Building access control policy model for Privacy Preserving and Testing Policy Conflicting Problems

This paper proposes a purpose-based access control model in distributed computing environment for privacy preserving policies and mechanisms, and describes algorithms for policy conflicting problems. The mechanism enforces access policy to data containing personally identifiable information. The key component is purpose involved access control models for expressing highly complex privacy-related policies with various features. A policy refers to an access right that a subject can have on an object, based on attribute predicates, obligation actions, and system conditions. Policy conflicting problems may arise when new access policies are generated that are possible to be conflicted to existing policies. As a result of the policy conflicts, private information cannot be well protected. The structure of purpose involved access control policy is studied, and efficient conflict-checking algorithms are developed and implemented. Finally a discussion of our work in comparison with other related work such as EPAL is presented

Controle de acesso em bancos de dados geograficos

Orientador : Claudia Maria Bauzer MedeirosDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: O problema de controle de acesso em bancos de dados consiste em determinar quando (e se) usuários ou aplicações podem acessar os dados armazenados, e que tipo de acesso é permitido. A maioria das soluções existentes está voltada a dados relacionais para aplicações comerciais. O objetivo desta dissertação é estudar este problema para bancos de dados geográficos, onde as restrições impostas ao acesso são acrescidas de fatores inerentes à localização no espaço. As principais contribuições desta pesquisa são: (a) levantamento de requisitos para controle de acesso em bancos de dados geográficos; (b) definição de um modelo de autorização baseado em caracterização espacial; (c) discussão detalhada dos aspectos de implementação deste modelo; (d) proposta de adaptação e aplicação do mecanismo para uma aplicação real na área de gerenciamento de aplicações de telefonia, o Sistema SAGREAbstractMestradoMestre em Ciência da Computaçã

Content sensitivity based access control model for big data

Big data technologies have seen tremendous growth in recent years. They are being widely used in both industry and academia. In spite of such exponential growth, these technologies lack adequate measures to protect the data from misuse or abuse. Corporations that collect data from multiple sources are at risk of liabilities due to exposure of sensitive information. In the current implementation of Hadoop, only file level access control is feasible. Providing users, the ability to access data based on attributes in a dataset or based on their role is complicated due to the sheer volume and multiple formats (structured, unstructured and semi-structured) of data. In this dissertation an access control framework, which enforces access control policies dynamically based on the sensitivity of the data is proposed. This framework enforces access control policies by harnessing the data context, usage patterns and information sensitivity. Information sensitivity changes over time with the addition and removal of datasets, which can lead to modifications in the access control decisions and the proposed framework accommodates these changes. The proposed framework is automated to a large extent and requires minimal user intervention. The experimental results show that the proposed framework is capable of enforcing access control policies on non-multimedia datasets with minimal overhea