Efficient enforcement of action-aware purpose-based access control within relational database management systems - Extended Abstract

Although database management systems (DBMSs) enforce access control according to a variety of models (see [2] for an overview), the majority of them do not integrate native privacy protection mechanisms. This void has been partially filled out with the advent of purpose based access control, as this access control model has brought to the integration of basic privacy preservation functionalities into DBMSs. Even though purposes represent a key feature of privacy policies, DBMSs' privacy awareness can be significantly increased considering additional privacy related aspects. With this work we do a step to achieve this goal by focusing on the actions performed by queries on data and the categories of the accessed data. We propose an access control model that supports highly customized privacyaware access control policies and significantly improves the basic privacy preservation capabilities of the purpose based model. The proposed model is complemented with an efficient enforcement monitor, which can be easily integrated into relational DBMSs. Early experimental evaluations show the efficiency of the proposed framework.