very good information to the user about medical issues but it is very risky since it contains very large or huge amount of data internationally to provide accurate service. The risk also increases with it, especially when the patient’s information is concerned as the most private information. Securing the privacy is a very big concern. In this proposed system the privacy is maintained according to the purpose defined by the service provider. The policies should be created in such a manner that no particular single user of the data information can make out any private information from the data.
1.1 Purpose Based Access Control Model
In general access control is used for permitting access to resources according to their identities authentication and associated privileges authorization. A brief description about access control and different models of authorization is discussed. The traditional access control model only checks whether the user have the authorization rights for the particular data object or resource.
1.2 Defining Purpose
The intent of purpose is defined as a policy which specially deals with the kind of data to be used with which particular purpose. And a purpose itself directly dictates how the access to particular data object is controlled. The purpose usually has hierarchical relationship between them which helps in organization of the purposes and also simplifies the management of the purposes.
1.3 Core components of the proposed model
Subject, Subject attribute, Object, Object attributes Rights, Obligations, Authorization and Condition. The Authorization, Obligation and Condition are control decision components as shown in below Figure1.
Based on subject and object attribute the control decision of proposed system will permit or deny the authorization rights for the particular user. Obligation provides the requirements to be produced by the user either at the beginning or during the process. There is a Condition which specifies the restriction given by the system environment for security purpose.
Figure.1 Components of Purpose Based Access Control Model
1.4 Problem Statement
The existing systems provide access to the employees based on the role based access control. The employees get access to more data than required to process/perform specific task. Even though the clients sign SLA with the service provider, still they don’t have guarantee of whether their data is preserved or not.
The clients should be able to know how much their data is being exposed to the employees.
MD Arif
, IJRIT 334 1.5 Objective
In this paper the data users (employees) are restricted according to the purpose defined by the Admin of the service provider in order to process respective query of the client. Even the client should also be able to restrict these employees from how much they can access the data of client.
2. Proposed System
The System proposes a Purpose Based Access Control which gives user or the customers the option to restrict their personal data according to their own policy – Privacy Policy. The Admin then decides the access policies for the employees. The admin also defines the purpose definition; which purpose needs how much data to be accessed.
And based upon these three things that is, IP (Intended purpose/purpose definition), AIP (Allowed intended purpose/Access policy) and PIP (Prohibited intended Purpose/privacy policy). A compliance check happens between these three things and finally employees get the access to only what remains; in this way the client’s privacy is preserved to a large extent.
2.1 Advantages of Proposed system
It is a finer grained access control system. The user can keep control over his privacy policy. The user can himself directly control the usage of his access by the employees of service provider. The admin defines the access policy for each type of employee and finally defines the purpose. Employee gets access according to the compliance check.
2.2 Algorithm
Input: Subject s needs to access right on object ‘o’ with access purpose (pu) Output: Accept or deny accesses
Method
1) Verify the compliance between ip and pu, If ip ∈ aip and ip ∈ pip go to the next step; otherwise the access purpose is not compliant and the ACCESS is denied;
2) endif;
3) Verify pre-Authorization;
4) if preA(ATT(s), r) = false; The process in pre-Authorization is not successful 5) ACCESS denied;
6) endif;
7) SOP ⊆ SP × IP (subject object purpose) ; Subjects with the access purpose can access the private Information.
8) ACCESS accepted Verify ongoing Authorization
9) if onA(ATT(s), ATT(o),ip, r) = false; The process in Authorization is failed, don't need further verification;
10) Application denied;
11) endif;
12) if ip ≠> Pu
ap is not compliant to pu any longer 13) Application denied;
Subjects with access purpose can continue to access the private information.
The above algorithm shows how the access of the object can be controlled or restricted based upon the purpose for which the subject wants to access the data/object.
2.3 Modules
1) Authorization 2) Cryptography 3) Purpose definition 4) Policies5) Compliance check.
MD Arif
, IJRIT 335
1) Authorization
Whenever any subject needs access to the data the authorization will be provided to the subject based upon the compliance check.
2) Cryptography
Cryptography usually consists of encryption and decryption. Hence AES (Advanced Encryption Standards) is the technique used here for encryption and decryption.
3) Purpose definition
The admin defines the purpose which means the access rights required to process the particular data or query which is also known as the intended purpose (IP).
4) Policies
Policies are the set of protocols or rules which needs to be applied in order to achieve the planned outcome.
Here two types of policies being used in this system:
• Access policy
• Privacy policy
Access policy (AIP) is defined by the Admin like which employee of its organization can use how much of the data from his database.
Privacy policy (PIP) is defined by the client himself. This is done to restrict the usage of his personal data in order to provide the service.
5) Compliance check
Once the IP, AIP and PIP is defined then before giving authorization to the employee; compliance check happens which checks whether the employee is authorized or not based upon the algorithm mentioned above.
3. Results and Discussions
This chapter presents the results obtained from the developed system and discusses the same. There is a main page in GUI where the user needs to enter the details to register. After figure after login client can see his profile and can select following menus given in the grid form like query, past details, privacy policy, get results etc.
Figure.2 User Query Submission
MD Arif
, IJRIT 336
Figure.3 Privacy Policy
The user is allowed to provide his own privacy policy like which employee can access how much of his data. The admin can see his profile after login and can perform the following task like he can assign access policy, define purpose sign out etc.
Figure.4 Encrypted Text
As shown in the Figure 4, the admin will not be able to see the details of the user. As soon as the user enters his details it gets encrypted and stored.
