Universiti Teknologi Malaysia Institutional Repository

Credential purpose-based access control for personal data protection in web-based applications

Abdul Ghani, Norjihan (2013) Credential purpose-based access control for personal data protection in web-based applications. PhD thesis, Universiti Teknologi Malaysia, Faculty of Computing.

[img]
Preview
PDF
408kB

Official URL: http://dms.library.utm.my:8080/vital/access/manage...

Abstract

Web-based applications enable users to carry out their business transactions virtually at any time and place whereby users are required to disclose almost all their personal information which result in greater risks of information disclosure. Therefore, protecting personal information is of utmost importance. Enforcing personal information protection in databases requires controlled access to systems and resources and granted only to authorized users. Traditional access control systems cannot be used in achieving full personal data protection. Current purposebased access control systems provide insufficient protection of personal data especially in web-based applications. This is mainly due to the absence of user authentication in these systems and the fact that data subjects have less control over their information. This research is an effort to overcome this problem in which the Credential Purpose-Based Access Control (CrePBAC) system is introduced. This system implements a two-phase security and an access control mechanism with a model and security policy implementation. The two-phase security model involves user authentication using personal credential and data authorization based on purpose. The organization’s security and privacy policies are implemented using metadata technique in Hippocratic Databases. The metadata technique utilizes a data labeling scheme based on purpose and control data access through query modification. The model and mechanism were successfully implemented. The results from the two types of case studies tested showed that the access control mechanism provides users with more rights and control over their data. In conclusion, this research has introduced a new approach in purpose-based access control with a two-phase security model and mechanism that provides greater control for personal data protection in web-based applications.

Item Type:Thesis (PhD)
Additional Information:Thesis (Ph.D (Sains Komputer)) - Universiti Teknologi Malaysia, 2013; Supervisors : Assoc. Prof. Dr. Harihodin Selamat, Assoc. Prof. Dr. Zailani Mohamed Sidek
Uncontrolled Keywords:data protection, information technology, security measures
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Computing
ID Code:34597
Deposited By: Kamariah Mohamed Jong
Deposited On:19 Mar 2014 08:16
Last Modified:19 Jul 2017 07:18

Repository Staff Only: item control page