<![CDATA[Protection of Personally Identifiable Information (PII) is challenging for organisations. Access to sensitive resources, ie, databases and files, can be controlled and restricted by the Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC) and other access control models defined at the organisational level. This work proposes a lightweight on-device PII access control model based on the principle of preserving privacy at the source of data generation. The set of data shared by the user is converted into objects, and the object is treated as a resource to which RBAC, ABAC and Hybrid access controls are applied. Coarse-level access to a set of PII information, in the form of PII objects, on a user device is implemented using RBAC, while fine-grained access is defined and performed using ABAC. Hybrid access, which supports object and attribute-level access control using sensitivity, trust, and Time to Live (TTL) environment, was evaluated. The RBAC, ABAC, and Hybrid models are lightweight, highly reliable, scalable, and efficient to implement on user devices. Three models were tested for scalability up to 1000 objects and a corresponding number of attributes. This model mitigates the risk of PII exposure posed by the data-collecting organisation and enhances user consent for PII sharing.]]>
Copyrights © 2026
