Research On Specification Of A Privacy Aware Access Control Model

With the continuous development of information technology,people pay more and more attention to privacy.Privacy leakage has become a key problem that restricts the further development of Internet technology.When users use different kinds of convenient services on the Internet,they need to provide personal privacy information to the service provider.These services should not only meet the user's functional requirements,but also need to meet the user's non-functional requirements,such as meeting the user's privacy preferences.It is well known that many malicious services on the network will intentionally gain the user's privacy information to obtain profit.It is clear that the reputation of these services is low.Therefore,the reputation of the service can be taken into account,if a user continues to provide privacy information to complete the service.Access control is a method of authentication and authorization to protect information's security.We extend the privacy semantics,before runtime,an enforceable privacy policy is generated to meet the requirements.While running,privacy information is protected by the purpose and reputation access control model.The main contents of this thesis are as follows:(1)A requirement based privacy policy and preference specification method is proposed.The privacy policy of data users and privacy preferences of data owners are taking into account.Based on the privacy requirement detection framework,a privacy protection policy that can be enforced by access control is generated.(2)A method of privacy modeling and authorization based on purpose and reputation is proposed.Based on the purpose access control model,this method extends the concept of reputation,and proposes an access control model based on the intended purpose and the intended reputation.The authorization decision is made according to the analysis algorithm of the reputation analyzer.(3)The PPPAT and PuReACAPT have been designed and implemented.The feasibility and effectiveness of the proposed theory and method are illustrated through examples of privacy policy text analysis,privacy preference specification,and privacy protection based on purpose and reputation.