Injecting Subject Policy into Access Control for Strengthening the Protection of Personal Information

Abstract

To protect stored personal information, many organizations and information systems adopt the role-based access control model (RBAC) or the mandatory access control model (MAC). Although individuals want to control their personal information, an individual-needs-based access control system is difficult to adopt in the existing environment. Recent proposals have included privacy-enhancing technologies such as communication anonymizers, shared bogus online accounts, and access to personal data. However, these systems cannot satisfy users' privacy requirements. In this paper we propose two confidential access control models that apply individually established policy to existing RBAC and MAC technologies. In the SpRBAC model, a user's right to access would follow organizational policy and accessing personal information would be restricted by subject policy. In the SpMAC model, users would have to satisfy the subject policy established by the provider of information in addition to the requirements of normal MAC policy. In the proposed models, it is possible to restrict access by authorized users according to the subject policy, that is, the policy defined by the subject (or informant--the one providing the personal information), and personal information can thus be protected.