A Framework for Expressing and Enforcing Purpose-Based Privacy Policies

Mohammad Jafari, R. Safavi-Naini, Philip W. L. Fong, K. Barker
{"title":"A Framework for Expressing and Enforcing Purpose-Based Privacy Policies","authors":"Mohammad Jafari, R. Safavi-Naini, Philip W. L. Fong, K. Barker","doi":"10.1145/2629689","DOIUrl":null,"url":null,"abstract":"Purpose is a key concept in privacy policies. Although some models have been proposed for enforcing purpose-based privacy policies, little has been done in defining formal semantics for purpose, and therefore an effective enforcement mechanism for such policies has remained a challenge. We have developed a framework for expressing and enforcing such policies by giving a formal definition of purpose and proposing a modal-logic language for formally expressing purpose constraints. The semantics of this language are defined over an abstract model of workflows. Based on this formal framework, we discuss some properties of purpose, show how common forms of purpose constraints can be formalized, how purpose-based constraints can be connected to more general access control policies, and how they can be enforced in a workflow-based information system by extending common access control technologies.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"24 6 1","pages":"3:1-3:31"},"PeriodicalIF":0.0000,"publicationDate":"2014-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2629689","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 13

Abstract

Purpose is a key concept in privacy policies. Although some models have been proposed for enforcing purpose-based privacy policies, little has been done in defining formal semantics for purpose, and therefore an effective enforcement mechanism for such policies has remained a challenge. We have developed a framework for expressing and enforcing such policies by giving a formal definition of purpose and proposing a modal-logic language for formally expressing purpose constraints. The semantics of this language are defined over an abstract model of workflows. Based on this formal framework, we discuss some properties of purpose, show how common forms of purpose constraints can be formalized, how purpose-based constraints can be connected to more general access control policies, and how they can be enforced in a workflow-based information system by extending common access control technologies.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
表达和执行基于目的的隐私策略的框架
目的是隐私政策中的一个关键概念。尽管已经提出了一些模型来执行基于目的的隐私策略,但在为目的定义形式化语义方面做得很少,因此为此类策略提供有效的执行机制仍然是一个挑战。我们已经开发了一个框架,通过给出目的的正式定义,并提出一种用于正式表达目的约束的模态逻辑语言,来表达和执行这样的策略。这种语言的语义是在工作流的抽象模型上定义的。在此形式化框架的基础上,我们讨论了目的的一些属性,展示了如何形式化通用形式的目的约束,如何将基于目的的约束连接到更通用的访问控制策略,以及如何通过扩展通用访问控制技术在基于工作流的信息系统中实施这些约束。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
ACM Transactions on Information and System Security
ACM Transactions on Information and System Security 工程技术-计算机:信息系统
CiteScore
4.50
自引率
0.00%
发文量
0
审稿时长
3.3 months
期刊介绍: ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.
期刊最新文献
An Efficient User Verification System Using Angle-Based Mouse Movement Biometrics A New Framework for Privacy-Preserving Aggregation of Time-Series Data Behavioral Study of Users When Interacting with Active Honeytokens Model Checking Distributed Mandatory Access Control Policies Randomization-Based Intrusion Detection System for Advanced Metering Infrastructure*
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1