| Abstract |
Data privacy is one of the fundamental needs of the people. In a computing
environment, there are various issues of data privacy protection in the
enterprise. To enforce the automation of privacy policies and law, access
control has been one of the most devoted subjects which to protect
customers' data by preventing unauthorized access to the resources of the
system. A fine-grained access control called Role-based access control
(RBAC) model has been proposed to protect customer's data. However,
relying on role only is insufficient and inefficient to protect data especially
sensitive attributes, and this may cause risks of privacy disclosure to
unauthorized and untrusted users. We present a finer-grained access control
called Trust, Purpose, and Role-Based Access Control (TPRBAC) model to
efficiently protect data particularly sensitive attributes. In the proposed model,
purpose and role is applied to permit access to data, while trust is applied to
control access to sensitive attributes. A prototype system is developed and
tested, and the result shows sensitive attributes are protected. Experiments
are also conducted to validate the proposed model, and the results show that
the proposed work is efficient and improved privacy protection. Therefore, the
proposed model solves the issue of insufficient and inefficient access control
mechanism in protecting data especially sensitive attributes. |