Contextual Privacy Management in Extended Role Based Access Control Model

  • Nabil Ajam
  • Nora Cuppens-Boulahia
  • Fréderic Cuppens
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5939)


Typically, informational privacy aims to protect personal data from unauthorized access. In this paper, we propose to use the OrBAC model enhanced by some concepts to model privacy policies. We will take into account the concepts of consent, accuracy, purposes of the access and provisional obligation within role-based access control model.

First, we focus on modelling of the requirement of the data owner consent before delivering the sensitive data. The subscriber defines that he must be notified before terminating the access. The access is delayed until the satisfaction of this condition.

On the other hand, the accuracy of the sensitive data is usually underestimated within privacy models. We design an object hierarchy based on predefined accuracy levels. For this, we propose a derivation rule of sensitive objects. So, data owner can define authorisations based on different object accuracies.

Furthermore, access control models usually permit the access to the stored data based on the role of the requester. We propose to extend this concept to take into account the purpose of the access. For this, we take advantage of the OrBAC user-declared context.

Finally, we propose in this work to model the provisional obligations after accessing personal information. Third parties must notify data controller about further usage over collected data.

To validate our approach, we show how the resulting model can be used to model the privacy policy for a location-based service. This can be applied within a mobile operator organization.


Privacy privacy model access control model consent obligation purpose accuracy 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [3GPPa]
    3rd Generation Partnership Project: Open Service Access; Application Programming Interface (API); Part 3: Framework, 3GPP TS 29.198-3Google Scholar
  2. [Audy 06]
    Audy, S.: Le respect de la vie privée et la protection de la confidentialitéen recherche. Comité de liaison en éthique de la recherche de l’Université de Montréal (CLERUM), Canada, Mars (2006)Google Scholar
  3. [Byun et al 2005]
    Byun, J., Bertino, E., Li, N.: Purpose Based Access Control for Complex Data for Privacy Protection. In: SACMAT, Stockholm, Sweden (2005)Google Scholar
  4. [Cuppens 2007]
    Cuppens, F., Cuppens-Boulahia, N.: Modeling Contextual Security Policies. International Journal of Information Security (2007)Google Scholar
  5. [Cuppens and Miège 2004]
    Cuppens, F., Miège, A.: An Administration Model for OrBAC. International Journal of Computer Systems Science and Engineering (May 2004)Google Scholar
  6. [Gedik and Liu]
    Gedik, B., Liu, L.: Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms. IEEE Transactions on Mobile Computing (2007)Google Scholar
  7. [Masoumzadeh and Joshi 2008]
    Masoumzadeh, A., Joshi, J.B.D.: PuRBAC: Purpose-Aware Role-Based Access Control. In: OTM, Mexico (2008)Google Scholar
  8. [Ni et al 2007]
    Qui Ni, A., Trombetta, E., Bertino, J.: Privacy-aware Role Based Access Control. In: 12th ACM symposium on Access control models and technologies (2007)Google Scholar
  9. [Yang et al 2008]
    Yang, N., Barringer, H., Zhang, N.: A Purpose-Based Access Control Model. Journal of Information Assurance and Security (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Nabil Ajam
    • 1
  • Nora Cuppens-Boulahia
    • 1
  • Fréderic Cuppens
    • 1
  1. 1.LUSSI DepartmentInstitut Télécom Télécom Bretagne

Personalised recommendations