Privacy-Aware Organisation-Based Access Control Model (PrivOrBAC)

Privacy-Aware Organisation-Based Access Control Model (PrivOrBAC)

Nabil Ajam, Nora Cuppens-Boulahia, Fréderic Cuppens
DOI: 10.4018/978-1-4666-0978-5.ch017
(Individual Chapters)
No Current Special Offers


In this chapter, the authors propose the expression and the modelling of the most important principles of privacy. They deduce the relevant privacy requirements that should be integrated in existing security policy models, such as RBAC models. They suggest the application of a unique model for both access control and privacy requirements. Thus, an access control model is to be enriched with new access constraints and parameters, namely the privacy contexts, which should implement the consent and the notification concepts. For this purpose, the authors introduce the Privacy-aware Organisation role Based Access Control (PrivOrBAC) model.
Chapter Preview

Modelling Motivation

We illustrate in this section the issues related to private data management and how to use a privacy policy to specify privacy requirements. We assume that the private data are collected by mobile operator networks since we focus, in our work, on sensitive data such as location and presence of mobile subscribers that only the network operator can collect (See Figure 1). At this stage we do not care about means used to collect data. Collected data concerns operator’s subscribers.

Figure 1.

Privacy enforcement in mobile operator networks


The information is stored within operator’s information system. The latter should implement the OrBAC model to enforce the privacy policy defined by the subscribers. Service providers request that information to offer enhanced services. So, the operator should manage the access to services.

Complete Chapter List

Search this Book: