ACCESS CONTROL IN A SOCIAL NETWORKING ENVIRONMENT

Collecting users into groups is a common activity in social networking sites such as Facebook, Google groups, Yahoo groups and many other web applications. This project explores access control techniques for dynamically created groups. The starting point was Yioop [1], a PHP-based search engine. The ability to create social groups was added to Yioop. The Grouping feature is enhanced by adding additional features like: blogs and pages for each individual user and as well as for groups of users. Access control is provided to every group and each user within a group based on the ownership of the group or blog. Adding these features along with the access control techniques allows users to use Yioop as a searchable social networking website. Techniques for automatically adding the access levels to groups and blogs have been explored. Activities like changing the group privacy options and transferring the administrative privileges to users within a group were implemented. Experiments were conducted to compare the access control methods of the existing social networking sites with the access control methods in Yioop and based on the comparisons it can be said that Yioop now includes the basic access control methods that a user likes to have

Extended RBAC with role attributes

Though RBAC has been researched for many years as a current dominant access control technology, there are few researches to be done to address the further extension of the role which is the fundamental entity of RBAC. This paper tries to extend the role to a further level, the role attributes. Through the attributes, the function and operation on the role can be enhanced and extended. Through the attributes, ANSI RBAC is significantly extended. In the inheritance of hierarchical role, the privacy of its parental role can be kept by using HA (Hidden Attribute)

Towards privacy-aware identity management

The overall goal of the PRIME project (Privacy and Identity Management for Europe) is the development of a privacy-enhanced identity management system that allows users to control the release of their personal information. The PRIME architecture includes an Access Control component allowing the enforcement of protection requirements on personal identifiable information (PII). The overall goal of the PRIME project (Privacy and Identity Management for Europe) is the development of a privacy-enhanced identity management system that allows users to control the release of their personal information. The PRIME architecture includes an Access Control component allowing the enforcement of protection requirements on personal identifiable information (PII)

Privacy and Identity Management in a Layered Pervasive Service Platform

Making pervasive computing reality is a challenging task mainly due to the multitude of functional requirements and technological constraints. In parallel to the honourable research progress in specific technologies, the Daidalos project assessed that in future there will be the need for a pervasive service platform with open interfaces in order to simplify service development and provisioning. The success of such a platform depends on the balance of different aspects, e.g. operational costs with revenue potentials, collection of personal data for context-awareness with privacy protection, manual control and transparency with enhanced user experience and simplicity. In this paper we show the Daidalos approach to privacy protection and identity management for a future pervasive service platform and its architecture. We show how user identities are structured to support dynamic context information while following regulations for privacy protection in Europe. Special focus is put on the trade-off between access control for privacy protection and user experience. This is achieved by automated identity selection, automatic derivation of fine-grained access control policies and their deployment. We also present gathered performance data and implementation details of our ID Broker concept

Database Security System for Applying Sophisticated Access Control via Database Firewall Server

Database security, privacy, access control, database firewall, data break masking Recently, information leakage incidents have occurred due to database security vulnerabilities. The administrators in the traditional database access control methods grant simple permissions to users for accessing database objects. Even though they tried to apply more strict permissions in recent database systems, it was difficult to properly adopt sophisticated access control policies to commercial databases due to performance degradations. This paper proposes a database security system including a database firewall server as an enhanced database access control system which can efficiently enforce sophisticated security policies to provide database with confidentiality using a data masking technique for diverse conditions such as the date, time, SQL string, and table columns to database systems

Privacy-aware relationship semantics–based XACML access control model for electronic health records in hybrid cloud

