Sciweavers

IEEEIAS
2007
IEEE

A Purpose-Based Access Control Model

14 years 5 months ago
A Purpose-Based Access Control Model
: Achieving privacy preservation in a data-sharing computing environment is becoming a challenging problem. Some organisations may have published privacy policies, which promise privacy protection practices on data collection, use and disclosure, but these practices may not be implemented. To maintain consistency between the privacy policy and the practices, privacy protection requirements in privacy policy should be formally specified. In specifying privacy policy, we use purpose as the basis of access control. In this paper, we extend our previous work to specify purpose management. Purpose can be divided into two categories: intended purpose and access purpose. Privacy policy is to ensure that data can only be used for its intended purpose, and the access purpose should be compliant with the data’s intended purpose. We specify entities in the purpose-based access control model. Using the technique of VDM, we then specify the invariants corresponding to the privacy requirements in...
Naikuo Yang, Howard Barringer, Ning Zhang
Added 03 Jun 2010
Updated 03 Jun 2010
Type Conference
Year 2007
Where IEEEIAS
Authors Naikuo Yang, Howard Barringer, Ning Zhang
Comments (0)