The VLDB Journal

, Volume 17, Issue 4, pp 603–619 | Cite as

Purpose based access control for privacy protection in relational database systems

  • Ji-Won Byun
  • Ninghui Li
Regular Paper


In this article, we present a comprehensive approach for privacy preserving access control based on the notion of purpose. In our model, purpose information associated with a given data element specifies the intended use of the data element. A key feature of our model is that it allows multiple purposes to be associated with each data element and also supports explicit prohibitions, thus allowing privacy officers to specify that some data should not be used for certain purposes. An important issue addressed in this article is the granularity of data labeling, i.e., the units of data with which purposes can be associated. We address this issue in the context of relational databases and propose four different labeling schemes, each providing a different granularity. We also propose an approach to represent purpose information, which results in low storage overhead, and we exploit query modification techniques to support access control based on purpose information. Another contribution of our work is that we address the problem of how to determine the purpose for which certain data are accessed by a given user. Our proposed solution relies on role-based access control (RBAC) models as well as the notion of conditional role which is based on the notions of role attribute and system attribute.


Privacy Access control Purpose Private data management 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic . In: Proceedings of the 28th International Conference on Very Large Databases (VLDB) (2002)Google Scholar
  2. 2.
    ANSI: American national standard for information technology—role based access control. ANSI INCITS 359–2004 (2004)Google Scholar
  3. 3.
    Ashley, P., Powers, C.S., Schunter, M.: Privacy promises, access control, and privacy management. In: Third International Symposium on Electronic Commerce (2002)Google Scholar
  4. 4.
    Barker S., Stuckey P.J. (2003). Flexible access control policy specification with constraint logic programming. ACM Trans. Inf. Syst. Secu. 6(4):501–546CrossRefGoogle Scholar
  5. 5.
    Bell, D.E., LaPadula, L.J.: Secure computer systems: mathematical foundations and model Technical report, MITRE Corporation (1974)Google Scholar
  6. 6.
    Bertino E., Jajodia S., Samarati P. (1995). Database security: research and practice. Inf. Syst. 20(7):537–556CrossRefGoogle Scholar
  7. 7.
    Bitton, D., DeWitt, D.J., Turbyfill, C.: Benchmarking database systems: a systematic approach. In: Ninth International Conference on Very Large Data Bases (1983)Google Scholar
  8. 8.
    Chen, F., Sandhu, R.: Constraints for role-based access control. In: The first ACM Workshop on Role-based access control (1996)Google Scholar
  9. 9.
    Denning, D., Lunt, T., Schell, R., Shockley, W., Heckman, M.: The seaview security model. In: The IEEE Symposium on Research in Security and Privacy (1988)Google Scholar
  10. 10.
    Dong, X., Halevy, A., Madhavan, J., Nemes, E.: Reference reconciliation in complex information spaces. In: ACM International Conference on Management of Data (SIGMOD) (2005)Google Scholar
  11. 11.
    Federal Trade Commision: Children’s online privacy protection act of 1998. Available at coppa.htmlGoogle Scholar
  12. 12.
    Federal Trade Commission: Privacy online: fair information practices in the electronic marketplace: a report to congress, May 2000. Available at Scholar
  13. 13.
    Fellegi, I.P., Sunter, A.B.: A theory for record linkage. J. Am. Stat. Assoc. (1969)Google Scholar
  14. 14.
    Ferraiolo, D.F., Richard Kuhn, D., Chandramouli, R.: Role-Based Access Control. Artech House (2003)Google Scholar
  15. 15.
    Ferraiolo D.F., Sandhu R.S., Gavrila S., Kuhn D.R., Chandramouli R. (2001). Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Sec. 4(3):224–274CrossRefGoogle Scholar
  16. 16.
    Goh, C., Baldwin, A.: Towards a more complete model of role. In: The 3rd ACM workshop on Role-based access control. (1998)Google Scholar
  17. 17.
    IBM: The Enterprise Privacy Authorization Language (EPAL). Available at Scholar
  18. 18.
    Jajodia, S., Sandhu, R.: Toward a multilevel secure relational data model. In: ACM International Conference on Management of Data (SIGMOD) pp. 50–59. ACM Press, New York (1991)Google Scholar
  19. 19.
    Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practice: Privacy-enabled management of customer data. In: The 2nd Workshop on Privacy Enhancing Technologies (PET 2002) (2002)Google Scholar
  20. 20.
    Kobsa A. (2002). Personalized hypermedia and international privacy. Communic ACM. 45(5):64–67Google Scholar
  21. 21.
    Kumar A., Karnik N., Chafle G. (2002). Context sensitivity in role-based access control. ACM SIGOPS Oper. Syst. Rev. 36(3):53–66CrossRefGoogle Scholar
  22. 22.
    LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.: Disclosure in hippocratic databases. In: The 30th International Conference on Very Large Databases (VLDB) (2004)Google Scholar
  23. 23.
    Oracle Corporation: The Virtual Private Database in Oracle9iR2: An Oracle Technical White Paper, January 2002. Available at Scholar
  24. 24.
    Oracle Corporation: The Oracle Database SQL References, December 2003. Availabe at Scholar
  25. 25.
    Sandhu R., Chen F. (1998). The multilevel relational data model. ACM Trans. Inf. Syst. Secu. 1(1):93–132CrossRefGoogle Scholar
  26. 26.
    Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: Proceedings of the Fifth ACM Workshop on Role-Based Access Control (RBAC 2000), pp. 47–63 (2000)Google Scholar
  27. 27.
    Sandhu R.S., Coyne E.J., Feinstein H.L., Youman C.E. (1996). Role-based access control models. IEEE Comput. 29(2):38–47Google Scholar
  28. 28.
    Sarawagi, S., Bhamidipaty, A.: Interactive deduplication using active learning. In: ACM International conference on Knowledge discovery and data mining (SIGKDD) (2002)Google Scholar
  29. 29.
    Stonebraker, M., Wong, E.: Access control in a relational data base management system by query modification. In: ACM CSC-ER Proceedings of the 1974 Annual Conference (1974)Google Scholar
  30. 30.
    World Wide Web Consortium (W3C): A P3P Preference Exchange Language 1.0 (APPEL 1.0). Available at Scholar
  31. 31.
    World Wide Web Consortium (W3C): Platform for Privacy Preferences (P3P). Available at Scholar

Copyright information

© Springer-Verlag 2006

Authors and Affiliations

  1. 1.CERIAS and Department of Computer SciencePurdue UniversityWest LafayetteUSA

Personalised recommendations