Abstract
Access control is a security technique that specifies access rights to resources in a computing environment. As information systems nowadays become more complex, it plays an important role in authenticating and authorizing users and preventing an attacker from targeting sensitive information. However, no proper consideration has been fully investigated so far in privacy protection. While many studies have acknowledged this issue, recent studies have not provided a fine-grained access control system for data privacy protection. As the data set becomes larger, we have to confront more privacy challenges. For example, the access control mechanism must be able to guarantee fine-grained access control, privacy protection, conflicts and redundancies between rules of the same policy or between different policies. In this paper, we propose a comprehensive framework for enforcing attribute-based security policies stored in the JSON document together with the feature of data privacy protection and incorporates a policy structure based on the prioritization of functions to resolve conflicts at a fine-grained level called “Privacy aware access control model for policy conflict resolution”. We also use Polish notation for modeling condi-tional expressions which are the combination of subject, action, resource, and environment attributes so that privacy policies are flexible, dynamic and fine-grained. Experiments are carried out to two aspects (i) illustrate the relationship between the processing time for access decision and the complexity of policies;(ii) illustrate the relationship between the processing time for the traditional approach (single policy, multi-policy without priority) and our approach (multi-policy with priority). Experimental results show that the evaluation performance satisfies the privacy requirements defined by the user.
Highlights
The remarkable growth of Internet and social media applications over the past few decades lead to an exponential increase of data
To investigate the problem of conflict resolution, we introduced an Attribute Based Access Control (ABAC) system that incorporates a policy model based on the prioritization of functions to resolve conflicts at a fine-grained level
Most of the works in the literature focus on two directions: (i) constructing a whole new privacy-aware access control system based on ABAC model; and (ii) adding a level of privacy protection to a popular existence standard
Summary
The remarkable growth of Internet and social media applications over the past few decades lead to an exponential increase of data. It allows the user to prioritize different functions that presented on the same domain from the lowest storage unit (fields) to the highest storage unit (as collection or database) This is the advantage of the solution compared to normal approaches: instead of returning decisions as Permit or Deny, we create a smooth resolution mechanism that can show a portion of the requested data based on the priority level www.ijacsa.thesai.org (IJACSA) International Journal of Advanced Computer Science and Applications, Vol 10, No 2, 2019 of the requester. The contribution of this article is four-fold: (i) we proposed an attribute-based security policies definition formatting in JSON; (ii) we describe a mechanism for protecting sensitive data in fine-grained level; (iii) we presented a dynamic solution for fine-grained policy conflict; and (iv) we used Polish notation for modeling conditional expressions.
Published Version (Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.