Privacy Aware Access Control

Top PDF Privacy Aware Access Control:

Vol 3, No 8 (2015)

Vol 3, No 8 (2015)

Privacy protection mechanism is required to meet along with the privacy requirements. The challenges of privacy-aware access control are similar to the problem of workload-aware anonymization. In our analysis of the related work, we focus on query-aware anonymization. For the state of the art in k-anonymity techniques and algorithms, we refer the reader to a recent survey paper [3]. Workload-aware anonymization is first studied by LeFevre et al. [14]. They have proposed the Selection Mondrian algorithm, which is a modification to the greedy multidimensional partitioning algorithm Mondrian [13]. In their algorithm, based on the given query-workload, the greedy splitting heuristic minimizes the sum of imprecision for all queries. Iwuchukwu and Naughton have proposed an Rþ-tree based anonymization algorithm [6]. The authors illustrate by experiments that anonymized data using biased Rþ-tree based on the given query workload is more accurate for those queries than for an unbiased algorithm. Ghinita et al. have proposed algorithms based on space filling curves for k-anonymity and l-diversity [7]. They also introduce the problem of accuracy-constrained anonymization for a given bound of acceptable information loss for each equivalence class [8]. Similarly, Xiao et al. [1] propose to add noise to queries according to the size of the queries in a given workload to satisfy differential privacy. However, bounds for query imprecision have not been considered.
Show more

5 Read more

Privacy and Security Ensured Database Rights Management Scheme

Privacy and Security Ensured Database Rights Management Scheme

constraints that the privacy protection mechanism is required to meet along with the privacy requirements. The challenges of privacy-aware access control are similar to the problem of workload-aware anonymization. In our analysis of the related work, we focus on query-aware anonymization. For the state of the art in k-anonymity techniques and algorithms, we refer the reader to a recent survey paper [3]. Workload-aware anonymization is first studied by LeFevre et al. [5] They have proposed the Selection Mondrian algorithm [4], which is a modification to the greedy multidimensional partitioning algorithm Mondrian. In their algorithm, based on the given query-workload, the greedy splitting heuristic minimizes the sum of imprecision for all queries. Iwuchukwu and Naughton have proposed an Rþ-tree based anonymization algorithm. The authors illustrate by experiments that anonymized data using biased Rþ-tree based on the given query workload is more accurate for those queries than for an unbiased algorithm. Ghinita et al. have proposed algorithms based on space filling curves for k-anonymity and l-diversity [10]. They also introduce the problem of accuracy-constrained anonymization for a given bound of acceptable information loss for each equivalence class [8]. Similarly, Xiao et al. [9] propose to add noise to queries according to the size of the queries in a given workload to satisfy differential privacy. Bounds for query imprecision have not been considered. The existing literature on workload-aware anonymization has a focus to minimize the overall imprecision for a given set of queries. Anonymization with imprecision constraints for individual queries has not been studied before. We follow the imprecision definition of LeFevre et al.and introduce the constraint of imprecision bound for each query in a given query workload.
Show more

7 Read more

Privacy Access for MongoDB

Privacy Access for MongoDB

Map Reduce operations are defined reducing the data size. The execution time is less on the number of documents that are effectively processed. The security level for data in each user when varying the policy rule. The considered selectivity range of rule takes into account policy with method of filtering effect [16]. The general approach to the rule of privacy-aware access control into NoSQL data stores a very important goal. Users are only allowed to execute for access purposes for which they have a proper authorization. Purpose authorizations are granted to users as well as to roles. The data storage and network transfer format for documents, simple and fast. Recommendation of index type for proposed indexes. Using frequent item set as a method to build a certain order of combined indexes out of fields of each frequent query. Use of query optimizer to select the final recommended indexes. Our approach to create virtual indexes which removes any modification in the database. Applying the approach to a document-based NoSQL database. A typical setting involves two users: one that gets information from the other that is either to share (only) the requested information. Consequently, there is a tension between information sharing and privacy. On the one hand, sensitive data needs to be kept confidential; on the other hand, data owners may be willing, or forced, to share information. Integrity and authentication is necessary while it is clear that safety-critical applications require authentication, it is still wise to use it even for the rest of applications. However, authentication alone does solve the problem
Show more

6 Read more

Privacy Issues in Access Control of Web Services: An Appraisal

Privacy Issues in Access Control of Web Services: An Appraisal

[12] Papagiannakopoulou, Eugenia I., Maria N. Koukovini, Georgios V. Lioudakis, Joaquin Garcia-Alfaro, Dimitra I. Kaklamani, Iakovos S. Venieris, FrédéricCuppens, and Nora Cuppens-Boulahia, ‘A privacy-aware access control model for distributed network monitoring’, Computers & Electrical Engineering 39, no. 7 (2013): pp. 2263-2281. [13] Sapuppo, A., ‘Privacy Analysis in Mobile

