Beyond Access: Using Abac Frameworks to Implement Privacy and Security Policies

Amanda Walker, Nuna, Inc.


Over the last several decades, access control systems have evolved steadily from a single bits (“write protect”) through identity and role based approaches to complex, abstract frameworks such as Attribute Based Access Control (ABAC). However, in use they are most often used to answer traditional question of read and write access. In this talk, I will explore how frameworks like ABAC can be used to implement more abstract controls and policies such as purpose constraints and other data handling policies that need to depend on attributes of the data, the code, and surrounding context.

Amanda Walker[node:field-speakers-institution]

Amanda headed up privacy infrastructure engineering at Google for many years, leading and managing teams that built APIs, services, and other components used by Google’s product teams to solve privacy related problems. In 2019, she left Google to take up a new challenge as Vice President Engineering for Nuna, Inc., a health care data analytics company that builds data-driven platforms to support value-based health care.
@inproceedings {257947,
author = {Amanda Walker},
title = {Beyond Access: Using Abac Frameworks to Implement Privacy and Security Policies},
booktitle = {2020 {USENIX} Conference on Privacy Engineering Practice and Respect ({PEPR} 20)},
year = {2020},
url = {},
publisher = {{USENIX} Association},
month = oct,

Presentation Video