Research Article
A Purpose-Based Access Control Model
@INPROCEEDINGS{10.1109/IAS.2007.29, author={ Naikuo Yang and Howard Barringer and Ning Zhang}, title={A Purpose-Based Access Control Model}, proceedings={3rd International ICST Symposium on Information Assurance and Security}, publisher={IEEE}, proceedings_a={IAS}, year={2007}, month={9}, keywords={Access control Authorization Computer science Computer security Data privacy Data security Information security Information systems Information technology Protection}, doi={10.1109/IAS.2007.29} }- Naikuo Yang
Howard Barringer
Ning Zhang
Year: 2007
A Purpose-Based Access Control Model
IAS
IEEE
DOI: 10.1109/IAS.2007.29
Abstract
Achieving privacy preservation in a data-sharing computing environment is a challenging problem. The requirements for a privacy preserving data access policy should be formally specified in order to be able to establish consistency between the privacy policy and its purported implementation in practice. Previous work has shown that when specifying a privacy policy, the notion of purpose should be used as the basis for access control. A privacy policy should ensure that data can only be used for its intended purpose, and the access purpose should be compliant with the data's intended purpose. This paper presents a mechanism to specify privacy policy using VDM. The entities in the purpose-based access control model are specified, the invariants corresponding to the privacy requirements in privacy policy are specified, and the operations in the model and their proof obligations are defined and investigated.