nach oben

Erschienen in:

01.02.2014

Privacy query rewriting algorithm instrumented by a privacy-aware access control model

verfasst von: Said Oulmakhzoune, Nora Cuppens-Boulahia, Frédéric Cuppens, Stéphane Morucci, Mahmoud Barhamgi, Djamal Benslimane

Erschienen in: Annals of Telecommunications | Ausgabe 1-2/2014

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In this paper, we present an approach to instrument a Simple Protocol And RDF Query Language query rewriting algorithm enforcing privacy preferences. The term instrument is used to mean supplying appropriate constraints. We show how to design a real and effective instrumentation process of a rewriting algorithm using an existing privacy-aware access control model like PrivOrBAC. We take into account various dimensions of privacy preferences through the concepts of consent, accuracy, purpose, and recipient. We implement and evaluate our process of privacy enforcement based on a healthcare scenario.

Vorheriger Artikel Privacy-aware electronic society

Nächster Artikel PriMa: a comprehensive approach to privacy protection in social network sites

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/

SOH: SPARQL Over HTTP

Apache jena. (2012) http://jena.apache.org/

Abou ElKalam A, El Baida R, Balbiani P, Benferhat S, Cuppens F, Deswarte Y, Miège A, Saurel C, Trouessin G (2003) Organization based access control. In: Proceedings of IEEE 8th international workshop on policies for distributed systems and networks (POLICY 2003), Lake Come, Italy

Ajam N, Cuppens-Boulahia N, Cuppens F (2010) Contextual privacy management in extended role based access control mode. Data Priv Manag Auton Spontaneous Sec 121–135

Barhamgi M, Benslimane D, Medjahed B (2010) A query rewriting approach for web service composition. IEEE Trans Serv Comput 3(3):206–222CrossRef

Bikakis N, Gioldasis N, Tsinaraki C, Christodoulakis S. (2009) Semantic based access over XML data. Visioning and engineering the knowledge society. A web science perspective. Springer Berlin Heidelberg, pp 259–267

Byun C, Park S (2006) An efficient yet secure xml access control enforcement by safe and correct query modification. In: Proceedings of the 17th international conference on database and expert systems applications. Springer, pp 276–285

Cranor L, Hogben G, Langheinrich M, Marchiori M, Presler-Marshall M, Reagle J, Schunter M (2006) The platform for privacy preference 1.1(p3p 1.1) specification. Tech. Rep. Note 13

Cuppens F, Cuppens-Boulahia N (2007), vol 7, Modelling contextual security policies

Cuppens F, Cuppens-Boulahia N, Ghorbel MB (2007) High level conflict management strategies in advanced access control models. Electron Notes Theor Comput Sci 186:3–26CrossRef

10.

Damiani E, Fansi M, Gabillon A, Marrara S (2008) A general approach to securely querying xml. Comput Stand Interact 30(6):379–389CrossRef

11.

Damiani E, De Capitani di Vimercati S, Paraboschi S, Samarati P (2002) A fine-grained access control system for xml documents. ACM Trans Inf Syst Secur (TISSEC) 5(2):169–202CrossRef

12.

Damiani E, di Vimercati SDC, Paraboschi S, Samarati P (2000) Securing XML documents. In: Advances in database technology EDBT 2000. Springer, pp 121–135

13.

European Commission: Directive 95/46 (1995) The processing of personal data and on the free movement of such data. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML. Accessed at July 2012

14.

European Commission: Directive 97/66 (1997) The processing of personal data and the protection of privacy in the telecommunications sector

15.

European Commission: Directive 02/58 (2002) Privacy and electronic communications. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:201:0037:0047:EN:PDF. Accessed at July 2012

16.

Fan W, Chan CY, Garofalakis M (2004) Secure XML querying with security views. In: Proceedings of the 2004 ACM SIGMOD international conference on management of data. ACM, pp 587–598

17.

Ferraiolo DF, Sandhu R, Gavrila S, Kuhn DR, Chandramouli R (2001) Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur (TISSEC) 4(3)

18.

Hilty M, Basin D, Pretschner A (2005) On obligations. 10th European symposium on research in computer security. 3679:98–117

19.

Huey POracle database security guide : chapter 7, using oracle virtual private database to control data access. http://download.oracle.com/docs/cd/E14072_01/network.112/e10574.pdf. Accessed January2013

20.

