Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 32727
A Purpose Based Usage Access Control Model

Authors: Lili Sun, Hua Wang


As privacy becomes a major concern for consumers and enterprises, many research have been focused on the privacy protecting technology in recent years. In this paper, we present a comprehensive approach for usage access control based on the notion purpose. In our model, purpose information associated with a given data element specifies the intended use of the subjects and objects in the usage access control model. A key feature of our model is that it allows when an access is required, the access purpose is checked against the intended purposes for the data item. We propose an approach to represent purpose information to support access control based on purpose information. Our proposed solution relies on usage access control (UAC) models as well as the components which based on the notions of the purpose information used in subjects and objects. Finally, comparisons with related works are analyzed.

Keywords: Purpose, privacy, access control, authorization

Digital Object Identifier (DOI):

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1822


[1] Agrawal, R., Kiernan J., Srikant R. and Xu Y. (2002): Hippocratic databases. Proc. 28th Int-l Conf. on Very Large Data Bases. Hong Kong, China, 143-154.
[2] Bertion, E., Byun, J.-W. and Li, N. (2005): Privacy-preserving database systems. Lecture Notes in Computer Science. Springer Berlin, Heidelberg, 178-206.
[3] Bertion, E. and Ferrari E. (2002): Secure and selective dissemination of xml documents. ACM trans, Inf. Syst. Secure., 5(3):290-331.
[4] Bertion, E. and Sandhu, R. (2005): Database security-concepts, approaches, and challenges. IEEE Transactions on Dependable and Secure Computing. 02(1), 2-19.
[5] Byun, J.-W., Bertion, E. and Li, N. (2005): Purpose based access control of complex data for privacy protection. ÔÇÿSACMAT-05: Proceedings of tenth ACM symposium on Access control models and technologies. ACM. New York, NY, USA, 102-110.
[6] Byun, J.-W. and Li, N. (2004): Purpose-based access control for privacy protection in relational database systems. Technical Report 2004-52. Purdue University.
[7] Cao, J., Sun, L. and Wang, H. (2005): Towards secure xml documents with usage control. Lecture Notes in Computer Science. 3399, 296-307.
[8] Damiani, E., Paraboschi, S. and Samarati, P. (2002): A fine-grained access control system for xml documents. ACM Trans. Inf. Syst. Secur., 5(2):169-202.
[9] Park, J. and Sandhu, R. (2002): Towards usage control models: beyond traditional access control. In Proceedings of the seventh ACM symposium on Access control models and technologies, page 57-64. ACM Press.
[10] Park, J., Sandhu, R., and Schifalacqua, J. (2003): Security architectures for controlled digital information dissemination. In Proceedings of 16th Annual Computer Security Application Conference, December 2003.
[11] Rabitti, F., Bertino, E., Kim, W. and Woelk, D. (1991): A model of authorization for next-generation database systems. In ACM Transactions on Database Systems (TODS).
[12] Sandhu, R. and Park, J. (2003): Usage control: A vision for next generation access control. In MMM-ACNS 2003, 17-31, Springer-Verlag Berlin Heideberg.
[13] Sun, L. and Li, Y. (2006): DTD level authorization in xml documents with usage control. In International Journal of Science Network Security, 244-250(6).
[14] Sun, L. and Li, Y. (2007): XML schems in xml documents with usage control. In International Journal of Science Network Security, 170- 177(6).
[15] Sun, L. and Li, Y. (2008): Using usage control to access xml database, International Journal of Information Systems in the Service Sector, 32- 44(1).
[16] Wang, H., Cao, J. and Zhang, Y. (2005): A flexible payment scheme and its role based access control. IEEE Transactions on knowledge and Data Engineering. 17(3), 425-436.
[17] Wang, H., Cao, J. and Zhang, Y. (2008): Access control management for ubiquitous computing. Future Generation Computer Systems journal. 870-878(24).
[18] Wang, H., Cao, J. and Zhang, Y. (2006): Ubiquitous computing environments and its usage access control, Proceedings of the First International Conference on Scalable Information Systems. ACM Press, Hong Kong, China, 72-81.
[19] World Wide Web Consortium (W3C). Platform for Privacy Preferences (P3P). Available at
[20] Zhang, X., Park, J. and Parisi-Presicce, F. (2004): A logical specification for usage control. In SACMAT-4. ACM Press.
[21] Zhang, X., Park, J. and Sandhu, R. (2003): Schema based xml security: Rbac approach. In Proceedings of the IFIP WG. ACM Press.