Abstract
Purpose is a key concept in privacy policies. Although some models have been proposed for enforcing purpose-based privacy policies, little has been done in defining formal semantics for purpose, and therefore an effective enforcement mechanism for such policies has remained a challenge. We have developed a framework for expressing and enforcing such policies by giving a formal definition of purpose and proposing a modal-logic language for formally expressing purpose constraints. The semantics of this language are defined over an abstract model of workflows. Based on this formal framework, we discuss some properties of purpose, show how common forms of purpose constraints can be formalized, how purpose-based constraints can be connected to more general access control policies, and how they can be enforced in a workflow-based information system by extending common access control technologies.
- A. V. Aho, M. S. Lam, R. Sethi, and J. D. Ullman. 2006. Compilers: Principles, Techniques, and Tools (2nd. Ed.). Addison-Wesley. Google Scholar
Digital Library
- S. S. Al-Fedaghi. 2007. Beyond purpose-based privacy access control. In Proceedings of the 18th Australasian Database Conference (ADC'07). James Bailey and Alan Fekete (Eds.), 23--32. Google Scholar
Digital Library
- V. Atluri and W. K. Huang. 1996. An authorization model for workflows. In Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS'96). Lecture Notes in Computer Science, vol. 1146, Springer, Berlin/Heidelberg, 44--64. Google Scholar
Digital Library
- E. Bertino, E. Ferrari, and V. Atluri. 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2, 1 (1999), 65--104. Google Scholar
Digital Library
- P. A. Bonatti, E. Damiani, S. de Capitani di Vimercati, and P. Samarati. 2001. A component-based architecture for secure data publication. In Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC'01). 309--318. Google Scholar
Digital Library
- M. Bratman. 1987. Intention, Plans, and Practical Reason. Harvard University Press.Google Scholar
- T. D. Breaux and A. I. Antón. 2005. Deriving semantic models from privacy policies. In Proceedings of the 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05). 67--76. Google Scholar
Digital Library
- J. W. Byun, E. Bertino, and N. Li. 2005. Purpose-based access control of complex data for privacy protection. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT'05). ACM, 102--110. Google Scholar
Digital Library
- J. W. Byun and N. Li. 2008. Purpose-based access control for privacy protection in relational database systems. VLDB J. 17 (2008), 603--619. Google Scholar
Digital Library
- W. Cheung and Y. Gil. 2007. Towards privacy aware data analysis workflows for e-Science. In Proceedings of the Workshop on Semantic e-Science (SeS'07). 17--25.Google Scholar
- K. Connor. 2012. HL7 Harmonization Proposal July 2012 Security WG Purpose of Use. http://wiki.hl7.org/index.php?title=HL7_Security_Document_Library.Google Scholar
- J. Crampton. 2005. A reference monitor for workflow systems with constrained task execution. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT'05). 38--47. Google Scholar
Digital Library
- J. Crampton and H. Khambhammettu. 2008. Delegation and satisfiability in workflow systems. In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT'08). 31--40. Google Scholar
Digital Library
- C. Desmarais, X. Shen, S. Shirmohammadi, A. Cameron, N. D. Georganas, and I. Kerr. 2007. PLUTO -- A privacy control protocol for e-Commerce communities. In Proceedings of the 4th IEEE International Conference on Enterprise Computing, E-Commerce and E-Services (CEC). 349--256.Google Scholar
- L. L. Dimitropoulos. 2006. Privacy and security solutions for interoperable health information exchange. http://www.rti.org/pubs/nationwide_summary.pdf.Google Scholar
- C. A. Ellis and G. J. Nutt. 1993. Modeling and enactment of workflow systems. In Proceedings of the 14th International Conference on Application and Theory of Petri Nets. Lecture Notes in Computer Science, vol. 691, Springer, Berlin/Heidelberg, 1--16. Google Scholar
Digital Library
- J. Fan, K. Barker, B. Porter, and P. Clark. 2001. Representing roles and purpose. In Proceedings of the 1st International Conference on Knowledge Capture (K-CAP'01). 38--43. Google Scholar
Digital Library
- S. Fischer-Hübner. 2001. IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms, Chapter 5: A task-based privacy model. Springer, Berlin.Google Scholar
- J. H. Gallier. 1985. Logic for Computer Science: Foundations of Automatic Theorem Proving. Harper & Row Publishers, Inc., New York, NY. Google Scholar
Digital Library
- H. Haygood, Q. He, S. Smith, and J. Snare. 2003. A privacy-aware database interface. Technical Report TR-2003-05, North Carolina State University. Google Scholar
Digital Library
