Database Access Control and Privacy

数据库访问控制和隐私

• 批准号: 3051-2012
• 负责人: Osborn, Sylvia
• 金额: $ 1.02万
• 依托单位: University of Western Ontario
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2015
• 资助国家: 加拿大
• 起止时间: 2015-01-01 至 2016-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=568272
• 关键词: Database; Access; Control; Privacy

Access control is the ability to say who can do what operations on what data; e.g., the shipper in an on-line book store can read a customer address but not update it. Access control takes over after user authentication, deciding what that user is allowed to access, read, write and update (e.g. the shipper should not be inserting new inventory). Customers may be allowed to say that their address can be used for shipping but not for advertising; this is what is commonly referred to as data privacy. Shipping and advertising are examples of privacy purposes. Data concerning the company's inventory is controlled by access control. Customer data, on the other hand, is also subject to privacy concerns. Implementing these privacy requirements, and the tools to express what should be private, are aspects which concern Computer Scientists. Our access control research is based on the role-based access control (RBAC) model where permissions are collected in roles and assigned to users in one operation. RBAC simplifies the management of access control in complex environments, helping the security system designer to do a better job. Some metrics exist to say when a role design is "good" (e.g. fewest possible roles); we will search for others. We will study updates to an RBAC design, and tests for desired properties. We have recently studied RBAC with privacy labels on some of the data. We propose to further this research, examining the storage of data with these labels, and the run-time tradeoffs of different physical partitions of the privacy-labeled data, while querying and updating it. The scientific approach involves developing a model, proving properties of the model, showing its applicability to real-world situations, developing prototypes and tools, and performance analysis comparisons. The contributions of the research will be a better understanding of preserving privacy, preserving privacy in the presence of an access control mechanism, maintaining these systems under change, measuring when we have a good design, and more efficiently implementing access control and privacy- preserving systems.

访问控制是说谁可以对什么数据做什么操作的能力;例如，在线书店中的发货人可以读取客户地址，但不能更新它。访问控制在用户认证后接管，决定允许用户访问、读取、写入和更新什么（例如，发货人不应该插入新的库存）。 客户可以说他们的地址可以用于运输，但不能用于广告;这就是通常所说的数据隐私。 运输和广告是隐私目的的例子。 有关公司库存的数据由访问控制进行控制。 另一方面，客户数据也受到隐私问题的影响。 实现这些隐私要求以及表达什么应该是隐私的工具是计算机科学家关心的方面。 我们的访问控制研究是基于角色的访问控制（RBAC）模型，其中权限收集在角色和分配给用户在一个操作。 RBAC简化了复杂环境中的访问控制管理，帮助安全系统设计人员更好地完成工作。 有些指标可以说明角色设计是否“好”（例如，最少可能的角色）;我们将搜索其他指标。 我们将研究RBAC设计的更新，并测试所需的属性。 我们最近研究了在一些数据上带有隐私标签的RBAC。 我们建议进一步这项研究，检查这些标签的数据的存储，和运行时的权衡不同的物理分区的隐私标记的数据，同时查询和更新它。 科学的方法包括开发一个模型，证明模型的属性，显示其对现实世界的适用性，开发原型和工具，以及性能分析比较。 这项研究的贡献将是更好地理解保护隐私，在访问控制机制存在的情况下保护隐私，维护这些系统的变化，衡量我们何时有一个好的设计，以及更有效地实现访问控制和隐私保护系统。