6 Read more

An Accountable Access Control with Enhanced Privacy in Wireless Sensor Networks

An Accountable Access Control with Enhanced Privacy in Wireless Sensor Networks

Abstract---- Security and privacy are the major concern in today’s world, among any users and owners of different entities. In general, anyone would be aware of his/her own data privacy from other users, including the owners and the one who misbehaves has to be identified. Wireless Sensor Networks pays a great responsibility in monitoring and controlling of environments. However many remote authentication protocols have been proposed, each leads to a challenging factor of security and scalability. By enforcing a novel based approach which ensures strict access control using APAC protocol, which meets the above challenges. This protocol also ensures that it doesn’t rely on third party, so feasibility can be achieved on sensor platforms. Performance evaluation demonstrates that the proposed protocol outperforms all the other existing schemes in terms of computational cost.
Show more

7 Read more

Trust-based model for privacy control in context aware systems

Trust-based model for privacy control in context aware systems

Strathprints is designed to allow users to access the research output of the University of Strathclyde. Copyright © and Moral Rights for the papers on this site are retained by the individual authors and/or other copyright owners. Users may download and/or print one copy of any article(s) in Strathprints to facilitate their private study or for non-commercial research. You may not engage in further distribution of the material or use it for any profitmaking activities or any commercial gain. You may freely distribute the url (http://eprints.cdlr.strath.ac.uk) of the Strathprints website.
Show more

6 Read more

A framework for privacy-enhanced access control analysis in requirements engineering

A framework for privacy-enhanced access control analysis in requirements engineering

In RACAF, we apply goal/scenario-based requirements analysis techniques to analyze tasks to derive purposes, permissions and obligations, contexts and obligations. Goals are the objectives of a task, a business process or a system. The nature of a goal makes it an intuitive way to elicit and model purpose, an important element in a privacy-aware system. Scenarios present possible ways for actors to interact with a system to perform some task or accomplish some desired function [34]. Scenarios are concrete, narrative, and procedural. They describe real situations using examples and illustrations. A scenario is usually associated with a sequence of events, which include actors and actions, pre- conditions and post-conditions, obstacles, requirements, goals, etc. [1]. We model actors as the subjects, actions as the permissions, pre-conditions as contexts and constraints, and post- conditions as obligations of an access control policy. This mapping is shown in Table 2.
Show more

9 Read more

Access Control Mechanism for Authorized Query Predicates on Sensitive data

Access Control Mechanism for Authorized Query Predicates on Sensitive data

constraints for individual prohibition in a workload has not been known before. The methods proposed in this paper for efficient access control mechanism are also related in the background of workload-aware anonymization. The anonymization for related data publishing has been studied in other papers [3]. In this paper the aim is on a fixed relational table that is anonymized one time only. To show our approach, role-based access control is considered. However, the concept of accuracy constraints for prohibition can be addressed to any security rules, e.g., discretionary access control. The impact of this paper is as follows. First, we develope the guaranteed and privacy restrictions as the difficulties of k- anonymous Partitioning with Imprecision Bounds (k-PIB) and give hardness outcome. Second, we provide introduction the theme of efficient access control mechanism for relational database.
Show more

6 Read more

Privacy enforcement with an extended role-based access control model

Privacy enforcement with an extended role-based access control model

Privacy enforcement has been one of the most important challenges in IT area. Current privacy practices within companies and organizations, e.g. enabling a P3P compliant policy, incorporating a privacy seal program, etc., cannot truly protect consumer privacy. Privacy protection can only be achieved by enforcing privacy policies within an organization’s online and offline data processing systems. Traditional security models are more or less inappropriate for enforcing basic privacy requirements, such as purpose binding. This paper proposes an extended role-based access control (RBAC) model, called Privacy-Aware Role-Based Access Control (PARBAC) model, for enforcing privacy policies within an organization. The PARBAC model combines RBAC, Domain-Type Enforcement, and privacy protection by modeling business purposes and data policies. Consented consumer privacy preferences are recorded as data policies, which govern how to use actual consumer data. One of the key elements in a privacy policy is purpose. The actual purpose of a business operation to consumer data must be consistent with the purpose consented by the consumer. This is the so-called purpose binding privacy requirement. This paper focuses on enforcing this requirement. Privacy enforcement mechanism with the PARBAC model is then discussed and a privacy scenario is illustrated to describe its application.
Show more

