Qun Ni

Privacy-aware role based access control

A privacy-aware role-based access control model extends RBAC to express highly complex privacy-related policies, including consideration of such features as conditions and obligations. Because its based on the RBAC model, the full-fledged P-RBAC solution is easy to deploy in systems already adopting RBAC, thus allowing seamless integration of access control and privacy policies.

Privacy-aware role-based access control

In this article, we introduce a comprehensive framework supporting a privacy-aware access control mechanism, that is, a mechanism tailored to enforce access control to data containing personally identifiable information and, as such, privacy sensitive. The key component of the framework is a family of models (P-RBAC) that extend the well-known RBAC model in order to provide full support for expressing highly complex privacy-related policies, taking into account features like purposes and obligations. We formally define the notion of privacy-aware permissions and the notion of conflicting permission assignments in P-RBAC, together with efficient conflict-checking algorithms. The framework also includes a flexible authoring tool, based on the use of the SPARCLE system, supporting the high-level specification of P-RBAC permissions. SPARCLE supports the use of natural language for authoring policies and is able to automatically generate P-RBAC permissions from these natural language specifications. In the article, we also report performance evaluation results and contrast our approach with other relevant access control and privacy policy frameworks such as P3P, EPAL, and XACML.

An obligation model bridging access control policies and privacy policies

In this paper, we present a novel obligation model for the Core Privacy-aware Role Based Access Control (P-RBAC), and discuss some design issues in detail. Pre-obligations, post-obligations, conditional obligations, and repeating obligations are supported by the obligation model. Interaction between permissions and obligations is discussed, and efficient algorithms are provided to detect undesired effects.

Risk-based access control systems built on fuzzy inferences

Fuzzy inference is a promising approach to implement risk-based access control systems. However, its application to access control raises some novel problems that have not been yet investigated. First, because there are many different fuzzy operations, one must choose the fuzzy operations that best address security requirements. Second, risk-based access control, though it improves information flow and better addresses requirements from critical organizations, may result in damages by malicious users before mitigating steps are taken. Third, the scalability of a fuzzy inference-based access control system is questionable. The time required by a fuzzy inference engine to estimate risks may be quite high especially when there are tens of parameters and hundreds of fuzzy rules. However, an access control system may need to serve hundreds or thousands of users. In this paper, we investigate these issues and present our solutions or answers to them.

An Access Control Language for a General Provenance Model

Provenance access control has been recognized as one of the most important components in an enterprise-level provenance system. However, it has only received little attention in the context of data security research. One important challenge in provenance access control is the lack of an access control language that supports its specific requirements, e.g., the support of both fine-grained policies and personal preferences, and decision aggregation from different applicable policies. In this paper, we propose an access control language tailored to these requirements.

D-algebra for composing access control policy decisions

This paper proposes a D-algebra to compose decisions from multiple access control policies. Compared to other algebra-based approaches aimed at policy composition, D-algebra is the only one that satisfies both functional completeness (any possible decision matrix can be expressed by a D-algebra formula) and computational effectiveness (a formula can be computed efficiently given any decision matrix). The D-algebra has several relevant applications in the context of access control policies, namely the analysis of policy languages decision mechanisms, and the development of tools for policy authoring and enforcement.

Conditional privacy-aware role based access control

Privacy is considered critical for all organizations needing to manage individual related information. As such, there is an increasing need for access control models which can adequately support the specification and enforcement of privacy policies. In this paper, we propose a model, referred to as Conditional Privacy-aware Role Based Access Control (P-RBAC), which supports expressive condition languages and flexible relations among permission assignments for more complex privacy policies. Efficient algorithms for detecting conflicts, redundancies, and indeterminism for a set of permission assignments are presented. In the paper we also extend Conditional P-RBAC to Universal P-RBAC by taking into account hierarchical relations among roles, data and purposes. In comparison with other approaches, such as P3P, EPAL, and XACML, our work has achieved both expressiveness and efficiency.

Privacy-Aware Role-Based Access Control

A privacy-aware role-based access control model extends RBAC to express highly complex privacy-related policies, including consideration of such features as conditions and obligations. Because its based on the RBAC model, the full-fledged P-RBAC solution is easy to deploy in systems already adopting RBAC, thus allowing seamless integration of access control and privacy policies.

Automating role-based provisioning by learning from examples

Role-based provisioning has been adopted as a standard component in leading Identity Management products due to its low administration cost. However, the cost of adjusting existing roles to entitlements from newly deployed applications is usually very high. In this paper, a learning-based approach to automate the provisioning process is proposed and its effectiveness is verified by real provisioning data. Specific learning issues related to provisioning are identified and relevant solutions are presented.

Analysis of privacy and security policies

The distributed nature of the environment in which privacy and security policies operate requires tools that help enforce consistency of policy rules across different domains. Furthermore, because changes to policy rules are required as policies evolve over time, such tools can be used by policy administrators to ensure the consistency of policy changes. In this paper, we describe a number of different policy analysis tools and techniques that we have developed over the years and present them in a unified framework in which both privacy and security policies are discussed. We cover dominance analyses of general policies, conflicts among authorizations and prohibitions, and other analyses of obligations, as well as policy similarity analysis and policy distribution.