Abstract
With the significant development of mobile commerce, privacy becomes a major concern for both customers and enterprises. Although data generalization can provide significant protection of an individual’s privacy, over-generalized data may render data of little value or useless. In this paper, we devise generalization boundary techniques to maximize data usability while, minimizing disclosure of privacy. Inspired by the fact that the permissible generalization level results in a much finer level access control, we propose a privacy-aware access control model in web service environments. We also analyze how to manage a valid access process through a trust-based decision and ongoing access control policies. The extensive experiments on both real-world and synthetic data sets show that the proposed privacy aware access control model is practical and effective.
Article PDF
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
References
Adam, N.R., Worthmann, J.C.: Security-control methods for statistical databases: a comparative study. CSUR 21(4), 515–556 (1989)
Agrawal, R., Evmievski, A., Srikant, R.: Information sharing across private databases. In: Proc. of the 2003 ACM SIGMOD Int. Conf. on Management of Data. ACM Press (2003)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proceedings of the 28th International Conference on Very Large Databases (VLDB) (2002)
Ashley, P., Powers, C.S., Schunter, M.: Privacy promises, access control, and privacy management. In: Third International Symposium on Electronic Commerce (2002)
Byun, J.W., Bertino, E.: Micro-views, or on how to protect privacy while enhancing data usability: concepts and challenges. SIGMOD Rec. 35(1), 9–13 (2006)
Byun, J.W., Bertino, E., Li, N.: Purpose Based Access Control for Privacy Protection in Relational Database Systems. Technical Report 2004-52, Purdue University (2004)
Byun, J.W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Symposium on Access Control Model And Technologies (SACMAT) (2005)
Dong, X., Madhavan, J., Nemes, E.: Reference reconciliation in complex information spaces. In: ACM International Conference on Management of Data (SIGMOD) (2005)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)
Jajodia, S., Sandhu, R.: Toward a multilevel secure relational data model. In: ACM International Conference on Management of Data (SIGMOD), pp. 50–59. ACM Press, New York (1991)
LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.: Disclosure in hippocratic databases. In: The 30th International Conference on Very Large Databases (VLDB) (2004)
Lin, C., Varadharajan, V.: Trust enhanced security for mobile agents. In: Proc of the 7th IEEE International Conference on E-Commerce Technology, CEC 2005, Germany, July 2005. ISBN 0-7695-2277-7; ISSN 1530-1354 (2005)
Sandhu, R.: Role hierarchies and constraints for lattice-based access controls. In: European Symposium on Research in Security and Privacy (1996)
Sandhu, R., Chen, F.: The multilevel relational data model. ACM Trans. Inf. Syst. Secur. 1(1), 93–132 (1998)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role based access control models. IEEE Computer 29(2), 38–47 (1996)
Sarawagi, S., Bhamidipaty, A.: Interactive deduplication using active learning. In: ACM International conference on Knowledge discovery and data mining (SIGKDD) (2002)
Seamons, K., Winslett, M., Yu, T.: Limiting the disclosure of access control policies during automated trust negotiation. In: Proc. of NDSS’01, pp. 109–125. IEEE Press (2001)
Sun, X., Wang, H., Li, J., Truta, T.M.: Enhanced P-sensitive K-anonymity models for privacy preserving data publishing. Transactions on Data Privacy (TDP) 1(2), 53–66 (2008)
Sun, X., Wang, H., Li, J.: L-diversity based dynamic update for large time-evolving microdata. Australasian Conference on Artificial Intelligence (AI) 2008, 461–469 (2008)
Sweeney, L.: Achieving k-anonymity privacy protection using generalization and suppression. International Journal on Uncertainty, Fuzziness, and Knowledge-based Systems (IJUFKS) 10(5), 571–588 (2002)
Tumer, A., Dogac, A., Toroslu, H.: A semantic based privacy framework for web services. In: Proc. of ESSW’03 (2003)
Wang, Y., Vassileva, J.: Trust and reputation model in collaborative networks. In: Proc. 3rd IEEE Int. Conf. Collaborative Computing, pp. 150–157 (2003)
Westin, A.: E-Commerce and Privacy: What Net Users Want. Technical Report, Louis Harris & Associates (1998)
Westin, A.: Freebies and Privacy: What Net Users Think. Technical Report, Opinion Research Corporation (1999)
World Wide Web Consortium (W3C). A P3P Preference Exchange Language 1.0 (APPEL 1.0). Available at www.w3.org/TR/P3P-preferences
World Wide Web Consortium (W3C). Platform for Privacy Preferences (P3P). Available at www.w3.org/P3P
Author information
Authors and Affiliations
Corresponding authors
Rights and permissions
About this article
Cite this article
Li, M., Sun, X., Wang, H. et al. Privacy-aware access control with trust management in web service. World Wide Web 14, 407–430 (2011). https://doi.org/10.1007/s11280-011-0114-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11280-011-0114-8