Privacy-Aware Organisation-Based Access Control Model (PrivOrBAC)

Privacy-Aware Organisation-Based Access Control Model (PrivOrBAC)

Nabil Ajam, Nora Cuppens-Boulahia, Fréderic Cuppens
DOI: 10.4018/978-1-4666-2919-6.ch073
(Individual Chapters)
No Current Special Offers


In this chapter, the authors propose the expression and the modelling of the most important principles of privacy. They deduce the relevant privacy requirements that should be integrated in existing security policy models, such as RBAC models. They suggest the application of a unique model for both access control and privacy requirements. Thus, an access control model is to be enriched with new access constraints and parameters, namely the privacy contexts, which should implement the consent and the notification concepts. For this purpose, the authors introduce the Privacy-aware Organisation role Based Access Control (PrivOrBAC) model.
Chapter Preview

2. Modelling Motivation

We illustrate in this section the issues related to private data management and how to use a privacy policy to specify privacy requirements. We assume that the private data are collected by mobile operator networks since we focus, in our work, on sensitive data such as location and presence of mobile subscribers that only the network operator can collect. At this stage we do not care about means used to collect data. Collected data concerns operator’s subscribers (see Figure 1).

Figure 1.

Privacy enforcement in mobile operator networks


Complete Chapter List

Search this Book: