An Implementation of a Privacy Enforcement Scheme based on the Java Security Framework using XACML Policies

  • Thomas Scheffler
  • Stefan Geiß
  • Bettina Schnor
Part of the IFIP – The International Federation for Information Processing book series (IFIPAICT, volume 278)


In this paper we discuss implementation issues of a distributed privacy enforcement scheme to support Owner-Retained Access Control for digital data repositories. Our approach is based on the Java Security Framework. In order to achievepolicy enforcement dependent on the accessed data object, we had to implement our own class loader that supports instance-level policy assignment. Access policies are described using XACML and stored together with the data as sticky policies. Enforcement of generic policies over sticky policy objects required the extension of XACML with XPath specific functions. Our use-case scenario is the user-controlled distribution of Electronic Health Records.


Access Control Data Owner Access Policy Policy Enforcement Privacy Enforcement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Anderson, J.P.: Computer security technology planning study. Technical Report ESD-TR-73-51 (October 1972)Google Scholar
  2. 2.
    Apitzsch, F., Liske, S., Scheffler, T., Schnor, B.: Specifying Security Policies for Electronic Health Records. In: Proceedings of the International Conference on Health Informatics (HEALTHINF 2008), vol. 2, pp. 82 – 90. Funchal/Madeira, Portugal (January 2008)Google Scholar
  3. 3.
    Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language (EPAL 1.2) (November 2003). URL Scholar
  4. 4.
    Bertino, E., Braun, M., Castano, S., Ferrari, E., Mesiti, M.: Author-X: A Java-Based System for XML Data Protection. In: Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions, pp. 15–26. Kluwer, B.V. (2001)Google Scholar
  5. 5.
    Bundesgesundheitsministerium: Gesetz zur Modernisierung der gesetzlichen Krankenversicherung, SGB V, \S 291a. In: Bundesgesetzblatt, vol. 55 (2003)Google Scholar
  6. 6.
    CEN/TS-15211: Health informatics - Mapping of hierarchical message descriptions to XML. European Committee for Standardisation (2006). URL http://www.cen.euGoogle Scholar
  7. 7.
    Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The Platform for Privacy Preferences 1.0 (P3P1.0) Specification (April 2002). URL Scholar
  8. 8.
    Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Transactions on Information and System Security 5(2), 169–202 (2002)CrossRefGoogle Scholar
  9. 9.
    DeRose, J.C.S.: XML Path Language (XPath). W3C Recommendation (1999). URL Scholar
  10. 10.
    Gong, L., Ellison, G., Dageforde, M.: Inside Java 2 Platform Security - Second Edition. Addison-Wesley, Boston (2003)Google Scholar
  11. 11.
    Gong, L., Mueller, M., Prafullchandra, H., Schemers, R.: Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit. In: USENIX Symposium on Internet Technologies and Systems. Monterey, California (1997)Google Scholar
  12. 12.
    Gupta, R., Bhide, M.: A Generic XACML Based Declarative Authorization Scheme for Java, Lecture Notes in Computer Science: Computer Security - ESORICS 2005, vol. Volume 3679/2005. Springer Berlin / Heidelberg (2005)Google Scholar
  13. 13.
    Imamura, T., Dillaway, B., Simon, E.: XML Encryption Syntax and Processing. W3C Recommendation (2002). URL Scholar
  14. 14.
    ISO/HL7-21731: Health informatics - HL7 version Reference information model Release 1) (2006)Google Scholar
  15. 15.
    Karjoth, G., Schunter, M., Waidner, M.: Platform For Enterprise Privacy Practices: Privacyenabled Management Of Customer Data. In: 2nd Workshop on Privacy Enhancing Technologies (PET2002), vol. Lecture Notes in Computer Science 2482, pp. 69–84. Springer Verlag (2003)Google Scholar
  16. 16.
    Lehmann, K., Thiemann, P.: Field access analysis for enforcing access control policies. In: Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS 2006), Lecture Notes in Computer Science, vol. 3995, pp. 337–351. Springer-Verlag, Berlin, Heidelberg (2006)Google Scholar
  17. 17.
    McCollum, C.J., Messing, J.R., Notargiacomo, L.: Beyond the pale of MAC and DACdefining new forms of access control. In: IEEE Computer Society Symposium on Research in Security and Privacy, pp. 190–200 (1990)Google Scholar
  18. 18.
    Mont, M.C., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In: Proceedings of the 14th International Workshop on Database and Expert Systems Applications, p. 377. IEEE Computer Society (2003)Google Scholar
  19. 19.
    Moses, T.: eXtensible Access Control Markup Language (XACML) Version 2.0. XACML Core Standard (2005). URL Scholar
  20. 20.
    Sevincç, P.E., Basin, D.: Controlling Access to Documents: A Formal Access Control Model. Technical Report No. 517, Department of Computer Science, ETH Zurich, 8092 Zurich, Switzerland, (May 2006)Google Scholar
  21. 21.
    SUN: Sun’s XACML implementation (2005). URL Scholar
  22. 22.
    XACML-2.0: eXtensible Access Control Markup Language (XACML). OASIS-Standard (2005). URL Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Thomas Scheffler
    • 1
  • Stefan Geiß
    • 1
  • Bettina Schnor
    • 1
  1. 1.Department of Computer ScienceUniversity of Potsdam14482 PotsdamGermany

Personalised recommendations