Person-Wise Privacy Level Access Control for Personal Information Directory Services

  • Hyung-Jin Mun
  • Keon Myung Lee
  • Sang-Ho Lee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4096)


This paper proposes a policy-based access control mechanism for the personal information directory service systems which prevents the information users from illegally accessing the personal information and enables the information subjects to control access to their own information. In the proposed mechanism, the individuals’ personal information which is encrypted with different keys is stored into the directory repository. In order to control access to her own personal information, information subject sets up the access control policy for it and the access control is practiced out by providing encryption keys to the legal users according to the subject’s policy.


Access Control Personal Information Information User Access Control Policy Information Subject 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Stallings, W.: Cryptography and Network Security, 3rd edn. Prentice-Hall, New Jersey (2003)Google Scholar
  2. 2.
    Fischer-Hübner, S.: IT-Security and Privacy: Design and Use of Privacy Enhancing Security Mechanism. LNCS, vol. 1958. Springer, Heidelberg (2001)Google Scholar
  3. 3.
    Chaum, D.L.: The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability. Journal of Cryptology 1(1), 65–75 (1988)MATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Rither, M.K., Rubin, A.D.: Crowds: Anonymity for Web Transactions. ACM Transactions on Informatino and System Security 1(1), 66–92 (1998)CrossRefGoogle Scholar
  5. 5.
    Chaum, D.L.: Untraceble Electronic Mail Return Address, and Digital Pseudonyms. Communications of the ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  6. 6.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)Google Scholar
  7. 7.
    Huang, W.K., Atluri, V.: SecureFlow: A secure Web-enabled Workflow Management System. In: Proc. Of 4th ACM Workshop on Role-based Access Control (1999)Google Scholar
  8. 8.
    Thomas, P.K., Sandhu, R.S.: Task-based Authorization Control(TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. In: Proc. of the IFIP WG11.3 Workshop on Database Security (1997)Google Scholar
  9. 9.
    Oh, S., Park, S.: An Integration Model of Role-based Access Control and Activity-based Access Control Using Task. In: Proc. of 14th Annual IFIP WG11.3 Working Conference on Database Security (August 2000)Google Scholar
  10. 10.
    Oh, S., Park, S.: A Process of Abstracting T-RBAC Aspects from Enterprise Environment. In: Proc. DASFAA 2001 (April 2001)Google Scholar
  11. 11.
    Mont, M.C., Pearson, S., Bramhall, P.: An Adaptive Privacy Management System for Data Repositories (2004),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Hyung-Jin Mun
    • 1
  • Keon Myung Lee
    • 1
  • Sang-Ho Lee
    • 1
  1. 1.School of Electrical and Computer EngineeringChungbuk National UniversityKorea

Personalised recommendations