Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(478.08KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
Purpose Engineering for Contextual Role-Based Access Control (C-RBAC)
Muhammad Nabeel Tahir
Pages - 41 - 50     |    Revised - 03-07-2008     |    Published - 16-09-2008
Volume - 2   Issue - 3    |    Publication Date - June 2008  Table of Contents
MORE INFORMATION
KEYWORDS
Purpose Engineering, Intentions, C-RBAC, Purpose Hierarchy.
ABSTRACT
Distributed and ubiquitous computing environments have brought enormous efficiency to the collection, manipulation and distribution of information and services. Although this efficiency has revolutionized countless organizations but it has also increased the threats to individual’s privacy because the information stored within the collection of heterogeneous distributed components is sensitive and requires some form of access control. The way to protect privacy in this age of information technology requires such access control system that can accommodate organization requirements to protect privacy of individuals with ease in management and administration of resources. Among those requirements, purpose inference is one of the major problems as the total access control decision mainly relies on the user intentions/purposed. This work in this paper is an attempt to provide purpose engineering semantics that we use for the proposed contextual role-based access control model (C-RBAC) in order to comply with HIPAA.
CITED BY (0)  
1 Google Scholar
2 Academic Journals Database
3 ScientificCommons
4 Academic Index
5 CiteSeerX
6 refSeek
7 iSEEK
8 Socol@r
9 ResearchGATE
10 Libsearch
11 Bielefeld Academic Search Engine (BASE)
12 Scribd
13 SlideShare
14 PdfSR
15 PDFCAST
1 Rindfleisch, T. (1997). Privacy, information technology, and health care. Communications of the ACM, 40(8), 93–100.
2 Archives & Records Management Handbook. (2003). Retrieved January 2, 2008, from http://osulibrary.oregonstate.edu/archives/handbook/definitions/
3 Reid, J., Cheong, I., Henricksen, M. & Smith, J. (2003). A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems. Paper presented to Information Security and Privacy, 8th Australasian Conference, ACISP, Wollongong, Australia
4 Bacon, J., Lloyd, M. and Moody, K. (2001). Translating role-based access control policy within context. In Workshop on Policies for Distributed Systems and Networks, Springer-Verlag, 107–120.
5 Patrick, C., Hung, K. and Zheng, Y. (2007). Privacy Access Control Model for Aggregated e-Health Services. Proceedings of the 2007 Eleventh International IEEE EDOC Conference Workshop, Maryland U.S.A, 12-19.
6 Langheinrich, M. (2001). Privacy by Design — Principles of Privacy-Aware Ubiquitous Systems. In “Ubicomp 2001”. Retrieved January 22, 2008, from http://www.vs.inf.ethz.ch/publ/papers/privacy-principles.pdf
7 Jiang, X. and Landay, J. A. (2002). Modeling privacy control in context-aware systems. IEEE Pervasive Computing, 1(3), 59-63.
8 Bohn, J., Gartner, F. and Vogt, H. (2004). Dependability Issues of Pervasive Computing in a Healthcare Environment. Security in Pervasive Computing, First International Conference, Boppard, Germany, 53-70.
9 Beckwith, R. (2003). Designing for Ubiquity: The Perception of Privacy. IEEE Pervasive Computing, 2(2), 40–46.
10 Beresford, R. and Stajano, F. (2004). Mix zones: User privacy in location-aware services. Proceedings of the 2nd IEEE Annual Conference on Pervasive Computing and Communications Workshops (PERCOMW04), Orlando, Florida, pp. 127.
11 Definition of the purpose on the Web. Retrieved July 30, 2007, from: http://www.google.com/search?hl=en&rlz=1T4GFRC_en___MY202&defl=en&q=define:purpose&sa=X&oi=glossary_definition&ct=title
12 Byun, J. W., Bertino, E. and Li, N. (2004). Purpose Based Access Control for Privacy Protection in Relational Database Systems. Technical Report 2004-52, Purdue University, USA.
13 World Wide Web Consortium (W3C). Platform for Privacy Preferences (P3P) Retrieved October 10, 2008, from http://www.w3.org/P3P.
14 Joshi, J.B.D., Bertino, E. and Ghafoor, A. (2002). Temporal Hierarchies and Inheritance Semantics for GTRBAC. Proceedings of the seventh ACM symposium on Access control models and technologies, Monterey, California, USA, 74-83.
15 Joshi, J. B. D., Bertino, E., Latif, U. and Ghafoor, A. (2005). A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering, 17(1), 4–23.
16 Tahir, M. N. (2008). Hierarchies in Contextual Role- Based Access Control Model (C-RBAC). International Journal of Computer Science and Security (IJCSS), 2(4), 28-42.
Mr. Muhammad Nabeel Tahir
- Malaysia
m_nabeeltahir@yahoo.com