Karabatis, GeorgeJohnson, Shawn2021-01-292021-01-292019-01-0112041http://hdl.handle.net/11603/20648Current access control systems use static access control rules to enforce access to an object by checking appropriate permissions and then either granting or denying an access request. However, they are not flexible at all, therefore they are unable to incorporate and respond to a purpose of finer granularity, such as when a user may wish to automatically limit access to a database when individuals have some (one or more) suspected occurrences of mishandling personally identifiable information (PII) within an organization. The goal of this work is to create a purpose-based access control enforcement framework that adapts to changes in a system's environment based on the preferences of an information owner. This work enables an adaptive enforcement of access control in a system by adjusting and responding to changes in one's environment based on a set of user preferences. This work also enables accurate stateful characterization of access control enforcement rules and gives users a more fine-grained access control to a system compared to existing access control models. The impact of this work is an increase in the security outcomes of access control models and systems due to the incorporation of contextual personalization of the approach.application:pdfText