Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

This is an Open Access publication published under CSC-OpenAccess Policy.
Publications from CSC-OpenAccess Library are being accessed from over 158 countries worldwide.
Purpose Engineering for Contextual Role-Based Access Control (C-RBAC)
Muhammad Nabeel Tahir
Pages - 41 - 50     |    Revised - 03-07-2008     |    Published - 16-09-2008
Volume - 2   Issue - 3    |    Publication Date - June 2008  Table of Contents
Purpose Engineering, Intentions, C-RBAC, Purpose Hierarchy.
Distributed and ubiquitous computing environments have brought enormous efficiency to the collection, manipulation and distribution of information and services. Although this efficiency has revolutionized countless organizations but it has also increased the threats to individual’s privacy because the information stored within the collection of heterogeneous distributed components is sensitive and requires some form of access control. The way to protect privacy in this age of information technology requires such access control system that can accommodate organization requirements to protect privacy of individuals with ease in management and administration of resources. Among those requirements, purpose inference is one of the major problems as the total access control decision mainly relies on the user intentions/purposed. This work in this paper is an attempt to provide purpose engineering semantics that we use for the proposed contextual role-based access control model (C-RBAC) in order to comply with HIPAA.
1 Google Scholar 
2 Academic Journals Database 
3 ScientificCommons 
4 Academic Index 
5 CiteSeerX 
6 refSeek 
7 iSEEK 
8 Socol@r  
9 ResearchGATE 
10 Libsearch 
11 Bielefeld Academic Search Engine (BASE) 
12 Scribd 
13 SlideShare 
14 PdfSR 
1 Rindfleisch, T. (1997). Privacy, information technology, and health care. Communications of the ACM, 40(8), 93–100.
2 Archives & Records Management Handbook. (2003). Retrieved January 2, 2008, from http://osulibrary.oregonstate.edu/archives/handbook/definitions/
3 Reid, J., Cheong, I., Henricksen, M. & Smith, J. (2003). A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems. Paper presented to Information Security and Privacy, 8th Australasian Conference, ACISP, Wollongong, Australia
4 Bacon, J., Lloyd, M. and Moody, K. (2001). Translating role-based access control policy within context. In Workshop on Policies for Distributed Systems and Networks, Springer-Verlag, 107–120.
5 Patrick, C., Hung, K. and Zheng, Y. (2007). Privacy Access Control Model for Aggregated e-Health Services. Proceedings of the 2007 Eleventh International IEEE EDOC Conference Workshop, Maryland U.S.A, 12-19.
6 Langheinrich, M. (2001). Privacy by Design — Principles of Privacy-Aware Ubiquitous Systems. In “Ubicomp 2001”. Retrieved January 22, 2008, from http://www.vs.inf.ethz.ch/publ/papers/privacy-principles.pdf
7 Jiang, X. and Landay, J. A. (2002). Modeling privacy control in context-aware systems. IEEE Pervasive Computing, 1(3), 59-63.
8 Bohn, J., Gartner, F. and Vogt, H. (2004). Dependability Issues of Pervasive Computing in a Healthcare Environment. Security in Pervasive Computing, First International Conference, Boppard, Germany, 53-70.
9 Beckwith, R. (2003). Designing for Ubiquity: The Perception of Privacy. IEEE Pervasive Computing, 2(2), 40–46.
10 Beresford, R. and Stajano, F. (2004). Mix zones: User privacy in location-aware services. Proceedings of the 2nd IEEE Annual Conference on Pervasive Computing and Communications Workshops (PERCOMW04), Orlando, Florida, pp. 127.
11 Definition of the purpose on the Web. Retrieved July 30, 2007, from: http://www.google.com/search?hl=en&rlz=1T4GFRC_en___MY202&defl=en&q=define:purpose&sa=X&oi=glossary_definition&ct=title
12 Byun, J. W., Bertino, E. and Li, N. (2004). Purpose Based Access Control for Privacy Protection in Relational Database Systems. Technical Report 2004-52, Purdue University, USA.
13 World Wide Web Consortium (W3C). Platform for Privacy Preferences (P3P) Retrieved October 10, 2008, from http://www.w3.org/P3P.
14 Joshi, J.B.D., Bertino, E. and Ghafoor, A. (2002). Temporal Hierarchies and Inheritance Semantics for GTRBAC. Proceedings of the seventh ACM symposium on Access control models and technologies, Monterey, California, USA, 74-83.
15 Joshi, J. B. D., Bertino, E., Latif, U. and Ghafoor, A. (2005). A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering, 17(1), 4–23.
16 Tahir, M. N. (2008). Hierarchies in Contextual Role- Based Access Control Model (C-RBAC). International Journal of Computer Science and Security (IJCSS), 2(4), 28-42.
Mr. Muhammad Nabeel Tahir
- Malaysia