An XML-Based Policy Model for Access Control in Web Applications

Basso, Tânia; Antunes, Nuno; Moraes, Regina; Vieira, Marco

doi:10.1007/978-3-642-40173-2_23

Cited by 3 publications

(9 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The database framework is based on the referred privacy policy model described in Basso et al (2013). This model was selected due to its simplicity and the fact that it was constructed through an extensive study based on the literature and IT professional interviews.…”

Section: The Database Frameworkmentioning

confidence: 99%

“…In Figure 1, privacy policies are defined through XML files, based on the policy model described in Basso et al (2013). In summary, the model defines who can access certain piece of information, when, from where, and how the required information can be accessed, as well as the criticality level of each piece of information.…”

Section: Privacy Policiesmentioning

confidence: 99%

“…Also, the model has the Data Access offshoot, whose set of tags allows determining the restrictions of information in table's columns and rows. The Level tag is part of this offshoot and represents the criticality level of the information (see Basso et al (2013) for more details). For sake of simplicity, we focused on using information about the profiles allowed to access data and the criticality levels of data, disregarding other types of information defined by the model (e.g.…”

Section: Privacy Policiesmentioning

confidence: 99%

“…Basically, the algorithm verifies if the data being requested can be retrieved, comparing its associated preference level (set by the user) with the access control policy (specifies the preference level each requester -role -can access). The underlying policies are defined using the policy model proposed in Basso et al (2013). This model allows users to define the policies without requiring specific or in-depth knowledge about the web application because, instead of the rules defined by other standards, it follows a more user-friendly approach, enabling the users to express preferences about their personal information and even to distinguish among the information they provide.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A Database Framework for Expressing and Enforcing Personal Privacy Preferences

Basso

Piardi²,

Moraes³

et al. 2015

Anais Do XVI Workshop De Testes E Tolerância a Falhas (WTF 2015)

View full text Add to dashboard Cite

Nowadays, privacy protection in web applications and services is done, most times, through privacy policies that are presented to users and give them only the options of agreeing or disagreeing. So, it is not possible for users to express, in a detailed manner, their privacy preferences. Having this flexibility would allow users to make more thoughtful choices about the use of their personal information online. This paper proposes a database framework that allows users express their privacy preferences in detail, so that web applications can protect data privacy and manage personal information more securely. We tested the framework and results showed that it can be a simple and effective alternative, avoiding using complex and expensive solutions.

show abstract

Section: The Database Frameworkmentioning

confidence: 99%

Section: Privacy Policiesmentioning

confidence: 99%

Section: Privacy Policiesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Database Framework for Expressing and Enforcing Personal Privacy Preferences

Basso

Piardi²,

Moraes³

et al. 2015

Anais Do XVI Workshop De Testes E Tolerância a Falhas (WTF 2015)

View full text Add to dashboard Cite

show abstract

“…The work presented by Basso et al (2013) proposes a policy model for data privacy protection and a mechanism as a protection layer, which is independent of the web application. The mechanism aims to enforce different policies derived from the model.…”

Section: Background and Related Workmentioning

confidence: 99%

A Test Process Model to Evaluate Performance Impact of Privacy Protection Solutions

Mello

Basso²,

Moraes³

2014

Anais Do XV Workshop De Testes E Tolerância a Falhas (WTF 2014)

View full text Add to dashboard Cite

Organizational Information Systems (IS) collect, store, and manage personal information through web applications and services. Due to regulation laws and to protect the privacy of clients, such information must be kept private. Some solutions were developed to protect privacy personal information. Obviously, this additional resource will produce a performance impact and evaluating it is essential to determine the feasibility of the solution. This paper presents a process model to evaluate the performance impact introduced by privacy protection solutions in web applications. Case study shows the tests were useful to identify the conditions in which the solution under evaluation is able to work with minimal performance impact.

show abstract