An XML-based Policy Model for Access Control in Web Applications

Authors

Abstract

Organizational Information Systems (IS) collect, store, and manage personal and business data. Due to regulation laws and to protect the privacy of users, clients, and business partners, these data must be kept private. This paper proposes a model and a mechanism that allows defining access control policies based on the user profile, the time period, the mode and the location from where data can be accessed. The proposed policy model is simple enough to be used by a business manager, yet it has the flexibility to define complex restrictions. At runtime, a protection layer monitors data accesses and enforces existing pol-icies. A prototype tool was implemented to run an experimental evaluation, which showed that the tool is able to enforce access control with minimal per-formance impact, while assuring scalability both in terms of the number of us-ers and the number of policies.

Keywords

Access control, Policy, Data privacy, Security

Subject

Privacy Control

Related Project

Menon@WS - Methodologies for the Development of Non-Vulnerable Web Services

Conference

24th International Conference on Database and Expert Systems Applications (DEXA '13) 2013

DOI