This Article 
 Bibliographic References 
 Add to: 
Access Control with Privacy Enhancements a Unified Approach
Sept.-Oct. 2012 (vol. 9 no. 5)
pp. 670-683
Steve Barker, King's College London, London
Valerio Genovese, University of Luxembourg, Luxembourg and University of Torino, Torino
We describe an approach that aims to unify certain aspects of access control and privacy. Our unified approach is based on the idea of axiomatizing access control in general terms. We show how multiple access control and privacy models and policies can be uniformly represented as particular logical theories in our axiom system. We show that our approach translates into different practical languages for implementation and we give some performance measures for some candidate implementations of our approach.

[1] ANSI, "RBAC," iNCITS 359-2004, 2004.
[2] M. Backes, M. Dürmuth, and G. Karjoth, "Unification in Privacy Policy Evaluation—Translating EPAL into Prolog," Proc. IEEE Int'l Workshop Policies for Distributed Systems and Networks (POLICY), pp. 185-188, 2004.
[3] C. Baral, Knowledge Representation, Reasoning and Declarative Problem Solving. Cambridge Univ. Press, 2003.
[4] C. Baral and M. Gelfond, "Logic Programming and Knowledge Representation," J. Logic Programming, vols. 19/20, pp. 73-148, 1994.
[5] S. Barker, "The Next 700 Access Control Models or a Unifying Meta-Model?," Proc. ACM Symp. Access Control Models and Technologies (SACMAT), pp. 187-196, 2009.
[6] S. Barker, "Personalizing Access Control by Generalizing Access Control," Proc. ACM Symp. Access Control Models and Technologies (SACMAT), pp. 149-158, 2010.
[7] S. Barker, M.J. Sergot, and D. Wijesekera, "Status-Based Access Control," ACM Trans. Information and System Security, vol. 12, no. 1, article 1, 2008.
[8] S. Barker and P. Stuckey, "Flexible Access Control Policy Specification with Constraint Logic Programming," ACM Trans. Information and System Security, vol. 6, no. 4, pp. 501-546, 2003.
[9] M.Y. Becker, C. Fournet, and A.D. Gordon, "SecPAL: Design and Semantics of a Decentralized Authorization Language," J. Computer Security, vol. 18, no. 4, pp. 619-665, 2010.
[10] D.E. Bell and L.J. LaPadula, Secure Computer System: Unified Exposition and Multics Interpretation, Technical Report MTR-2997. MITRE Corp., 1976.
[11] K. Biba, "Integrity Considerations for Secure Computer Systems," Technical Report MTR-3153, MITRE Corp., 1977.
[12] B. Carminati, E. Ferrari, R. Heatherly, M. Kantarcioglu, and B.M. Thuraisingham, "Semantic Web-Based Social Network Access Control," Computers & Security, vol. 30, nos. 2/3, pp. 108-115, 2011.
[13] B. Carminati, E. Ferrari, and A. Perego, "Enforcing Access Control in Web-Based Social Networks," ACM Trans. Information and System Security, vol. 13, no. 1,article 6, 2009.
[14] J. Clifford, C. Dyreson, T. Isakowitz, C. Jensen, and R. Snodgrass, "On the Semantics of 'Now' in Databases," ACM Trans. Database Systems, vol. 22, no. 2, pp. 171-214, 1997.
[15] L.F. Cranor, "P3P: Making Privacy Policies More Useful," IEEE Security & Privacy, vol. 1, no. 6, pp. 50-55, Nov./Dec. 2003.
[16] C. Date, An Introduction to Database Systems. Addison-Wesley, 2003.
[17] T. Dell'Armi, W. Faber, G. Ielpa, N. Leone, and G. Pfeifer, "Aggregate Functions in Disjunctive Logic Programming: Semantics, Complexity, and Implementation in DLV," Proc. 18th Int'l Joint Conf. Artificial Intelligence (IJCAI), pp. 847-852, 2003.
[18] J. DeTreville, "Binder, A Logic-Based Security Language," Proc. IEEE Symp. Security and Privacy, pp. 105-113, 2002.
[19] M. Gelfond and V. Lifschitz, "Classical Negation in Logic Programs and Disjunctive Databases," New Generation Computing, vol. 9, pp. 365-385, 1991.
[20] S. Jajodia, P. Samarati, M. Sapino, and V. Subrahmaninan, "Flexible Support for Multiple Access Control Policies," ACM Trans. Database Systems, vol. 26, no. 2, pp. 214-260, 2001.
[21] T. Jim, "SD3: A Trust Management System with Certified Evaluation," Proc. IEEE Symp. Security and Privacy, pp. 106-115, 2001.
[22] K. LeFevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu, and D.J. DeWitt, "Limiting Disclosure in Hippocratic Databases," Proc. Int'l Conf. Very Large Data Bases, pp. 108-119, 2004.
[23] N. Leone and W. Faber, "The Dlv Project: A Tour from Theory and Research to Applications and Market," Proc. Int'l Conf. Logic Programming (ICLP), pp. 53-68, 2008.
[24] N. Li, J.C. Mitchell, and W.H. Winsborough, "Design of a Role-Based Trust-Management Framework," Proc. IEEE Symp. Security and Privacy, pp. 114-130, 2002.
[25] J. Lloyd, Foundations of Logic Programming. Springer-Verlag, 1987.
[26] V.W. Marek and J.B. Remmel, "Guarded Resolution for Answer Set Programming," Theory and Practice of Logic Programming, vol. 11, no. 1, pp. 111-123, 2011.
[27] Q. Ni, A. Trombetta, E. Bertino, and J. Lobo, "Privacy-Aware Role Based Access Control," Proc. 12th ACM Symp. Access Control Models and Technologies (SACMAT), pp. 41-50, 2007.
[28] B. Russell, The Principles of Mathematics. Cambridge Univ. Press, 1903.
[29] R. Sandhu, E. Coyne, H. Feinstein, and C. Youman, "Role-Based Access Control Models," Computer, vol. 29, no. 2, pp. 38-47, Feb. 1996.
[30] P. Suppes, Representation and Invariance of Scientific Structures. CSLI, 2001.
[31] S. Wang and Y. Zhang, "Handling Distributed Authorization with Delegation through Answer Set Programming," Int'l J. Information Security, vol. 6, no. 1, pp. 27-46, 2007.

Index Terms:
Privacy,Semantics,Aggregates,Authorization,Computational modeling,metamodeling.,Security,access control,privacy
Steve Barker, Valerio Genovese, "Access Control with Privacy Enhancements a Unified Approach," IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 5, pp. 670-683, Sept.-Oct. 2012, doi:10.1109/TDSC.2012.22
Usage of this product signifies your acceptance of the Terms of Use.