- Q. He. 2003. Privacy enforcement with an extended role-based access control model. Technical Report TR-2003-09, North Carolina State University. Google Scholar
Digital Library
- Q. He and A. I. Antón. 2003. A framework for modeling privacy requirements in role engineering. In Proceedings of the International Workshop on Requirements Engineering. 115--124.Google Scholar
- M. Hilty, D. Basin, and A. Pretschner. 2005. On obligations. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS'05). 98--117. Google Scholar
Digital Library
- D. Hollingsworth. 1995. The workflow reference model. Technical Report TC00-1003, Workflow Management Coalition.Google Scholar
- M. Huth and M. Ryan. 2004. Logic in Computer Science: Modelling and Reasoning about Systems. Cambridge University Press. Google Scholar
Digital Library
- IBM. 2003. The Enterprise Privacy Authorization Language (EPAL 1.1). IBM.Google Scholar
- IHTSDO. 2012. SNOMED CT, Systematized Nomenclature of Medicine-Clinical Terms. IHTSDO, International Health Terminology Standards Development Organisation. http://www.ihtsdo.org/snomed-ct/.Google Scholar
- K. Irwin, T. Yu, and W. H. Winsborough. 2006. On the modeling and analysis of obligations. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS'06). 134--143. Google Scholar
Digital Library
- ISO. 2011. ISO/TS 14265:2011 Health Informatics - Classification of Purposes for Processing Personal Health Information. ISO, International Organization for Standardization.Google Scholar
- ISO. 2009. Data Exchange Standards -- HL7 Clinical Document Architecture, Release 2. ISO/HL7 27932:2009. ISO, International Organization for Standardization.Google Scholar
- ISO. 2003. HL7 Reference Information Model, ANSI/HL7 V3 RIM, R1-2003. ISO, International Organization for Standardization.Google Scholar
- M. Jafari, Jörg Denzinger, R. Safavi-Naini, and K. Barker. 2013a. A workflow authorization framework for enforcing purpose-based privacy policies. Technical Report 2013-1046-13, University of Calgary.Google Scholar
- M. Jafari, P. W. L. Fong, R. Safavi-Naini, and K. Barker. 2013b. A framework for expressing and enforcing purpose-based privacy policies. Technical Report 2013-1037-04, University of Calgary.Google Scholar
- M. Jafari, P. W. L. Fong, R. Safavi-Naini, K. Barker, and N. P. Sheppard. 2011. Towards defining semantic foundations for purpose-based privacy policies. In Proceedings of the 1st ACM Conference on Data and Application Security and Privacy (CODASPY'11). ACM, 213--224. Google Scholar
Digital Library
- M. Jafari, R. Safavi-Naini, C. Saunders, and N. P. Sheppard. 2010. Using digital rights management for securing data in a medical research environment. In Proceedings of the 19th Annual ACM Workshop on Digital Rights Management (DRM'10). ACM, 55--60. Google Scholar
Digital Library
- M. Jafari, R. Safavi-Naini, and N. P. Sheppard. 2009. Enforcing purpose of use via workflows. In Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society (WPES'09). ACM, 113--116. Google Scholar
Digital Library
- M. Jawad, P. S. Alvaredo, and P. Valduriez. 2008. Design of PriServ, a privacy service for DHTs. In Proceedings of the International Workshop on Privacy and Anonymity in the Information Society. 21--26. Google Scholar
Digital Library
- T. Jensen, D. Le Metayer, and T. Thorn. 1999. Verification of control flow based security properties. In Proceedings of the IEEE Symposium on Security and Privacy. 89--103.Google Scholar
- M. E. Kabir, H. Wang, and E. Bertino. 2012. A role-involved purpose-based access control model. Inform. Syst. Frontiers 14 (2012), 3, 809--822. Google Scholar
Digital Library
- S. Kripke. 1963. Semantical considerations on modal logic. Acta Philosophica Fennica 16, 1963 (1963), 83--94.Google Scholar
- N. Lohmann, E. Verbeek, and R. Dijkman. 2009. Petri net transformations for business processes—A survey. In Transactions on Petri Nets and Other Models of Concurrency II. Lecture Notes in Computer Science, vol. 5460, Springer, Berlin/Heidelberg, 46--63. Google Scholar
Digital Library
- A. Masoumzadeh and J. B. D. Joshi. 2008. PuRBAC: Purpose-aware role-based access control. In On the Move to Meaningful Internet Systems, Part II, Lecture Notes in Computer Science, vol. 5332, Springer, Berlin, 1104--1121. Google Scholar
Digital Library
- NCI. 2012. NCI Thesaurus v.12.04e. http://nciterms.nci.nih.gov. NCI.Google Scholar
- OASIS. 2013. eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS.Google Scholar
- OASIS. 2005. Privacy Policy Profile of XACML v2.0. OASIS.Google Scholar
- OASIS. 2009. Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of Security Assertion Markup Language (SAML) for Healthcare, Version 1.0. OASIS.Google Scholar
- OECD. 1980. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. OECD.Google Scholar
