TY - GEN
T1 - Distributed enforcement of unlinkability policies
T2 - 8th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2007
AU - Kapadia, Apu
AU - Naldurg, Prasad
AU - Campbell, Roy H.
PY - 2007
Y1 - 2007
N2 - We present a discretionary access control framework that can be used to control a principal's ability to link information from two or more audit records and compromise a user's privacy. While the traditional Chinese Wall (CW) access control model is sufficient to enforce this type of unlinkability, in distributed environments CW is inefficient because its semantics requires knowledge of a user's access history. We propose a restricted version of the CW model in which policies are easy to enforce in a decentralized manner without the need for an access history. Our architecture analyzes system policies for potential linkability conflicts. Users can identify specific threats to their privacy, typically in terms of trusted and untrusted roles in the context of RBAC (role based access control), following which the system attaches automatically generated policy constraints to the audit records. When these constraints are enforced appropriately, they implement unlinkability policies that are provably secure and precise for a fixed protection state. We extend the model with a versioning scheme that can handle evolving protection state, including changing roles and permissions, trading precision to maintain the security of deployed policies.
AB - We present a discretionary access control framework that can be used to control a principal's ability to link information from two or more audit records and compromise a user's privacy. While the traditional Chinese Wall (CW) access control model is sufficient to enforce this type of unlinkability, in distributed environments CW is inefficient because its semantics requires knowledge of a user's access history. We propose a restricted version of the CW model in which policies are easy to enforce in a decentralized manner without the need for an access history. Our architecture analyzes system policies for potential linkability conflicts. Users can identify specific threats to their privacy, typically in terms of trusted and untrusted roles in the context of RBAC (role based access control), following which the system attaches automatically generated policy constraints to the audit records. When these constraints are enforced appropriately, they implement unlinkability policies that are provably secure and precise for a fixed protection state. We extend the model with a versioning scheme that can handle evolving protection state, including changing roles and permissions, trading precision to maintain the security of deployed policies.
UR - http://www.scopus.com/inward/record.url?scp=34748918854&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34748918854&partnerID=8YFLogxK
U2 - 10.1109/POLICY.2007.16
DO - 10.1109/POLICY.2007.16
M3 - Conference contribution
AN - SCOPUS:34748918854
SN - 0769527671
SN - 9780769527673
T3 - Proceedings - Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2007
SP - 141
EP - 150
BT - Proceedings - Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2007
Y2 - 13 June 2007 through 15 June 2007
ER -