| With the rise of distributed computing technology, internetapplications based on cloud computing services and virtualizationtechnology has been widely spread, which dramatically changed the wayhow computer store its resources. For example, social networking andcloud storage services make people tend to share their personalinformation and store it in the network. However, when data is beingshared, how to protect privacy information has become an acute problem.Although current access control system is capable of providing datasecurity protection, legal access requester may access more informationthan what the data owner want to show, while other legal visitors may leakinformation to illegal requesters. That’s why how to describe andformalize privacy policies has become a research point. Policy combiningand policy integration mechanism is one of the main fields in the research.In this paper, we first extend the SPL policy language which base onthe Common Information Model. Purpose and Obligation are added intoprivacy policy language, which are closely related to privacy protection.We describe its policy model and design the grammar of privacy policy inorder that the extend SPL policy language can be used to describe privacypolicy which comes from the privacy protection access control model.After that, we implement the policy language and build an access controlsystem which can make policy decision and policy execution according tothe request.Policy combining algebra is a formal description of policy combiningrules. After privacy protection policy language has been designed andimplemented, we design a policy combing algebra PCAO in which obligation is considered as an important role. In this algebra, obligationscan be operated by set operators according to the policy combing operators,and policy expressions can be used to describe a variety of policycombining rules. Each policy combining rule can be described by a policyexpression.Since the introduction of obligation set, the traditional completeness isno longer suitable for PCAO. In this paper, we present the concept ofconstraint-completeness which means whether the algebra is expressiveand we proved that PCAO is constraint-complete. In addition, we designtwo indicators which can quantify the expressiveness of policy combiningalgebra. These two indicators can be taken as criteria when we design apolicy combining algebra in the future.At last, we integrate PCAO with Sun’s XACML and implement theprivacy policy combining system. The system is based on XACML policylanguage, and has three modules, which are policy analyzing module,policy expression transformation module and policy evaluation module.We show that PCAO is correct and implementable by an applicationexample. |
PDF Full Text Request