Towards defining semantic foundations for purpose-based privacy policies

CODASPY'11 - Proceedings of the 1st ACM Conference on Data and Application Security and Privacy

Volumn , Issue , 2011, Pages 213-224

  Jafari, Mohammad ^a   Fong, Philip W L ^a   Safavi Naini, Reihaneh ^a   Barker, Ken ^a   Sheppard, Nicholas Paul ^b  

^a UNIVERSITY OF CALGARY   (Canada)

^b QUEENSLAND UNIVERSITY OF TECHNOLOGY   (Australia)

Author keywords

Access control; Modal logic; Privacy policy; Purpose

Indexed keywords

ACTION GRAPHS; BUSINESS PROCESS; BUSINESS SYSTEMS; FORMAL EXPRESSIONS; MODAL LOGIC; MODEL CHECKING ALGORITHM; PRIVACY POLICIES; PRIVACY POLICY; PURPOSE; SEMANTIC FOUNDATION; SEMANTIC MODEL;

ACCESS CONTROL; MODEL CHECKING; SECURITY SYSTEMS; SEMANTICS;

DATA PRIVACY;

EID: 79952805205     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1943513.1943541     Document Type: Conference Paper

References (28)

1. A. V. Aho, M. S. Lam, R. Sethi, and J. D. Ullman. Compilers: Principles, Techniques, and Tools, 2nd Edition. Addison-Wesley, 2006.
2. C. A. Ardagna, S. De Capitani di Vimercati, and P. Samarati. Enhancing user privacy through data handling policies. In Data and Applications Security, pages 224-236, Sophia Antipolis, France, 2006. (Pubitemid 44165890)
3. C. Baier and J.-P. Katoen. Principles of Model Checking. MIT Press, 2008.
4. T. D. Breaux and A. I. Antȯn. Deriving semantic models from privacy policies. In IEEE POLICY'05, pages 67-76, Stockholm, Sweden.
5. J.-W. Byun, E. Bertino, and N. Li. Purpose based access control of complex data for privacy protection. In SACMAT'05: Proceedings of the tenth ACM symposium on Access control models and technologies, pages 102-110, New York, NY, USA, 2005. ACM. (Pubitemid 43087467)
6. W. Cheung and Y. Gil. Towards privacy aware data analysis workows for e-science. In Proceedings of the 2007 Workshop on Semantic e-Science (SeS2007), Vancouver, Canada, pages 17-25, July 2007.
7. E. M. Clarke and E. A. Emerson. Design and synthesis of synchronization skeletons using branching-time temporal logic. In Logic of Programs, Workshop, pages 52-71, London, UK, 1982. Springer-Verlag.
8. L. L. Dimitropoulos. Privacy and Security Solutions for Interoperable Health Information Exchange. http://healthit.ahrq.gov/portal/server.pt/gateway/ PTARGS-0-241358-0-0-18/IAVR-ExecSumm.pdf 2006.
9. S. Fischer-Hubner. IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. Springer, Berlin, Germany, 2001.
10. Q. He. Privacy enforcement with an extended role-based access control model. Technical Report TR-2003-09, North Carolina State University, 2003.
11. Health Level Seven Inc. HL7 Reference Information Model, ANSI/HL7 V3 RIM, R1-2003, 2003.
12. M. Hilty, D. Basin, and A. Pretschner. On obligations. In ESORICS 2005: Proceedings of the 10th European Symposium On Research in Computer Security.
13. K. Irwin, T. Yu, and W. H. Winsborough. On the modeling and analysis of obligations. In CCS'06: Proceedings of the 13th ACM conference on Computer and communications security, pages 134-143, Alexandria, Virginia, USA, 2006. (Pubitemid 47131363)
14. M. Jafari. Nested purposes. Technical report, (unpublished), December 2009.
15. M. Jafari, R. Safavi-Naini, and N. P. Sheppard. Enforcing purpose of use via workflows. In WPES'09: Proceedings of the 8th ACM workshop on Privacy in the electronic society, pages 113-116, 2009.
16. M. Jawad, P. S. Alvaredo, and P. Valduriez. Design of PriServ, a privacy service for DHTs. In International Workshop on Privacy and Anonymity in the Information Society, pages 21-26, Nantes, France, 2008.
17. T. Jensen, D. Le Metayer, and T. Thorn. Verification of control flow based security properties. pages 89 -103, Oakland, CA, USA, May 1999.
18. K. Krukow, M. Nielsen, and V. Sassone. A logical framework for history-based access control and reputation systems. J. Comput. Secur., 16(1):63-101, 2008. (Pubitemid 350264870)
19. Q. Ni, E. Bertino, J. Lobo, and S. B. Calo. Privacy-aware role-based access control. IEEE Security and Privacy, 7(4):35-43, 2009.
20. Organisation for the Advancement of Structured Information Standards. Privacy policy profile of XACML v2.0. http://docs.oasis-open.org/xacml/2.0/ access-control-xacml-2.0-privacy-profile-spec-os.pdf, 2005.
21. Organisation for the Advancement of Structured Information Standards. Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of Security Assertion Markup Language (SAML) for Healthcare Version 1.0, 2009.
22. I. H. T. S. D. Organization. SNOMED CT, Systematized Nomenclature of Medicine-Clinical Terms. http://www.ihtsdo.org/snomed-ct/.
23. C. S. Powers, P. Ashley, and M. Schunter. Privacy promises, access control, and privacy management. In ISEC'02: Proceedings of the Third International Symposium on Electronic Commerce, pages 13-21, Research Triangle Park, North Carolina, US, 2002. IEEE Computer Society.
24. S. J. Russell and P. Norvig. Artificial Intelligence: A Modern Approach (3rd Edition). Prentice Hall, 2009.
25. M. Schunter and C. Powers. The Enterprise Privacy Authorization Language (EPAL 1.1). http://www.zurich.ibm.com/security/enterprise-privacy/epal, 2003.
26. W. van Staden and M. S. Olivier. Purpose organisation. In ISSA2005: Proceedings of the Fifth Annual Information Security South Africa Conference, Sandton, South Africa, 2005.
27. World-Wide Web Consortium. The Platform for Privacy Preferences 1.1 (P3P1.1) Specification, 2006.
28. M. Yasuda, T. Tachikawa, and M. Takizawa. A purpose-oriented access control model. In Proceedings of Twelfth International Conference on Information Networking, pages 168-173, Jan. 1998.