Privacy is today an important concern for both data
providers and data users. Data generalization can
provide significant protection of an individual's privacy,
which means the data value can be replaced by
a less specific but semantically consistent value and
the personal information can be collected in a generalized
form. However, over-generalized data may
render data of little value. A key question is whether
or not a certain generalization strategy provides a sufficient
level of privacy and usability?
In this paper, we introduce a new approach, called
privacy-aware generalization boundaries, which can
satisfy the requirements of both data providers and
data users. We propose a privacy-aware access control
model related to a retention period. Formal definitions
of authorization actions and rules are presented.
Further, we discuss how to manage a valid
access process and analysis the access control policy.
Finally, we extend our model to support highly complex
privacy-related policies by taking into account
features of obligations and conditions.
|Cite as: Li, M., Wang, H. and Plank, A. (2009). Privacy-aware Access Control with Generalization Boundaries. In Proc. Thirty-Second Australasian Computer Science Conference (ACSC 2009), Wellington, New Zealand. CRPIT, 91. Mans, B., Ed. ACS. 93-100. |
(local if available)