Purpose-based access policy on provenance and data algebra
Faen Zhang, Xinyu Fan, Wenfeng Zhou, Pengcheng Zhou
TL;DR
This paper introduces purpose-based access policies that specify allowed purposes for data access, incorporating hierarchical and multi-party policy algebras to enhance access control mechanisms.
Contribution
It presents a novel purpose-based policy algebra framework that includes internal and external operators for hierarchical and multi-party policy merging.
Findings
Policy algebra models are feasible and practical.
Hierarchical purpose classification improves access control.
Multi-party policy merging is effective.
Abstract
It is a crucial mechanism of access control to determine that data can only be accessed for allowed purposes. To achieve this mechanism, we propose purpose-based access policies in this paper. Different from provenance-based policies that determine if a piece of data can be accessed or not, purpose-based access policies determines for what purposes can data be accessed. Particularly, the purposes can be classified as different sensitivity levels. For the first time, We tailor policy algebras to include internal and external policy operators for hierarchical purposes, in order to merge purpose sets generated by individual policies. We also created external policy algebras to merge policies from multi-parties. With different types' testing experiments, our model is proved to be feasible and practical.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAccess Control and Trust · Scientific Computing and Data Management · Cryptography and Data Security