Measuring privacy compliance with process specifications

Proceedings - 2011 3rd International Workshop on Security Measurements and Metrics, Metrisec 2011

Volumn , Issue , 2011, Pages 41-50

  Banescu, Sebastian ^a   Zannone, Nicola ^a  

^a EINDHOVEN UNIVERSITY OF TECHNOLOGY   (Netherlands)

Author keywords

[No Author keywords available]

Indexed keywords

HEALTH CARE;

ACCURATE MEASUREMENT; NUMBER OF FACTORS; PRIVACY COMPLIANCE; PRIVACY INFRINGEMENT; PROCESS SPECIFICATION;

SPECIFICATIONS;

EID: 84859033160     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/Metrisec.2011.10     Document Type: Conference Paper

References (30)

1. Institute of Medicine, To Err Is Human: Building a Safer Health System. The National Academies Press, 1999.
2. R. Noffsinger and S. Chin, "Improving the delivery ofcare and reducing healthcare costs with the digitization of information," J. of Healthcare Information Management, vol. 14, pp. 23-30, 2000.
3. "2009 Annual Study: Global Cost of a Data Breach," 2010. [Online]. Available: http://www.securityprivacyandthelaw.com/uploads/ file/Ponemonn COBn 2009n GL.pdf
4. P. Guarda and N. Zannone, "Towards the development ofprivacy-aware systems," Inf. Softw. Technol., vol. 51, no. 2, pp. 337-350, 2009.
5. P. Ashley, S. Hada, G. Karjoth, and M. Schunter, "E-P3P privacy policies and privacy authorization," in Proc. of Workshop on Privacy in the Electronic Society. ACM, 2002, pp. 103-109.
6. P. E. Lam, J. C. Mitchell, and S. Sundaram, "A Formalization of HIPAA for a Medical Messaging System," in Proc. of Int. Conf. on Trust, Privacy and Security in Digital Business, ser. LNCS, vol. 5695. Springer, 2009, pp. 73-85.
7. M. Alam, J.-P. Seifert, Q. Li, and X. Zhang, "Usage control platformization via trustworthy SELinux," in Proc. of ACM Symp. on Information, Computer and Communications Security. ACM, 2008, pp. 245-248.
8. J. Ligatti, L. Bauer, and D. Walker, "Run-time enforcement ofnonsafety policies," ACM Trans. Inf. Syst. Secur., vol. 12, no. 3, pp. 1-41, 2009.
9. K. W. Hamlen, G. Morrisett, and F. B. Schneider, "Computability classes for enforcement mechanisms," ACM Trans. Program. Lang. Syst., vol. 28, no. 1, pp. 175-205, 2006.
10. J. Park, R. Sandhu, and J. Schifalacqua, "Security architectures for controlled digital information dissemination," in Proc. of Annual Computer Security Applications Conf. IEEE Computer Society, 2000, pp. 224-233.
11. F. B. Schneider, "Enforceable security policies," ACM Trans. Inf. Syst. Secur., vol. 3, no. 1, pp. 30-50, 2000.
12. C. A. Ardagna, S. D. C. di Vimercati, T. Grandison, S. Jajodia, and P. Samarati, "Regulating exceptions in healthcare using policy spaces,"in Proc. of Conf. on Data and Applications Security, ser. LNCS, vol. 5094. Springer, 2008, pp. 254-267.
13. C. Lovis, S. Spahni, N. Cassoni, and A. Geissbuhler, "Comprehensive management ofthe access to the electronic patient record: Towards trans-institutional networks," Int. J. of Medical Informatics, vol. 76, pp. 466-470, 2007. (Pubitemid 46498975)
14. A. Barth, J. Mitchell, A. Datta, and S. Sundaram, "Privacy and utility in business processes," in Proc. of Computer Security Foundations Symp. IEEE Computer Society, 2007, pp. 279-294.
15. N. Bielova and F. Massacci, "Predictability of enforcement," in Proc. of Int. Symp. on Engineering Secure Software and Systems, ser. LNCS, vol. 6542. Springer, 2011, pp. 73-86.
16. F. Chesani, P. Mello, M. Montali, F. Riguzzi, M. Sebastianis, and S. Storari, "Checking compliance of execution traces to business rules,"in Proc. of Workshop on Business Process Management, ser. LNBIP, vol. 17. Springer, 2009, pp. 134-145.
17. A. Rozinat and W. M. P. van der Aalst, "Conformance checking ofprocesses based on monitoring real behavior," Inf. Syst., vol. 33, no. 1, pp. 64-95, 2008. (Pubitemid 350051578)
18. H. H. Feng, O. M. Kolesnikov, P. Fogla,W. Lee, andW. Gong, "Anomaly detection using call stack information," in Proc. of IEEE Symp. on Security and Privacy. IEEE Computer Society, 2003, pp. 62-75.
19. N. Li and T. Li, "t-Closeness: Privacy Beyond k-Anonymity and l- Diversity," in Proc. of IEEE Int. Conf. on Data Engineering. IEEE Computer Society, 2007, pp. 106-115.
20. C. Dwork, "Differential privacy," in Proc. of Int. Coll. on Automata, Languages and Programming, ser. LNCS, vol. 4052. Springer, 2006, pp. 1-12.
21. D. Clark, S. Hunt, and P. Malacaria, "A static analysis for quantifying information flow in a simple imperative language," J. Comput. Secur., vol. 15, no. 3, pp. 321-371, 2007. (Pubitemid 46868450)
22. D. Prandi, P. Quaglia, and N. Zannone, "Formal analysis of BPMN via a translation into COWS," in Proc. of COORDINATION, ser. LNCS, vol. 5052. Springer, 2008, pp. 249-263.
23. A. Tumer, A. Dogac, and I. H. Toroslu, "A semantic-based user privacy protection framework for web services," in Proc. of Workshop on Intelligent Techniques for Web Personalization, ser. LNCS, vol. 3169. Springer, 2003, pp. 289-305.
24. F. Massacci, J. Mylopoulos, and N. Zannone, "Hierarchical hippocratic databases with minimal disclosure for virtual organizations," VLDB J., vol. 15, no. 4, pp. 370-387, 2006.
25. H. Nguyen and H. Al-Mubaid, "A Combination-based Semantic Similarity Measure using Multiple Information Sources," in Proc. of Int. Conf. on Information Reuse and Integration. IEEE Computer Society, 2006, pp. 617-621.
26. L. D. Ngan, T. M. Hang, and A. Goh, "Semantic Similarity between Concepts from Different OWL Ontologies," in Proc. of Int. Conf. on Industrial Informatics. IEEE Computer Society, 2006, pp. 618-623.
27. G. A. Miller, "WordNet: alexical database for English," Commun. ACM, vol. 38, no. 11, pp. 39-41, 1995.
28. M. A. Jaro, "Advances inRecord-Linkage Methodology as Applied to Matching the 1985 Census of Tampa, Florida," J. of Amer. Statistical Assoc., vol. 84, no. 406, pp. 414-420, 1989.
29. T. K. Landauer and S. T. Dumais, "Solution to Plato's Problem: The Latent Semantic Analysis Theory of Acquisition, Induction and Representation of Knowledge," Psychological Review, no. 104, 1997.
30. P. Resnick, K. Kuwabara, R. Zeckhauser, and E. Friedman, "Reputation systems," Commun. ACM, vol. 43, no. 12, pp. 45-48, 2000.