A Framework for Expressing and Enforcing Purpose-Based Privacy Policies

Q Engineering
Mohammad Jafari, R. Safavi-Naini, Philip W. L. Fong, K. Barker
{"title":"A Framework for Expressing and Enforcing Purpose-Based Privacy Policies","authors":"Mohammad Jafari, R. Safavi-Naini, Philip W. L. Fong, K. Barker","doi":"10.1145/2629689","DOIUrl":null,"url":null,"abstract":"Purpose is a key concept in privacy policies. Although some models have been proposed for enforcing purpose-based privacy policies, little has been done in defining formal semantics for purpose, and therefore an effective enforcement mechanism for such policies has remained a challenge. We have developed a framework for expressing and enforcing such policies by giving a formal definition of purpose and proposing a modal-logic language for formally expressing purpose constraints. The semantics of this language are defined over an abstract model of workflows. Based on this formal framework, we discuss some properties of purpose, show how common forms of purpose constraints can be formalized, how purpose-based constraints can be connected to more general access control policies, and how they can be enforced in a workflow-based information system by extending common access control technologies.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"24 6 1","pages":"3:1-3:31"},"PeriodicalIF":0.0000,"publicationDate":"2014-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2629689","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 13

Abstract

Purpose is a key concept in privacy policies. Although some models have been proposed for enforcing purpose-based privacy policies, little has been done in defining formal semantics for purpose, and therefore an effective enforcement mechanism for such policies has remained a challenge. We have developed a framework for expressing and enforcing such policies by giving a formal definition of purpose and proposing a modal-logic language for formally expressing purpose constraints. The semantics of this language are defined over an abstract model of workflows. Based on this formal framework, we discuss some properties of purpose, show how common forms of purpose constraints can be formalized, how purpose-based constraints can be connected to more general access control policies, and how they can be enforced in a workflow-based information system by extending common access control technologies.
表达和执行基于目的的隐私策略的框架
目的是隐私政策中的一个关键概念。尽管已经提出了一些模型来执行基于目的的隐私策略,但在为目的定义形式化语义方面做得很少,因此为此类策略提供有效的执行机制仍然是一个挑战。我们已经开发了一个框架,通过给出目的的正式定义,并提出一种用于正式表达目的约束的模态逻辑语言,来表达和执行这样的策略。这种语言的语义是在工作流的抽象模型上定义的。在此形式化框架的基础上,我们讨论了目的的一些属性,展示了如何形式化通用形式的目的约束,如何将基于目的的约束连接到更通用的访问控制策略,以及如何通过扩展通用访问控制技术在基于工作流的信息系统中实施这些约束。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
ACM Transactions on Information and System Security
ACM Transactions on Information and System Security 工程技术-计算机:信息系统
CiteScore
4.50
自引率
0.00%
发文量
0
审稿时长
3.3 months
期刊介绍: ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信