Abstract: Most of existing access control systems only pay attention to whether visitors are legal, without considering whether the privacy information of visitors is disclosed too much. If someone’s privacy information is purposefully acquired, he may encounter threats or fraud, but this is difficult to be recognized and blocked by traditional access control system. In order to solve the problem, this paper proposes an ontology based access control system that can protect user’s privacy information. The system has a privacy ontology, which not only quantifies the degree of privacy disclosure, then makes decisions from the perspective of privacy protection, but also provides the possibility of reasoning and eliminating redundancy for access control rules. This system allows user to protect his privacy information from two aspects：defining threshold and defining rules, which is flexible and friendly. Experimental results show that the access control system proposed in this paper can achieve the purpose of protecting user privacy.

Key words: access control, ontology, privacy protection

摘要： 现有的访问控制系统大多只考虑访问者是否合法，而不考虑访问过程中被访问者的隐私信息是否泄漏过多，这将造成一些隐患。为了解决这个问题，提出了一个基于本体的、可以保护用户隐私信息的访问控制系统。该系统拥有一个隐私本体，不仅可以对隐私泄露程度进行量化，进而从保护隐私的角度给出决策，还为访问控制规则的推理、去冗余提供了可能。该系统允许用户从定义阈值和定义规则两方面来保护自己的隐私信息，且定义方式较为友好。实验结果显示，提出的访问控制系统能达到灵活保护用户隐私的目的。

关键词: 访问控制, 本体, 隐私保护