Abstract: With the release of the privacy data access guidelines by industries， such as HIPAA and OECD guidelines， the access control of privacy data has recently become a hot research topic in the area of privacy data management. The role-based access control mechanism and view-based access control mechanism in a relational database only support the controls for users’ access permissions， but they don’t solve the problems of privacy-aware access control. The key elements for describing privacy data are the hierarchical structure of data purpose. Several purpose-based access control models presented currently have two shortcomings： The redundancy of privacy policies and the query results not maximized. This paper proposes a novel purpose-based relational database access control model R-PAACEE （privacy-aware access control enforcement engine）， which can reduce the redundancy of privacy policies by constructing the concept hierarchy of privacy policies and describing them with ordered tuples. The paper also presents a query-rewritten algorithm for separating the private and non-private attributes， which can maximize the query results. The experimental results show that for a query related to privacy data， a database management system with R-PAACEE can achieve good query performance.

Key words: data purpose, privacy preservation, privacy-aware access control, meta data

摘要： 随着各行业对隐私数据访问指导规范的颁布，如HIPAA、OECD，隐私数据的访问控制逐渐成为隐私数据管理领域的一个研究热点。关系数据库中基于角色和视图的访问控制机制实现了对用户访问权限的控制，但是不能解决面向隐私的访问控制问题。隐私数据描述的关键元素是具有层次结构的data purpose，而已有的基于data purpose的访问控制模型具有隐私策略冗余和没有考虑返回结果最大化的缺点。提出了一种新的基于purpose的隐私数据访问控制机制（R-PAACEE），通过对data purpose的概念分层，用二元组数据结构描述data purpose的层次数据模式，减少了隐私策略冗余，进而提出分离隐私与非隐私属性的查询重写算法，实现了查询返回结果的最大化。实验结果表明，针对隐私数据的查询访问，已加载R-PAACEE的数据库管理系统能够获得较好的查询效率。

关键词: 数据访问目的, 隐私保护, 隐私访问控制, 元数据