ACM Computing Surveys 28A(4), December 1996, http://www.acm.org/surveys/1996/Formatting/. Copyright © 1996 by the Association for Computing Machinery, Inc. See the permissions statement below.
With rapid advancements in computer and network technology, it is possible for an organization to collect, store, and retrieve vast amounts of data of all kinds quickly and efficiently. Databases of today no longer contain only data used for day-to-day data processing; they have become information systems that store everything, vital or not to an organization. Information is of strategic and operational importance to any organization; if the concerns related to security are not properly resolved, security violations may lead to losses of information that may translate into financial losses or losses whose values are obviously high but difficult to quantify (e.g., national security). At the same time, these large information systems represent a threat to the privacy of individuals since they contain a great amount of detail about individuals. Admittedly, the information collection by an organization is essential for conducting its business; however, indiscriminate collection and retention of data represents an extraordinary intrusion on privacy of individuals.
The privacy protection is both a personal and fundamental right of all individuals. Individuals have a right to expect that organizations will keep personal information confidential. One way to ensure this is to require that organizations will collect, maintain, use, and disseminate identifiable personal information and data only as necessary to carry out their functions. In U.S., the Federal privacy policy is guided by two key legislations: Freedom of Information Act of 1966 and The Privacy Act of 1974.
High-level objectives of security are well-known: (1) Secrecy (or confidentiality) which is concerned with unauthorized disclosure of information, (2) Integrity which is concerned with unauthorized modification of information or processes, and (3) Availability which is concerned with improper denial of access to information.
Less well-known are the basic principles for achieving information privacy. They are are follows: (1) Proper acquisition and retention is concerned with what information is collected and after it is collected how long it is retained by an organization. (2) Integrity is concerned with maintaining information on individuals that is correct, complete, and timely. The source of the information should be clearly stated, especially when the information is based on indirect sources. (3) Aggregation and derivation of data is concerned with ensuring that any aggregation or derivations performed by an organization on its information are necessary to carry out its responsibilities. Aggregation is the combining of information from various sources. Derivation goes one step further; it uses different pieces of data to deduce or create new or previously unavailable information from the aggregates. (4) Information Sharing is concerned with authorized or proper disclosure of information to outside organizations or individuals. Information should be disclosed only when authorized specifically and solely for the limited use specified. (5) Proper Access is concerned with limiting access to information and resources to authorized individuals who have a demonstrable need to perform official duties. Thus, information should not disclosed to those that either are not authorized or do not have a need-to-know (even if they are authorized).
Information servers such as the World Wide Web support quick and efficient access to a large number of distributed, but interlinked, information sources. As the amount of information to be shared grows, the need to restrict access only to specific users or for specific usage will surely arise. The protection of information, however, is difficult because of the peculiarity of the hypertext paradigm which is generally used to represent the information, together with the fact that related objects in a hypertext are often distributed at different sites. Very few hypertext systems provide some form of protection, and the ones that do provide it enforce a very primitive form of authorization specification and control. There are several issues related to access control in distributed hypertext systems including (1) formulation of an authorization model for a hypertext system, (2) extension of the model to take distribution aspects into consideration, (3) investigation of different policies for the administration of authorizations, and (4) investigation of credential-based access control policies.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept, ACM Inc., fax +1 (212) 869-0481, or permissions@acm.org.