23 Read more

Privacy-Aware Risk-Based Access Control Systems

Privacy-Aware Risk-Based Access Control Systems

Risk-based privacy preserving access control To the best of our knowledge, risk-based ap- proaches to privacy-preserving access control have been barely explored in the literature. In [156, 157] Ulltveit-Moe et al. propose to assess the likelihood of privacy violations in intrusion detection systems (IDS) based on information entropy in network information flow. Then, they use this measure to di↵erentiate between rules (IDS rules) with a high likelihood of privacy violation and rules with low ones. They also propose to modify rules with high privacy violation likelihoods or restrict access to sensitive data (on strict need-to-know approach) and use anonymization to implement these restrictions. When this information is accessed by security agents ( human agents) to monitor the IDS alerts. This approach proposes to set two profiles of users according to the expertise level: the first profile allows monitoring tasks using anonymized data the second consists of security experts, with clearance to perform necessary privacy-sensitive operations to investigate attacks. However Ulltveit-Moe et al. do not elaborate how this access control is imple- mented, or how it behaves according to the likelihood of violation. The entropy-based pri- vacy leakage metric they propose is very interesting, however, the violation likelihood/risk needs to be computed o↵-line for each rule (prior to the access control) based on already existing information in the IDS alarm database which might lead to assessment mistakes depending on the database. Moreover, this model clearly increases the privacy protection but it might be difficult to apply in realistic cases in the context of cybersecurity because the risk mitigation relies on anonymizing the entire (source) dataset beforehand, resulting in either low privacy or low utility.
Show more

192 Read more

Privacy Aware using Temporal Role Based Access Control Model

Privacy Aware using Temporal Role Based Access Control Model

Nowadays the privacy plays the vital role in deciding the security over the informations in the system. Privacy policies are acting as the access control rules to protect the system from the unauthorized access. The security provided by the traditional access control models is not adequate for the upcoming requirements of the latest technology. After that the role based access control models have been introduced. This also does not satisfy the privacy requirements. So there is a strong need to have an efficient system that should define the strict privacy policies in a way that should not be breakable by any one.
Show more

8 Read more

Scalable access control for privacy-aware media sharing

Scalable access control for privacy-aware media sharing

The prevalence of social networks has created it easier than ever for users to share their photos, videos and different media content with anybody from anyplace. However, the straight forward access of user -generated media content additionally brings concerning privacy considerations. Traditional access management mechanisms, wherever one access policy is created for a selected piece of content, cannot satisfy the user privacy needs in large-scale media sharing systems.. On one hand, it conforms to the principle of social networks in info propagation. On the opposite hand, it accords with the varied and sophisticated social relationship among social network users. In this paper, we have a tendency to propose a ascendible media access management (SMAC) system to alter such a configuration in a very secure and economical manner. The projected SMAC system is scepter by the ascendible ciphertext policy attribute -based secret writing (SCP- ABE) algorithmic rule still as a comprehensive key management t heme. We provide formal security proof to prove the protection of the projected SMAC system Additionally, we have a tendency to conduct intensive experiments on mobile devices to demonstrate its potency [1 , 2].
Show more

8 Read more

Title: Survey on Decentralized Access Control with Anonymous Authentication of Data Stored in Cloud

Title: Survey on Decentralized Access Control with Anonymous Authentication of Data Stored in Cloud

S. Ruj, A. Nayak, and I. Stojmenovic,(2011), says about “Privacy Preserving Access Control with Authentication for Securing Data in Clouds” Current methodologies to impose fine-grained access control on confidential data hosted in the cloud remain based on fine-grained encryption of the data. Under such approaches, data owners are in charge of encrypting the data earlier uploading them on the cloud and re-encrypting the data whenever user credentials change. Data owners can be emphasizethe high communication and computation costs. A better approach should delegate the execution offline- grained access control to the cloud, so to diminish the overhead at the data owners, while assuring data confidentiality from the cloud. We suggest an approach, based on two layers of encryption that addresses such requirement. Algorithm Attribute based access control (ABAC),
Show more

7 Read more

Access control using k-anonymity on Sensitive Information by query evaluation unauthorized users outsourced database (ACM) Role-predicated access control (PPM)

Access control using k-anonymity on Sensitive Information by query evaluation unauthorized users outsourced database (ACM) Role-predicated access control (PPM)

The heuristics proposed in this paper for precision-constrained privacy-preserving access control are additionally pertinent in the context of workload-cognizant anonymization. The anonymization for perpetual data publishing has been studied in literature. In this paper the focus is on a static relational table that is anonymized only once. To exemplify our approach, role- predicated access control is surmised. However, the concept of precision constraints for sanctions can be applied to any privacy- preserving security policy, e.g., discretionary access control.
Show more

