A Framework for Composition and Enforcement of Privacy-Aware and Context-Driven Authorization Mechanism for Complex Systems
Security and privacy of complex systems is a concern due to proliferation of cyber based technologies. Several researchers have pointed out that for the proper enforcement of privacy rules in a complex system, the privacy requirements should be captured in access control systems. In this paper, the authors present a framework for composition and enforcement of context-aware rules for such systems. The focus of this paper is the design of a system to allow a user (not a system or security administrator) to compose conflict free access control policies for his or her on-line assets. An additional requirement in this case is that such a policy be context-aware.