|
| Purpose Engineering for Contextual Role-Based Access Control (C-RBAC)
|
|
Full
text: |
 PDF(478.1KB) |
|
|
Source |
International Journal of Engineering (IJE) |
|
Table of Contents |
|
|
Download
Complete Issue PDF(2.51MB) |
|
Volume: 2 Issue: 3 |
| |
Pages: 1-50 |
|
Publication
Date: June 2008 |
|
ISSN
(Online): 1985-2312 |
|
|
|
|
|
Pages |
41 - 50 |
|
Author(s) |
|
|
|
Published
Date |
16-09-2008 |
|
Publisher |
CSC
Journals, Kuala Lumpur,
Malaysia |
|
ADDITIONAL
INFORMATION |
| Keywords Abstract References Cited by Related Articles Collaborative
Colleague |
| |
|
| |
|
|
|
| |
|
|
| This Manuscript is indexed in the following databases/websites:- |
|
| 1. Directory of Open Access Journals (DOAJ) |
| 2. CiteSeerX |
| 3. Docstoc |
| 4. Scribd |
| 5. PDFCAST |
| 6. ScientificCommons |
| 7. Academic Index |
| 8. ResearchGATE |
| 9. Bielefeld Academic Search Engine (BASE) |
| 10. Socol@r |
| 11. iSEEK |
| 12. Academic Journals Database |
| 13. Libsearch |
| 14. slideshare |
| |
|
| |
|
|
| Distributed and ubiquitous computing environments have brought enormous
efficiency to the collection, manipulation and distribution of information and
services. Although this efficiency has revolutionized countless organizations but it
has also increased the threats to individual’s privacy because the information
stored within the collection of heterogeneous distributed components is sensitive
and requires some form of access control. The way to protect privacy in this age
of information technology requires such access control system that can
accommodate organization requirements to protect privacy of individuals with
ease in management and administration of resources. Among those
requirements, purpose inference is one of the major problems as the total access
control decision mainly relies on the user intentions/purposed. This work in this
paper is an attempt to provide purpose engineering semantics that we use for the
proposed contextual role-based access control model (C-RBAC) in order to
comply with HIPAA. |
| |
|
| |
|
| |
| 1 |
Rindfleisch, T. (1997). Privacy, information technology, and health care. Communications of the ACM, 40(8), 93–100.
|
|
|
| 2 |
Archives & Records Management Handbook. (2003). Retrieved January 2, 2008, from http://osulibrary.oregonstate.edu/archives/handbook/definitions/
|
|
|
| 3 |
Reid, J., Cheong, I., Henricksen, M. & Smith, J. (2003). A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems. Paper presented to Information Security and Privacy, 8th Australasian Conference, ACISP, Wollongong, Australia
|
|
|
| 4 |
Bacon, J., Lloyd, M. and Moody, K. (2001). Translating role-based access control policy within context. In Workshop on Policies for Distributed Systems and Networks, Springer-Verlag, 107–120.
|
|
|
| 5 |
Patrick, C., Hung, K. and Zheng, Y. (2007). Privacy Access Control Model for Aggregated e-Health Services. Proceedings of the 2007 Eleventh International IEEE EDOC Conference Workshop, Maryland U.S.A, 12-19.
|
|
|
| 6 |
Langheinrich, M. (2001). Privacy by Design — Principles of Privacy-Aware Ubiquitous Systems. In “Ubicomp 2001”. Retrieved January 22, 2008, from http://www.vs.inf.ethz.ch/publ/papers/privacy-principles.pdf
|
|
|
| 7 |
Jiang, X. and Landay, J. A. (2002). Modeling privacy control in context-aware systems. IEEE Pervasive Computing, 1(3), 59-63.
|
|
|
| 8 |
Bohn, J., Gartner, F. and Vogt, H. (2004). Dependability Issues of Pervasive Computing in a Healthcare Environment. Security in Pervasive Computing, First International Conference, Boppard, Germany, 53-70.
|
|
|
| 9 |
Beckwith, R. (2003). Designing for Ubiquity: The Perception of Privacy. IEEE Pervasive Computing, 2(2), 40–46.
|
|
|
| 10 |
Beresford, R. and Stajano, F. (2004). Mix zones: User privacy in location-aware services. Proceedings of the 2nd IEEE Annual Conference on Pervasive Computing and Communications Workshops (PERCOMW04), Orlando, Florida, pp. 127.
|
|
|
| 11 |
Definition of the purpose on the Web. Retrieved July 30, 2007, from: http://www.google.com/search?hl=en&rlz=1T4GFRC_en___MY202&defl=en&q=define:purpose&sa=X&oi=glossary_definition&ct=title
|
|
|
| 12 |
Byun, J. W., Bertino, E. and Li, N. (2004). Purpose Based Access Control for Privacy Protection in Relational Database Systems. Technical Report 2004-52, Purdue University, USA.
|
|
|
| 13 |
World Wide Web Consortium (W3C). Platform for Privacy Preferences (P3P) Retrieved October 10, 2008, from http://www.w3.org/P3P.
|
|
|
| 14 |
Joshi, J.B.D., Bertino, E. and Ghafoor, A. (2002). Temporal Hierarchies and Inheritance Semantics for GTRBAC. Proceedings of the seventh ACM symposium on Access control models and technologies, Monterey, California, USA, 74-83.
|
|
|
| 15 |
Joshi, J. B. D., Bertino, E., Latif, U. and Ghafoor, A. (2005). A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering, 17(1), 4–23.
|
|
|
| 16 |
Tahir, M. N. (2008). Hierarchies in Contextual Role- Based Access Control Model (C-RBAC). International Journal of Computer Science and Security (IJCSS), 2(4), 28-42.
|
|
|
| |
|
| |
|
| |
| |
|
| |
|
| |
| 1 |
PeekYou
|
| |
|
| |
|
| |
|
| Muhammad Nabeel Tahir : Colleagues
|
|
