This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Privacy-Aware Role-Based Access Control
July/August 2009 (vol. 7 no. 4)
pp. 35-43
Qun Ni, Purdue University
Elisa Bertino, Purdue University
Jorge Lobo, IBM T.J. Watson Research Center
Seraphin B. Calo, IBM T.J. Watson Research Center
A privacy-aware role-based access control model extends RBAC to express highly complex privacy-related policies, including consideration of such features as conditions and obligations. Because it's based on the RBAC model, the full-fledged P-RBAC solution is easy to deploy in systems already adopting RBAC, thus allowing seamless integration of access control and privacy policies.

1. D.F. Ferraiolo et al., "Proposed NIST Standard for Role-Based Access Control," ACM Trans. Information Systems Security, vol. 4, no. 3, 2001, pp. 224–274.
2. R.S. Sandhu et al., "Role-Based Access Control -Models," Computer, vol. 29, no. 2, 1996, pp. 38–47.
3. C.S. Powers, "Privacy Promises, Access Control, and Privacy Management," Proc. 3rd Int'l Symp. Electronic Commerce (ISEC), IEEE CS Press, 2002, p. 13.
4. A.H. Anderson, "A Comparison of Two Privacy Policy Languages: EPAL and XACML," Proc. 3rd ACM Workshop Secure Web Services (SWS), ACM Press, 2006, pp. 53–60.
5. Q. Ni et al., "Conditional Privacy-Aware Role-Based Access Control," Proc. 12th European Symp. Research In Computer Security (ESORICS 07), Springer, LNCS 4734, 2007, pp. 72–89.
6. Q. Ni et al., "Privacy-Aware Role-Based Access Control," Proc. ACM Symp. Access Control Models and Technologies (SACMAT), ACM Press, 2007, pp. 41–50.
7. Q. Ni, E. Bertino, and J. Lobo, "An Obligation Model Bridging Access Control Policies and Privacy Policies," Proc. ACM Symp. Access Control Models and Technologies (SACMAT), ACM Press, 2008, pp. 133–142.

Index Terms:
privacy, role-based access control, model, obligation, policy
Citation:
Qun Ni, Elisa Bertino, Jorge Lobo, Seraphin B. Calo, "Privacy-Aware Role-Based Access Control," IEEE Security & Privacy, vol. 7, no. 4, pp. 35-43, July-Aug. 2009, doi:10.1109/MSP.2009.102
Usage of this product signifies your acceptance of the Terms of Use.