Figure.5 Access Policy
MD Arif
, IJRIT 337
As shown in Figure 5, the admin can define the access policy for each of his employee of what details can they access and till what extent they can access those.
Figure.6 Define Purpose
The purpose definition is the main process, hence Admin needs to be very clear like what access he is defining and should be given in a manner that it should not hinder the privacy and access policies.
An employee after login can view his profile to see what he is allotted.
Figure.7 Allowed Access to Employee
Whenever the employee selects any purpose compliance; check happens in the background, and he will get access only to the data for which he is allowed for.
Figure.8 Decrypted Text
As shown in Figure 8, if the employee has the read access for some particular data than he will be able to decrypt it, and read the contents of it.
MD Arif
, IJRIT 338
Figure.9 File downloading by employee high end privilege needs condition
As shown in Figure 9, whenever an employee wants to download the past details file of the user which is marked as the high end privilege; as it may contain the sensitive data, so the employee needs to satisfy some condition and can be able to download the file.
Finally the employee uploads the processed file to the user, and user downloads the file and gets his result.
4. Conclusions and Future Work
In this paper, it is demonstrated that the subject who wants to access the data should get the access depending upon the purpose for which they wants to access the data. The user or client should be able to prevent or able to control the exposure of his data to others. Purpose based access control provides an approach for the next generation of access control. This topic is the extension to the old and very popular access control which is role based access control. The results shows that definitely this topic is better than role based access control, since it is the extension to role based access control and makes use of role based mechanism.
There are lots of opportunities for future work in this topic as it is very new in the field of access control hence a lot of future wok can be done in order to get better performance and ease of access and before these models can be used in practice.
References
[1] Challenges in eHealth From Enabling to Enforcing Privacy Naipeng Dong⋆, Hugo Jonker, and Jun Pang Faculty of Sciences, Technology and Communication, University of Luxembourg, Luxembourg.
[2] Int. J. Internet and Enterprise Management, Vol. 6, No. 4, 2010, Inderscience Enterprises Ltd.
Information security and privacy in healthcare current state of research Ajit Appari and M. Eric Johnson [3] Access Control Requirements for Processing Electronic Health Records Bandar Alhaqbani and Colin Fidge.
[4] Setting Access Permission through Transitive Relationship in Web-based Social Networks Dan Hong and Vincent Y. Shen.
[5] Extensions to the Role Based Access Control Model for Newer Computing Paradigms Ramadan Abdunabi and Indrajit Ray Colorado State University Computer Science Department.
[6] Privacy and Security in Electronic Health Dr. Stefan Brands Credentica Inc. [email protected] Version 1.0 of March 10, 2003
[7] A Role-based Access Control Security Model for Workflow Management System in an E-healthcare Enterprise by Lang Zhao ,2008.
[8] Hung, P. C. K., "Towards a privacy access control model for e-Healthcare services", In Proceedings of the third annual conference on privacy, security and trust, October pp. 12-14, 2005.
[9] Motta, G. H. M. B., Furuie, S. S., "A contextual role-based access control authorization model for electronic patient record", IEEE Transactions on Information Technology in Biomedicine, vol. 7, no. 3, pages 202- 207, 2003.
[10] Park, J., Sandhu, R., "Towards usage control models beyond traditional access control", In Proceedings of the seventh ACM symposium on Access control models and technologies, ACM Press, page 57-64. 2002.
[11] Park, J., Sandhu, R., Schifalacqua, J., "Security architectures for controlled digital information dissemination", In Proceedings of 16th Annual Computer Security Application Conference, December 2003.
MD Arif
, IJRIT 339 Authors Profile
.
MD Arif is currently pursuing M.Tech in Computer Network Engineering at Center for PG Studies, (VTU), Belgaum.
He received his Bachelor of Engineering in Computer Science from Dr. AIT Bengaluru. His areas of interests include Cryptography and Mobile Computing.
Mrs. Pushpalatha S is currently working as a Professor in Dept. of Computer Network and Engineering, Center for PG Studies, VTU Belgaum. She has completed her Masters in Computer Network Engineering from the National Institute of Engineering, Mysore, Karnataka and her Bachelors of Engineering in Electronics and Communication and Engineering from Coorg Institution of Technology, Kodagu, Karnataka. She has an overall of 7 years of teaching experience and handled subjects like Network Security, Computer Networks, Wireless Communication and Digital Communication. Her recent interests include Network Security and Cryptography.
Henin Roland Karkada is currently pursuing M.Tech in Computer Science at Center for PG Studies, (VTU), Belgaum. He received his Bachelor of Engineering in Computer Science from Mangalore Institute of Technology (MITE) Mangalore. His areas of interests include Content Based image Retrieval, Cloud Computing, Cryptography and Semantic Web.
Sunil Saumya is currently pursuing M.Tech in Computer Network Engineering at Center for PG Studies, (VTU), Belgaum. He received his Bachelor of Engineering in Computer Science from Lovely Professional University, Punjab.
His areas of interests include Cryptography and Mobile Computing.
MD Arif
, IJRIT 340
Shilpa V is currently pursuing M.Tech in Computer Network Engineering at Center for PG Studies, (VTU), Belgaum.
She received her Bachelor of Engineering in Electronics and Communications from Dr. SMCE, Byranayakanahalli, Bengaluru. Her areas of interests include Cryptography and Mobile Computing.
shilpav92 @gmail.com
