Skip to main content
Log in

Privacy-aware access control with trust management in web service

  • Published:
World Wide Web Aims and scope Submit manuscript

Abstract

With the significant development of mobile commerce, privacy becomes a major concern for both customers and enterprises. Although data generalization can provide significant protection of an individual’s privacy, over-generalized data may render data of little value or useless. In this paper, we devise generalization boundary techniques to maximize data usability while, minimizing disclosure of privacy. Inspired by the fact that the permissible generalization level results in a much finer level access control, we propose a privacy-aware access control model in web service environments. We also analyze how to manage a valid access process through a trust-based decision and ongoing access control policies. The extensive experiments on both real-world and synthetic data sets show that the proposed privacy aware access control model is practical and effective.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Adam, N.R., Worthmann, J.C.: Security-control methods for statistical databases: a comparative study. CSUR 21(4), 515–556 (1989)

    Article  Google Scholar 

  2. Agrawal, R., Evmievski, A., Srikant, R.: Information sharing across private databases. In: Proc. of the 2003 ACM SIGMOD Int. Conf. on Management of Data. ACM Press (2003)

  3. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proceedings of the 28th International Conference on Very Large Databases (VLDB) (2002)

  4. Ashley, P., Powers, C.S., Schunter, M.: Privacy promises, access control, and privacy management. In: Third International Symposium on Electronic Commerce (2002)

  5. Byun, J.W., Bertino, E.: Micro-views, or on how to protect privacy while enhancing data usability: concepts and challenges. SIGMOD Rec. 35(1), 9–13 (2006)

    Article  Google Scholar 

  6. Byun, J.W., Bertino, E., Li, N.: Purpose Based Access Control for Privacy Protection in Relational Database Systems. Technical Report 2004-52, Purdue University (2004)

  7. Byun, J.W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Symposium on Access Control Model And Technologies (SACMAT) (2005)

  8. Dong, X., Madhavan, J., Nemes, E.: Reference reconciliation in complex information spaces. In: ACM International Conference on Management of Data (SIGMOD) (2005)

  9. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)

    Article  Google Scholar 

  10. Jajodia, S., Sandhu, R.: Toward a multilevel secure relational data model. In: ACM International Conference on Management of Data (SIGMOD), pp. 50–59. ACM Press, New York (1991)

    Google Scholar 

  11. LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.: Disclosure in hippocratic databases. In: The 30th International Conference on Very Large Databases (VLDB) (2004)

  12. Lin, C., Varadharajan, V.: Trust enhanced security for mobile agents. In: Proc of the 7th IEEE International Conference on E-Commerce Technology, CEC 2005, Germany, July 2005. ISBN 0-7695-2277-7; ISSN 1530-1354 (2005)

  13. Sandhu, R.: Role hierarchies and constraints for lattice-based access controls. In: European Symposium on Research in Security and Privacy (1996)

  14. Sandhu, R., Chen, F.: The multilevel relational data model. ACM Trans. Inf. Syst. Secur. 1(1), 93–132 (1998)

    Article  Google Scholar 

  15. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role based access control models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  16. Sarawagi, S., Bhamidipaty, A.: Interactive deduplication using active learning. In: ACM International conference on Knowledge discovery and data mining (SIGKDD) (2002)

  17. Seamons, K., Winslett, M., Yu, T.: Limiting the disclosure of access control policies during automated trust negotiation. In: Proc. of NDSS’01, pp. 109–125. IEEE Press (2001)

  18. Sun, X., Wang, H., Li, J., Truta, T.M.: Enhanced P-sensitive K-anonymity models for privacy preserving data publishing. Transactions on Data Privacy (TDP) 1(2), 53–66 (2008)

    MathSciNet  Google Scholar 

  19. Sun, X., Wang, H., Li, J.: L-diversity based dynamic update for large time-evolving microdata. Australasian Conference on Artificial Intelligence (AI) 2008, 461–469 (2008)

    Google Scholar 

  20. Sweeney, L.: Achieving k-anonymity privacy protection using generalization and suppression. International Journal on Uncertainty, Fuzziness, and Knowledge-based Systems (IJUFKS) 10(5), 571–588 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  21. Tumer, A., Dogac, A., Toroslu, H.: A semantic based privacy framework for web services. In: Proc. of ESSW’03 (2003)

  22. Wang, Y., Vassileva, J.: Trust and reputation model in collaborative networks. In: Proc. 3rd IEEE Int. Conf. Collaborative Computing, pp. 150–157 (2003)

  23. Westin, A.: E-Commerce and Privacy: What Net Users Want. Technical Report, Louis Harris & Associates (1998)

  24. Westin, A.: Freebies and Privacy: What Net Users Think. Technical Report, Opinion Research Corporation (1999)

  25. World Wide Web Consortium (W3C). A P3P Preference Exchange Language 1.0 (APPEL 1.0). Available at www.w3.org/TR/P3P-preferences

  26. World Wide Web Consortium (W3C). Platform for Privacy Preferences (P3P). Available at www.w3.org/P3P

Download references

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Min Li or Xiaoxun Sun.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Li, M., Sun, X., Wang, H. et al. Privacy-aware access control with trust management in web service. World Wide Web 14, 407–430 (2011). https://doi.org/10.1007/s11280-011-0114-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11280-011-0114-8

Keywords

Navigation