5 Read more

Performance Analysis of Channel-Aware Media Access Control Schemes

Performance Analysis of Channel-Aware Media Access Control Schemes

In this thesis, the MIMO systems are examined as being a possible method of improving WLAN functioning through the use of spatial multiplexing with beamforming and space-time code (STCs) modulation, which are scheduled to increase the spectral efficiency through the application of special measures in the MAC protocol. In this thesis, the new intelligent distributed Channel aware MAC protocol (CA-MAC) is introduced, which leads to the use of MIMO antenna technology to improve the throughput. This proposed algorithm utilizes a weighted nulling technique, which is using for tuning in and tuning out of a station. The ZigZag-decoding model is used to recover the data if any collisions occur during the transmission.
Show more

127 Read more

Confidentiality Based Access Control Scheme in Cloud Based Services

Confidentiality Based Access Control Scheme in Cloud Based Services

With the rapid development of the computer technology, cloud-predicated accommodations have become a sultry topic. Cloudbased accommodations not only provide users with accommodation, but additionally bring many security issues. Ergo, the study of access control scheme to bulwark users' privacy in cloud environment is of great paramountcy. In this paper, we present an access control system with privilege disseverment predicated on privacy auspice (PS-ACS). In the PS-ACS scheme, we divide the users into personal domain (PSD) and public domain (PUD) logically. In the PSD, we set read and indite access sanctions for users respectively. The
Show more

6 Read more

QoS-aware joint access control and duty cycle control for machine-to-machine communications

QoS-aware joint access control and duty cycle control for machine-to-machine communications

Abstract—Massive energy constrained devices and various applications imposes new challenges for Machine-to-Machine (M2M) communications to enable Internet of Things (IoT). In this paper, we investigate a QoS-aware joint access control and duty cycle control problem for M2M communications to optimise the overall network performance, including energy efficiency, end- to-end delay, reliability, throughput and fairness. We first model a practical hybrid M2M communication network and define a cost function as the overall network performance indicator. Then, an optimisation problem is formulated for minimisation of long- term aggregated network cost. Further more, we overcome the non-convexity of the cost function and mathematically derive the optimal access control. Finally, we propose a distributed access control followed by a reinforcement learning (RL) based duty cycle control which adapts to various network dynamics without priori network information. Simulation results show that, the proposed joint access control and duty cycle control minimise the network long-term aggregated cost, while achieving fairness among cluster heads with QoS differentiation.
Show more

6 Read more

Network Load Aware Adaptive Channel Access Control for WLAN

Network Load Aware Adaptive Channel Access Control for WLAN

Due to the characteristics of the high bandwidth, low cost and easy deployment, WLAN has surrounded us every- where. WLAN has two kinds of modes, one with AP and the other without AP. The former mode is adopted in the most practical deployments. Hence, we consider the mode with AP (also called infrastructure mode). Traditional IEEE 802.11 protocol offers us two access policies, namely, DCF (distributed coordination function) and PCF (point coordination function) [1]. DCF is a policy based on competition and PCF is based on polling. Both DCF and PCF cannot provide QoS guarantees. To accommodate QoS, IEEE 802.11e is proposed including EDCA (en- hanced distributed channel access) mode and HCCA (HCF controlled channel access) mode [2]. Most network de- vices are based on EDCA due to its easy realization and good expansibility.
Show more

6 Read more

Privacy preserving access control mechanism with accuracy for relational data

Privacy preserving access control mechanism with accuracy for relational data

IJEDR1601113 International Journal of Engineering Development and Research (www.ijedr.org) 659 other data. Sensitive attributes contain sensitive value such diseases, policy detail, and salary etc. A data recipient may have access to some background knowledge which represents any publicly available information about released data, e.g., Census datasets. By m-privacy techniques, the information of the employee can be protected such as a sensitive attribute (SA) e.g. disease of patient, identifier (ID) e.g. name and quasi identifier (QI) i.e. age or zip code etc. But these methods have some limitation such as membership disclosure and data loss.
Show more

5 Read more

Patient privacy protection using anonymous access control techniques

Patient privacy protection using anonymous access control techniques

Electronic or mobile healthcare networks are established by connecting information systems used by general practitioners, hospitals and national/private medical centres. This approach is an attractive sol- ution for the already overstretched and under-budgeted health sector since it re- duces the current paper-based work, de- creases waiting time, eliminates prior ap- pointment requirements, enhances health- care services with efficient, faster and more reliable methods, eliminates errors that can happen in the paper records and speeds up administrative procedures [1]. However, the development of such a working model in live medical environment will be subjected to an increase in the amount of sensitive medical information being transferred be- tween different parties, with the data trans- port taking place over the Internet or the mo- bile network. The key problem with this is the security and privacy of communication, especially preserving the patient privacy by preserving the integrity of the information about the health condition and medications. Our previous paper [2] proposed the neces- sary security framework to prevent eaves- dropping, spoofing and modifications to the healthcare information over the network. This paper proposes an approach to solve the problem of patient privacy using a novel anonymous access control technique.
Show more

7 Read more

Show all 10000 documents...