CBAC – a model for conflict-based access control

Show simple item record

dc.contributor.advisor Eloff, Jan H.P. en
dc.contributor.postgraduate Loock, Marianne en
dc.date.accessioned 2013-09-06T21:14:47Z
dc.date.available 2013-06-27 en
dc.date.available 2013-09-06T21:14:47Z
dc.date.created 2013-04-09 en
dc.date.issued 2012 en
dc.date.submitted 2013-06-10 en
dc.description Thesis (PhD)--University of Pretoria, 2012. en
dc.description.abstract Organisations that seek a competitive advantage cannot afford to compromise their brand reputation or expose it to disrepute. When employees leek information, it is not only the breach of confidentiality that is a problem, but it also causes a major brand reputation problem for the organisation. Any possible breach of confidentiality should be minimised by implementing adequate security within the organisation and among its employees. An important issue to address is the development of suitable access control models that are able to restrict access not only to unauthorised data sets, but also to unauthorised combinations of data sets. Within organisations such as banks, clients may exist that are in conflict with one another. This conflict results from the fact that clients are functioning in the same business domain and that their information should be shielded from one another because they are in competition for various reasons. When information on any of these conflicting clients is extracted from their data sets via a data-mining process and used to their detriment or to the benefit of the guilty party, this is considered a breach of confidentiality. In data-mining environments, access control usually strips the data of any identity so as to concentrate on tendencies and ensure that data cannot be traced back to a respondent. There is an active research field in data mining that focuses specifically on ‘preserving’ the privacy of the data during the data-mining process. However, this approach does not account for those situations when data mining needs to be performed to give answers to specific clients. In such cases, when the clients’ identity cannot be stripped, it is essential to minimise the chances of a possible breach of confidentiality. For this reason, this thesis investigated an environment where conflicting clients’ information can easily be gathered and used or sold, as to justify the inclusion of conflict management in the proposed access control model. This thesis presents the Conflict-based Access Control (CBAC) model. The model makes it possible to manage conflict on different levels of severity among the clients of an organisation – not only as specified by the clients, but also as calculated by the organisation. Both types of conflict have their own cut-off points when the conflict is considered to be of no value any longer. Finally, a proof-of-concept prototype illustrates that the incorporation of conflict management is a viable solution to the problem of access control as it minimises the chances of a breach of confidentiality en
dc.description.availability unrestricted en
dc.description.department Computer Science en
dc.identifier.citation Loock, M 2012, CBAC – a model for conflict-based access control, PhD thesis, University of Pretoria, Pretoria, viewed yymmdd < http://hdl.handle.net/2263/25423 > en
dc.identifier.other D13/4/733/ag en
dc.identifier.upetdurl http://upetd.up.ac.za/thesis/available/etd-06102013-092546/ en
dc.identifier.uri http://hdl.handle.net/2263/25423
dc.language.iso en
dc.publisher University of Pretoria en_ZA
dc.rights © 2012 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. en
dc.subject Competitive advantage en
dc.subject Conflict-based access control en
dc.subject Confidentiality en
dc.subject UCTD en_US
dc.title CBAC – a model for conflict-based access control en
dc.type Thesis en


Files in this item

This item appears in the following Collection(s)

Show simple item record