The success of the Web as a platform for the distribution of services and dissemination of information makes the protection of users' privacy a fundamental requirement. The privacy issues affect different aspects of today's Internet transactions, among which access control represents the most critical. An important step towards the protection of privacy is then the definition of a privacy-aware access control system that, in addition to server-side resources protection, provides users with solutions for preserving their privacy and managing their data. Although considerable work has been done in the field of access control for distributed services [AHK+03, AHKS02, BS02a, eXt05, Wor02], available access control mechanisms are at an early stage from a privacy protection point of view. This situation reflects the fact that in the last years the variety of security requirements focused on addressing server-side security concerns (e.g., communication confidentiality, unauthorized access to services, data integrity). Here, we focus on the development of a privacy-aware access control system regulating access to resources and protecting privacy of the users.
Privacy-aware access control system : evaluation and decision / C.A. Ardagna, S. De Capitani di Vimercati, E. Pedrini, P. Samarati - In: Digital Privacy : PRIME - Privacy and identity management for Europe / [a cura di] J. Camenisch, R. Leenes, D. Sommer. - Berlin : Springer, 2011. - ISBN 9783642190490. - pp. 377-395
Privacy-aware access control system : evaluation and decision
C.A. ArdagnaPrimo
;S. De Capitani di VimercatiSecondo
;E. PedriniPenultimo
;P. SamaratiUltimo
2011
Abstract
The success of the Web as a platform for the distribution of services and dissemination of information makes the protection of users' privacy a fundamental requirement. The privacy issues affect different aspects of today's Internet transactions, among which access control represents the most critical. An important step towards the protection of privacy is then the definition of a privacy-aware access control system that, in addition to server-side resources protection, provides users with solutions for preserving their privacy and managing their data. Although considerable work has been done in the field of access control for distributed services [AHK+03, AHKS02, BS02a, eXt05, Wor02], available access control mechanisms are at an early stage from a privacy protection point of view. This situation reflects the fact that in the last years the variety of security requirements focused on addressing server-side security concerns (e.g., communication confidentiality, unauthorized access to services, data integrity). Here, we focus on the development of a privacy-aware access control system regulating access to resources and protecting privacy of the users.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.