DPAC: A New Data-Centric Privacy-Preserving Access Control Model
Xu Wang, Baihe Ma, Ren Ping Liu, Ian Oppermann
Provable and Practical Security: 18th International Conference, ProvSec 2024
Access Control (AC) is a critical technology for protecting privacy in data sharing. Various AC models have been developed, but they generally focus on individual data instances without addressing the challenges posed by diverse data presentations and their associated privacy levels. This paper introduces a novel Data-centric, Privacy-preserving Access Control (DPAC) model to address this issue. The DPAC model enables the representation of a single piece of data in multiple views, each customized for specific applications, thus promoting a unified approach to data-centric privacy protection and controlled data processing and sharing. To support the DPAC model, we propose a new data product policy scheme that includes a data product creation function, sensitivity assessments, and a set of Attribute-Based Access Control (ABAC) policies. The data product policy scheme effectively manages privacy risks, access requirements, and control policies within a cohesive policy framework. To demonstrate the functionality of the DPAC model, we develop a Secure Multi-Organization Data Sharing (SMODS) platform and design data product policies for collaborative emergency response scenarios. This implementation showcases the effectiveness of DPAC in managing privacy risks during data sharing and the adaptability and practical utility in real-world applications.