Credential purpose-based access control for personal data protection in web-based applications

Web-based applications enable users to carry out their business transactions virtually at any time and place whereby users are required to disclose almost all their personal information which result in greater risks of information disclosure. Therefore, protecting personal information is of utmost i...

Full description

Saved in:
Bibliographic Details
Main Author: Abdul Ghani, Norjihan
Format: Thesis
Language:English
Published: 2013
Subjects:
Online Access:http://eprints.utm.my/id/eprint/34597/5/NorjihanAbdulGhaniPFSKSM2013.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-utm-ep.34597
record_format uketd_dc
spelling my-utm-ep.345972017-07-19T07:18:22Z Credential purpose-based access control for personal data protection in web-based applications 2013-04 Abdul Ghani, Norjihan QA75 Electronic computers. Computer science Web-based applications enable users to carry out their business transactions virtually at any time and place whereby users are required to disclose almost all their personal information which result in greater risks of information disclosure. Therefore, protecting personal information is of utmost importance. Enforcing personal information protection in databases requires controlled access to systems and resources and granted only to authorized users. Traditional access control systems cannot be used in achieving full personal data protection. Current purposebased access control systems provide insufficient protection of personal data especially in web-based applications. This is mainly due to the absence of user authentication in these systems and the fact that data subjects have less control over their information. This research is an effort to overcome this problem in which the Credential Purpose-Based Access Control (CrePBAC) system is introduced. This system implements a two-phase security and an access control mechanism with a model and security policy implementation. The two-phase security model involves user authentication using personal credential and data authorization based on purpose. The organization’s security and privacy policies are implemented using metadata technique in Hippocratic Databases. The metadata technique utilizes a data labeling scheme based on purpose and control data access through query modification. The model and mechanism were successfully implemented. The results from the two types of case studies tested showed that the access control mechanism provides users with more rights and control over their data. In conclusion, this research has introduced a new approach in purpose-based access control with a two-phase security model and mechanism that provides greater control for personal data protection in web-based applications. 2013-04 Thesis http://eprints.utm.my/id/eprint/34597/ http://eprints.utm.my/id/eprint/34597/5/NorjihanAbdulGhaniPFSKSM2013.pdf application/pdf en public http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:69565?site_name=Restricted Repository phd doctoral Universiti Teknologi Malaysia, Faculty of Computing Faculty of Computing
institution Universiti Teknologi Malaysia
collection UTM Institutional Repository
language English
topic QA75 Electronic computers
Computer science
spellingShingle QA75 Electronic computers
Computer science
Abdul Ghani, Norjihan
Credential purpose-based access control for personal data protection in web-based applications
description Web-based applications enable users to carry out their business transactions virtually at any time and place whereby users are required to disclose almost all their personal information which result in greater risks of information disclosure. Therefore, protecting personal information is of utmost importance. Enforcing personal information protection in databases requires controlled access to systems and resources and granted only to authorized users. Traditional access control systems cannot be used in achieving full personal data protection. Current purposebased access control systems provide insufficient protection of personal data especially in web-based applications. This is mainly due to the absence of user authentication in these systems and the fact that data subjects have less control over their information. This research is an effort to overcome this problem in which the Credential Purpose-Based Access Control (CrePBAC) system is introduced. This system implements a two-phase security and an access control mechanism with a model and security policy implementation. The two-phase security model involves user authentication using personal credential and data authorization based on purpose. The organization’s security and privacy policies are implemented using metadata technique in Hippocratic Databases. The metadata technique utilizes a data labeling scheme based on purpose and control data access through query modification. The model and mechanism were successfully implemented. The results from the two types of case studies tested showed that the access control mechanism provides users with more rights and control over their data. In conclusion, this research has introduced a new approach in purpose-based access control with a two-phase security model and mechanism that provides greater control for personal data protection in web-based applications.
format Thesis
qualification_name Doctor of Philosophy (PhD.)
qualification_level Doctorate
author Abdul Ghani, Norjihan
author_facet Abdul Ghani, Norjihan
author_sort Abdul Ghani, Norjihan
title Credential purpose-based access control for personal data protection in web-based applications
title_short Credential purpose-based access control for personal data protection in web-based applications
title_full Credential purpose-based access control for personal data protection in web-based applications
title_fullStr Credential purpose-based access control for personal data protection in web-based applications
title_full_unstemmed Credential purpose-based access control for personal data protection in web-based applications
title_sort credential purpose-based access control for personal data protection in web-based applications
granting_institution Universiti Teknologi Malaysia, Faculty of Computing
granting_department Faculty of Computing
publishDate 2013
url http://eprints.utm.my/id/eprint/34597/5/NorjihanAbdulGhaniPFSKSM2013.pdf
_version_ 1747816213208104960