Law-Aware Access Control and its Information Model
Michael Stieghahn, Thomas Engel
TL;DR
This paper presents a law-aware access control model that incorporates legal requirements into access decisions, ensuring cross-border data access compliance for global companies, especially in banking scenarios.
Contribution
It introduces an information model integrating legislation into access control, focusing on lawfulness in cross-border data access, which is a novel approach compared to existing systems.
Findings
Legislation can be integrated into access control policies.
The model supports law-compliant cross-border data access.
An event flow demonstrates practical decision-making process.
Abstract
Cross-border access to a variety of data such as market information, strategic information, or customer-related information defines the daily business of many global companies, including financial institutions. These companies are obliged by law to keep a data processing legal for all offered services. They need to fulfill different security objectives specified by the legislation. Therefore, they control access to prevent unauthorized users from using data. Those security objectives, for example confidentiality or secrecy, are often defined in the eXtensible Access Control Markup Language that promotes interoperability between different systems. In this paper, we show the necessity of incorporating the requirements of legislation into access control. Based on the work flow in a banking scenario we describe a variety of available contextual information and their interrelations.…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAccess Control and Trust · Privacy-Preserving Technologies in Data · Internet Traffic Analysis and Secure E-voting