Distributed enforcement of unlinkability policies: Looking beyond the Chinese wall

Apu Kapadia, Prasad Naldurg, Roy H. Campbell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We present a discretionary access control framework that can be used to control a principal's ability to link information from two or more audit records and compromise a user's privacy. While the traditional Chinese Wall (CW) access control model is sufficient to enforce this type of unlinkability, in distributed environments CW is inefficient because its semantics requires knowledge of a user's access history. We propose a restricted version of the CW model in which policies are easy to enforce in a decentralized manner without the need for an access history. Our architecture analyzes system policies for potential linkability conflicts. Users can identify specific threats to their privacy, typically in terms of trusted and untrusted roles in the context of RBAC (role based access control), following which the system attaches automatically generated policy constraints to the audit records. When these constraints are enforced appropriately, they implement unlinkability policies that are provably secure and precise for a fixed protection state. We extend the model with a versioning scheme that can handle evolving protection state, including changing roles and permissions, trading precision to maintain the security of deployed policies.

Original languageEnglish (US)
Title of host publicationProceedings - Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2007
Pages141-150
Number of pages10
DOIs
StatePublished - Oct 1 2007
Event8th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2007 - Bologna, Italy
Duration: Jun 13 2007Jun 15 2007

Publication series

NameProceedings - Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2007

Other

Other8th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2007
CountryItaly
CityBologna
Period6/13/076/15/07

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture

Fingerprint Dive into the research topics of 'Distributed enforcement of unlinkability policies: Looking beyond the Chinese wall'. Together they form a unique fingerprint.

  • Cite this

    Kapadia, A., Naldurg, P., & Campbell, R. H. (2007). Distributed enforcement of unlinkability policies: Looking beyond the Chinese wall. In Proceedings - Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2007 (pp. 141-150). [4262581] (Proceedings - Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2007). https://doi.org/10.1109/POLICY.2007.16