- H. Peng, J. Gu, and X. Ye. 2008. Dynamic purpose-based access control. In Proceedings of the International Symposium on Parallel and Distributed Processing with Applications. 695--700. Google Scholar
Digital Library
- J. L. Peterson. 1977. Petri nets. ACM Comput. Surv. 9, 3 (1977), 223--252. Google Scholar
Digital Library
- C. S. Powers, P. Ashley, and M. Schunter. 2002. Privacy promises, access control, and privacy management. In Proceedings of the 3rd International Symposium on Electronic Commerce (ISEC'02). IEEE Computer Society, 13--21. Google Scholar
Digital Library
- S. J. Russell and P. Norvig. 2009. Artificial Intelligence: A Modern Approach (3rd. Ed.). Prentice Hall. Google Scholar
Digital Library
- L. Torre. 2012. Logics for security and privacy. In Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXVI. Lecture Notes and Computer Science, vol. 7371, Springer, Berlin/Heidelberg, 1--7. Google Scholar
Digital Library
- M. C. Tschantz, A. Datta, and J. M. Wing. 2012. Formalizing and enforcing purpose restrictions in privacy policies. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 176--190. Google Scholar
Digital Library
- W. M. P. van der Aalst and A. H. M. ter Hofstede. 2002. Workflow patterns: On the expressive power of (Petri-net based) workflow languages. In Proceedings of the 4th International Workshop on Practical Use of Coloured Petri Nets and the CPN Tools (CPN'02). 1--20.Google Scholar
- W. M. P. van der Aalst and A. H. M. ter Hofstede. 2005. YAWL: Yet another workflow language. J. Inform. Syst. 30, 4 (2005), 245--275. Google Scholar
Digital Library
- W. M. P. van der Aalst, A. H. M. ter Hofstede, B. Kiepuszewski, and A. P. Barros. 2003. Workflow patterns. Distrib.Parallel Datab. 14 (2003), 1, 5--51. Google Scholar
Digital Library
- W. M. P. van der Aalst, K. M. van Hee, and G. J. Houben. 1994. Modelling workflow management systems with high-level Petri nets. In Proceedings of the 2nd Workshop on Computer-Supported Cooperative Work, Petri Nets and Related Formalisms. 31--50.Google Scholar
- W. van Staden and M. S. Olivier. 2005. Purpose organisation. In Proceedings of the 5th Annual Information Security South Africa Conference (ISSA'05).Google Scholar
- W. van Staden and M. S. Olivier. 2006. Extending SQL to allow the active usage of purposes. In Proceedings of the 3rd International Conference on Trust, Privacy and Security in Digital Business. Lecture Notes in Computer Science, vol. 4083, Springer, Berlin/Heidelberg, 123--131. Google Scholar
Digital Library
- W. van Staden and M. S. Olivier. 2007. Using purpose lattices to facilitate customisation of privacy agreements. In Proceedings of the 4th International Conference on Trust, Privacy and Security in Digital Business. Lecture Notes in Computer Science, vol. 4657, Springer, Berlin/Heidelberg, 201--209. Google Scholar
Digital Library
- W3C. 2006. The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. W3C.Google Scholar
- G. Winskel. 1993. Formal Semantics of Programming Languages. The MIT Press. Google Scholar
Digital Library
- N. Yang, H. Barringer, and N. Zhang. 2007. A purpose-based access control model. In Proceedings of the International Symposium on Information Assurance and Security. 143--148. Google Scholar
Digital Library
- M. Yasuda, T. Tachikawa, and M. Takizawa. 1998. A purpose-oriented access control model. In Proceedings of the 12th International Conference on Information Networking. 168--173. Google Scholar
Digital Library
- G. Zhan, Z. Li, X. Ye, and J. Wang. 2006. Privacy preservation and protection by extending generalized partial indices. In Proceedings of the British National Conference on Databases. 102--114. Google Scholar
Digital Library
Recommendations
Towards defining semantic foundations for purpose-based privacy policies
CODASPY '11: Proceedings of the first ACM conference on Data and application security and privacyWe define a semantic model for purpose, based on which purpose-based privacy policies can be meaningfully expressed and enforced in a business system. The model is based on the intuition that the purpose of an action is determined by its situation among ...
Building access control policy model for privacy preserving and testing policy conflicting problems
This paper proposes a purpose-based access control model in distributed computing environment for privacy preserving policies and mechanisms, and describes algorithms for policy conflicting problems. The mechanism enforces access policy to data ...
Enforcing Privacy Policies with Meta-Code
APSys '15: Proceedings of the 6th Asia-Pacific Workshop on SystemsThis paper proposes a mechanism for expressing and enforcing security policies for shared data. Security policies are expressed as stateful meta-code operations; meta-code can express a broad class of policies, including access-based policies, use-based ...






Comments