Self-Protecting Access Control: On Mitigating Privacy Violations with Fault Tolerance

Self-Protecting Access Control: On Mitigating Privacy Violations with Fault Tolerance

Anne V. D. M. Kayem (University of Cape Town, South Africa), Patrick Martin (Queen’s University, Canada) and Selim G. Akl (Queen’s University, Canada)
DOI: 10.4018/978-1-61350-501-4.ch004


Self-protecting access control mechanisms can be described as an approach to enforcing security in a manner that automatically protects against violations of access control rules. In this chapter, we present a comparative analysis of standard Cryptographic Access Control (CAC) schemes in relation to privacy enforcement on the Web. We postulate that to mitigate privacy violations, self-protecting CAC mechanisms need to be supported by fault-tolerance. As an example of how one might to do this, we present two solutions that are inspired by the autonomic computing paradigm1. Our solutions are centered on how CAC schemes can be extended to protect against privacy violations that might arise from key updates and collusion attacks.
Chapter Preview


The ability to execute multiple transactions across a myriad of applications has made the Internet a prime platform for building Web applications. Applications like Facebook (Facebook, 2010) and MySpace (MySpace, 2010), attest to this popularity and have been rated as being the most popular social networking applications in the English speaking world. Increasingly, business organizations are taking advantage of these social networking applications and other web applications to collect personal information about consumers and likewise consumers have shown a keenness for the web as a medium of communication because of the interactivity and fast response time it offers. Yet, the same qualities of flexibility and interactivity that the web is famous for have become an impediment in the face of the growing incidences of data privacy violations. For example, in October 2010 a Wall Street Journal Investigation revealed that many popular Facebook applications were transmitting consumer personal information to advertising and Internet tracking companies (Slattery, 2010), (Foremski, 2010). Cases like this have fueled growing concerns, on the part of consumers, that their data can be leaked without their consent to third parties. In this section, we discuss the context in which data privacy violations occur and why this happens in spite of the fact that access control mechanisms can be implemented to protect the information.

Complete Chapter List

Search this Book: