Risk-aware access control systems grant or deny access to resources based on some notion of risk. In this paper we propose a model that considers the risk of leaking privacy-critical information when querying, e.g., datasets containing personal information. While querying databases containing personal information it is current practice to assign all-or-nothing access to avoid the disclosure of sensitive information. Using our model, access-control decisions are based on the disclosure-risk associated with a data access request and, differently from existing models, we include adaptive anonymization operations as risk-mitigation methods. By applying these operations, a request that would otherwise be rejected, is permitted after reducing the risk associated with the returned dataset.
CITATION STYLE
Armando, A., Bezzi, M., Metoui, N., & Sabetta, A. (2015). Risk-aware information disclosure. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8872, pp. 266–276). Springer Verlag. https://doi.org/10.1007/978-3-319-17016-9_17
Mendeley helps you to discover research relevant for your work.