State-of-the-art progress in cloud computing encouraged the healthcare organizations to outsource the management of electronic health records to cloud service providers using hybrid cloud. A hybrid cloud is an infrastructure consisting of a private cloud (managed by the organization) and a public cloud (managed by the cloud service provider). The use of hybrid cloud enables electronic health records to be exchanged between medical institutions and supports multipurpose usage of electronic health records. Along with the benefits, cloud-based electronic health records also raise the problems of security and privacy specifically in terms of electronic health records access. A comprehensive and exploratory analysis of privacy-preserving solutions revealed that most current systems do not support fine-grained access control or consider additional factors such as privacy preservation and relationship semantics. In this article, we investigated the need of a privacy-aware fine-grained access control model for the hybrid cloud. We propose a privacy-aware relationship semantics–based XACML access control model that performs hybrid relationship and attribute-based access control using extensible access control markup language. The proposed approach supports fine-grained relation-based access control with state-of-the-art privacy mechanism named Anatomy for enhanced multipurpose electronic health records usage. The proposed (privacy-aware relationship semantics–based XACML access control model) model provides and maintains an efficient privacy versus utility trade-off. We formally verify the proposed model (privacy-aware relationship semantics–based XACML access control model) and implemented to check its effectiveness in terms of privacy-aware electronic health records access and multipurpose utilization. Experimental results show that in the proposed (privacy-aware relationship semantics–based XACML access control model) model, access policies based on relationships and electronic health records anonymization can perform well in terms of access policy response time and space storage

Access and privacy control enforcement in RFID middleware systems: Proposal and implementation on the Fosstrak platform

International audienceRadio Frequency IDentification (RFID) technology offers a new way of automating the identification and storing of information in RFID tags. The emerging opportunities for the use of RFID technology in human centric applications like monitoring and indoor guidance systems indicate how important this topic is in term of privacy. Holding privacy issues from the early stages of RFID data collection helps to master the data view before translating it into business events and storing it in databases. An RFID middleware is the entity that sits between tag readers and database applications. It is in charge of collecting, filtering and aggregating the requested events from heterogeneous RFID environments. Thus, the system, at this point, is likely to suffer from parameter manipulation and eavesdropping, raising privacy concerns. In this paper, we propose an access and privacy controller module that adds a security level to the RFID middleware standardized by the EPCglobal consortium. We provide a privacy policy-driven model using some enhanced contextual concepts of the extended Role Based Access Control model, namely the purpose, the accuracy and the consent principles. We also use the provisional context to model security rules whose activation depends on the history of previously performed actions. To show the feasibility of our privacy enforcement model, we first provide a proof-of-concept prototype integrated into the middleware of the Fosstrak platform, then evaluate the performance of the integrated module in terms of execution time

Membuat Distro Linux Untuk Security

With the movement of operating system, linux has been stable one and used by many IT communities, meanwhile bug are also growing fast and must be considered as a serious threat for data privacy. Thus we need to provide more security at computer system level which resulting in the kernel security. Grsecurity is one of kernel security projects which offers configuration-free operation, protection against all kinds of address space bugs, access control list system and can be operated on multiple processor architectures and operating systems. In this research I will build a distro linux which provide enhanced computer system security. This Final Project resulting a linux distro for kernel security which can be operated through live cd , it has access control system mechanism and address space modification protection. Kata kunci � Grsecurity , Bug kernel, RBA

Réutilisation de résultats d'analyse de risques en vie privée par raffinements

International audienceThe objective of this paper is to improve the cost effectiveness of privacy impact assessments through (1) a more systematic approach , (2) a better integration with privacy by design and (3) enhanced reusability. We present a three-tier process including a generic privacy risk analysis depending on the specifications of the system and two refinements based on the architecture and the deployment context respectively. We illustrate our approach with the design of a biometric access control system

Extended RBAC with Role Attributes

Though RBAC has been researched for many years as a current dominant access control technology, there are few researches to be done to address the further extension of the role which is the fundamental entity of RBAC. This paper tries to extend the role to a further level, the role attributes. Through the attributes, the function and operation on the role can be enhanced and extended. Through the attributes, ANSI RBAC is significantly extended. In the inheritance of hierarchical role, the privacy of its parental role can be kept by using HA (Hidden Attribute)