The widespread diffusion of the Internet as the platform for accessing distributed services makes available a huge amount of personal data, and a corresponding concern and demand from users, as well as legislation, for solutions providing users with form of control on their data. Responding to this requirement raises the emerging need of solutions supporting proper information security governance, allowing enterprises managing user information to enforce restrictions on information acquisition as well as its processing and secondary use. While the research community has acknowledged this emerging scenario, and research efforts are being devoted to it, current technologies provide still limited solutions to the problem. In this paper, we illustrate our effort in pursuing the goal of bringing information security governance restrictions deployable in current organizational contexts. Considering the large success and application of XACML, we extend the XACML architecture and modules complementing them with functionalities for effective credential-based management and privacy support. Our proposal combines XACML with PRIME, a novel solution supporting privacy-aware access control, resulting in an infrastructure that provides the flexible access functionality of XACML enriched with the data governance and privacy features of PRIME.
An XACML-based privacy-centered access control system / C.A. Ardagna, S. De Capitani di Vimercati, S. Paraboschi, E. Pedrini, P. Samarati - In: CCS 2009 co-located workshops : november 9-13, 2009, Chicago, Illinois, USA : [proceedings] / [a cura di] S. Jajodia, M. Kudo. - Disco ottico. - New York : Association for computing machinery, 2009. - ISBN 9781605587875. - pp. 49-58 (( Intervento presentato al 1. convegno ACM Workshop on Information Security Governance (WISG) tenutosi a Chicago nel 2009 [10.1145/1655168.1655178].
An XACML-based privacy-centered access control system
C.A. ArdagnaPrimo
;S. De Capitani di VimercatiSecondo
;E. PedriniPenultimo
;P. SamaratiUltimo
2009
Abstract
The widespread diffusion of the Internet as the platform for accessing distributed services makes available a huge amount of personal data, and a corresponding concern and demand from users, as well as legislation, for solutions providing users with form of control on their data. Responding to this requirement raises the emerging need of solutions supporting proper information security governance, allowing enterprises managing user information to enforce restrictions on information acquisition as well as its processing and secondary use. While the research community has acknowledged this emerging scenario, and research efforts are being devoted to it, current technologies provide still limited solutions to the problem. In this paper, we illustrate our effort in pursuing the goal of bringing information security governance restrictions deployable in current organizational contexts. Considering the large success and application of XACML, we extend the XACML architecture and modules complementing them with functionalities for effective credential-based management and privacy support. Our proposal combines XACML with PRIME, a novel solution supporting privacy-aware access control, resulting in an infrastructure that provides the flexible access functionality of XACML enriched with the data governance and privacy features of PRIME.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.