LeFevre K, Agrawal R, Ercegovac V, Ramakrishnan R, Xu Y, DeWitt D (2004) Limiting disclosure in hippocratic databases. In: Proceedings of the thirtieth international conference on very large data bases, vol 30. VLDB Endowment, pp 108–119

21.

Luo B, Lee D, Lee W, Liu P (2004) Qfilter: fine-grained run-time XML access control via NFA-based query rewriting. In: Proceedings of the thirteenth ACM international conference on information and knowledge management. ACM, pp 543–552

22.

Masoumzadeh A, Joshi J (2008) Purbac: purpose-aware role-based access control. On the move to meaningful internet systems: OTM. pp 1104–1121

23.

Miklau G, Suciu D (2003) Controlling access to published data using cryptography. In: Proceedings of the 29th international conference on very large data bases, vol 29. VLDB Endowment, pp 898–909

24.

Mohan S, Sengupta A, Wu Y (2005) Access control for XML: a dynamic query rewriting approach. In: Proceedings of the 14th ACM international conference on information and knowledge management. ACM, pp 251–252

25.

Murata M, Tozawa A, Kudo M, Hada S (2006) Xml access control using static analysis. ACM Trans Inf Syst Secur (TISSEC) 9(3):292–324CrossRef

26.

Ni Q, Trombetta A, Bertino E, Lobo J (2007) Privacy-aware role based access control. In: Proceedings of the 12th ACM symposium on Access control models and technologies. ACM, pp 41–50

27.

OECD (1980) Organisation for economic co-operation and development. Protection of privacy and transborder flows of personal data

28.

Oulmakhzoune S, Cuppens-Boulahia N, Cuppens F, Morucci S (2010) fQuery: SPARQL query rewriting to enforce data confidentiality. In: Proceedings of the 24th IFIP WG11.3 working conference on data and applications security and privacy. Rome, Italy

29.

Oulmakhzoune S, Cuppens-Boulahia N, Cuppens F, Morucci S (2010) Rewriting of sparql/update queries for securing data access. International Conference on Information and Communications Security, pp 4–15

30.

Oulmakhzoune S, Cuppens-Boulahia N, Cuppens F, Morucci S (2011) SPARQL query rewriting instrumented by access control model. In: 1st international symposium on data-driven process discovery and analysis

31.

Oulmakhzoune S, Cuppens-Boulahia N, Cuppens F, Morucci S (2012) Privacy policy preferences enforced by SPARQL query rewriting. In: 7th international workshop on frontiers in availability, reliability and security (FARES 2012)

32.

Samarati P (2001) Protecting respondents identities in microdata release. IEEE Trans Knowl Data Eng 13(6):1010–1027CrossRef

33.

Stavrakantonakis I, Tsinaraki C, Bikakis N, Gioldasis N, Christodoulakis S (2010) SPARQL2XQuery 2.0: supporting semantic-based queries over XML data. In: Semantic media adaptation and personalization (SMAP), IEEE 5th international workshop on 2010. pp 76–84

34.

De Capitani di Vimercati S, Marrara S, Samarati P (2005) An access control model for querying XML data. In: Proceedings of the 2005 workshop on secure web services. ACM, pp 36–42

35.

Wang Q, Yu T, Li N, Lobo J, Bertino E, Irwin K, Byun J (2007) On the correctness criteria of fine-grained access control in relational databases. In: Proceedings of the 33rd international conference on very large data bases. VLDB Endowment, pp 555–566

36.

Yang N, Barringer H, Zhang N (2007) A purpose-based access control model. In: Information assurance and security, 2007. IEEE Third International Symposium on IAS 2007, pp 143–148

Titel: Privacy query rewriting algorithm instrumented by a privacy-aware access control model
verfasst von: Said Oulmakhzoune
Nora Cuppens-Boulahia
Frédéric Cuppens
Stéphane Morucci
Mahmoud Barhamgi
Djamal Benslimane
Publikationsdatum: 01.02.2014
Verlag: Springer Paris
Erschienen in: Annals of Telecommunications / Ausgabe 1-2/2014
Print ISSN: 0003-4347
Elektronische ISSN: 1958-9395
DOI: https://doi.org/10.1007/s12243-013-0365-8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 1-2/2014

Human perception-based distributed architecture for scalable video conferencing services: theoretical models and performance

Improving user content privacy on social networks using rights management systems

A survey on addressing privacy together with quality of context for context management in the Internet of Things

Microcell prediction model based on support vector machine algorithm

PriMa: a comprehensive approach to privacy protection in social network sites

Privacy-aware electronic society

Premium Partner