Preprint Article Version 1 Preserved in Portico This version is not peer-reviewed

Ethical Access Control in the Era of Data Breaches

Version 1 : Received: 22 August 2019 / Approved: 23 August 2019 / Online: 23 August 2019 (09:44:53 CEST)

How to cite: Kayes, A.S.M.; Chowdhury, M.J.M.; Mohammed, F.; Ng, A.; Watters, P.; Scolyer-Gray, P. Ethical Access Control in the Era of Data Breaches. Preprints 2019, 2019080239. https://doi.org/10.20944/preprints201908.0239.v1 Kayes, A.S.M.; Chowdhury, M.J.M.; Mohammed, F.; Ng, A.; Watters, P.; Scolyer-Gray, P. Ethical Access Control in the Era of Data Breaches. Preprints 2019, 2019080239. https://doi.org/10.20944/preprints201908.0239.v1

Abstract

The worldwide interconnected objects, called Internet of Things (IoTs), have been increasingly growing in the last several years. Different social media platforms and devices are continuously generating data about individuals and facilitate the technological and the social convergence of their Internet-based data and services with globalized users. These social and device-related IoTs create rooms for data breaches as such platforms provide ability to collect private and sensitive data. We assert that data breaches are fundamentally failures of access control - most users are too busy or technically ill-equipped to understand access control policy expressions and decisions. We argue that this is symptomatic of globalised societies structured by the conditions of algorithmic modernity; an era in which our data is increasingly interdependent on, and enmeshed with, ever more complex systems and processes that are vulnerable to attack. Ethically managing data breaches is now too complex for current access control systems, such as Role-Based Access Control (RBAC) and Context-Aware Access Control (CAAC). These systems do not provide an explicit mechanism to engage in decision making processes, about who should have access to what data and when, that are involved in data breaches. We argue that a policy ontology will contribute towards the development of Ethical CAAC better suited to attributing accountability for data breaches in the context of algorithmic modernity. We interrogate our proposed Ethical CAAC as a theoretical construct with implications for future policy ontology models and data breach countermeasures. An experimental study on the performance of the proposed framework is carried out with respect to a more generic CAAC framework.

Keywords

Ethical access control; Context-aware access control; Data breaches; Responsibility model; Policy model; Cost model

Subject

Computer Science and Mathematics, Information Systems

Comments (0)

We encourage comments and feedback from a broad range of readers. See criteria for comments and our Diversity statement.

Leave a public comment
Send a private comment to the author(s)
* All users must log in before leaving a comment
Views 0
Downloads 0
Comments 0
Metrics 0


×
Alerts
Notify me about updates to this article or when a peer-reviewed version is published.
We use cookies on our website to ensure you get the best experience.
Read more about our cookies here.