Technological innovations like social networks, personal devices and cloud computing, allow users to share and store online a huge amount of personal data. Sharing personal data online raises significant privacy concerns for users, who feel that they do not have full control over their data. A solution often proposed to alleviate users' privacy concerns is to let them specify access control policies that reflect their privacy constraints. However, existing approaches to access control often produce policies which either are too restrictive or allow the leakage of sensitive information. In this paper, we present a novel access control model that reduces the risk of information leakage. The model relies on a data model which encodes the domain knowledge along with the semantic relations between data. We illustrate how the access control model and the reasoning over the data model can be automatically translated in XACML. We evaluate and compare our model with existing access control models with respect to its effectiveness in preventing leakage of sensitive information and efficiency in authoring policies. The evaluation shows that the proposed model allows the definition of effective access control policies that mitigate the risks of inference of sensitive data while reducing users' effort in policy authoring compared to existing models.

Original languageEnglish
Title of host publicationSACMAT 2015 - Proceedings of the 20th ACM Symposium on Access Control Models and Technologies
PublisherAssociation for Computing Machinery (ACM)
Number of pages11
ISBN (Electronic)9781450335560
StatePublished - 1 Jun 2015
Event20th ACM Symposium on Access Control Models and Technologies, SACMAT 2015 - Vienna, Austria
Duration: 1 Jun 20153 Jun 2015


Conference20th ACM Symposium on Access Control Models and Technologies, SACMAT 2015

    Research areas

  • Comparison study, Inference control, Information leakage, Semantic approach, XACML

ID: 32864358