Privacy-Aware Organisation-Based Access Control Model (PrivOrBAC)

Privacy-Aware Organisation-Based Access Control Model (PrivOrBAC)

Nabil Ajam (Institut Télécom, Télécom Bretagne, France), Nora Cuppens-Boulahia (Institut Télécom, Télécom Bretagne, France) and Fréderic Cuppens (Institut Télécom, Télécom Bretagne, France)
DOI: 10.4018/978-1-4666-2919-6.ch073
OnDemand PDF Download:
$37.50

Abstract

In this chapter, the authors propose the expression and the modelling of the most important principles of privacy. They deduce the relevant privacy requirements that should be integrated in existing security policy models, such as RBAC models. They suggest the application of a unique model for both access control and privacy requirements. Thus, an access control model is to be enriched with new access constraints and parameters, namely the privacy contexts, which should implement the consent and the notification concepts. For this purpose, the authors introduce the Privacy-aware Organisation role Based Access Control (PrivOrBAC) model.
Chapter Preview
Top

2. Modelling Motivation

We illustrate in this section the issues related to private data management and how to use a privacy policy to specify privacy requirements. We assume that the private data are collected by mobile operator networks since we focus, in our work, on sensitive data such as location and presence of mobile subscribers that only the network operator can collect. At this stage we do not care about means used to collect data. Collected data concerns operator’s subscribers (see Figure 1).

Figure 1.

Privacy enforcement in mobile operator networks

Complete Chapter List

Search this Book:
Reset