Access control model based on trust, purpose, and role in materialized view for privacy protection

Data privacy is one of the fundamental needs of the people. In a computing environment, there are various issues of data privacy protection in the enterprise. To enforce automation of privacy and legal policies, access control has become a common subject that are always been applied. Despite the recent advances in access control models, there are still issues that impede the development of effective access control. Among them is the lack of assessments for the user to authorize access, which comprises reliance on identity, purpose, and role. This study focuses on data privacy protection in materialized view. Materialized view is a replica of a table which is created in a very large system where data are replicated from the master tables. Role-based access control model in materialized view has been proposed to protect customer's data. However, relying on role only is insufficient and inefficient to protect data especially sensitive attributes. This may lead to the risk of privacy disclosure to unauthorized and untrusted users. Previous access control models based on purpose and trust also do not consider protecting sensitive attributes. Quantification methods have been proposed to quantify certain user properties to specify user's trustworthiness. However, these quantification methods have limitation as they provide a general formula of calculation to quantify certain user properties to specify user's trustworthiness. Therefore, a new quantification method needs to be proposed which provides specific calculation of the user properties to specify user's trustworthiness. A quantification method is proposed to quantify the seniority and behaviour of the user by using the evidences and ten user behaviour categories to specify user's trustworthiness. The method is developed and tested to calculate both properties, and the result shows that the proposed method provides detail calculation of both properties to specify user's trustworthiness. The proposed method is validated by comparing the calculation of the user properties to specify user's trustworthiness with previous studies, and the result shows that the proposed method is stricter in specifying user's trustworthiness. Therefore, this work others a solution by providing a quantification method with specific calculation of the seniority and behaviour to specify user's trustworthiness. A trust, purpose, and role-based access control model in materialized view is proposed to efficiently protect data especially sensitive attributes. In the proposed model, purpose and role are applied to permit access to data, while trust is applied to control access to sensitive attributes. An algorithm is discussed to describe the access control mechanism by first, authenticating user's role, purpose, and trust, before authorizing access of authorized and trusted user. A prototype system is developed and tested, and the result shows that sensitive attributes are protected. The experiment is conducted to validate the proposed model by comparing it with the previous model. The result shows that the proposed model is efficient and improve privacy protection. Therefore, this research solves the issue of protection data especially sensitive attributes in materialized view.

Text FSKTM 2019 47 IR.pdf Download (1MB)

Actions (login required)

View Item