Towards a Mechanism for Discretionary Overriding of Access Control (Transcript of Discussion)
Last year, the Swedish Prime Minister was stabbed to death in a shopping mall in Stockholm, and of course the police thoroughly investigated it. They had some privacy problems during the investigation: many policemen just looked at the case, because there was no access control on the police system. They didn’t have a whole system on-line, because they cannot really predict the needs of individual policemen, and they cannot really audit the whole thing either because there were so many accesses. In the case of the prime minister we suspect that something was going on because he was a famous person, and they know from experience that this tends to happen with famous people, but in the case of a policemen accessing his neighbour’s data, or something like that, then there is little reason to notice that something is going on.
KeywordsAccess Control Policy Language Security Policy Organisational Theory Shopping Mall
Unable to display preview. Download preview PDF.