A Framework for Expressing and Enforcing Purpose-Based Privacy Policies

Published: 15 August 2014


Purpose is a key concept in privacy policies. Although some models have been proposed for enforcing purpose-based privacy policies, little has been done in defining formal semantics for purpose, and therefore an effective enforcement mechanism for such policies has remained a challenge. We have developed a framework for expressing and enforcing such policies by giving a formal definition of purpose and proposing a modal-logic language for formally expressing purpose constraints. The semantics of this language are defined over an abstract model of workflows. Based on this formal framework, we discuss some properties of purpose, show how common forms of purpose constraints can be formalized, how purpose-based constraints can be connected to more general access control policies, and how they can be enforced in a workflow-based information system by extending common access control technologies.


Information & Contributors


Published In

ACM Transactions on Information and System Security  Volume 17, Issue 1
August 2014
118 pages
Issue’s Table of Contents
Publication History

Published: 15 August 2014
Accepted: 01 April 2014
Revised: 01 September 2013
Received: 01 February 2013
Published in TISSEC Volume 17, Issue 1


Author Tags

  Petri net
  Purpose
  modal logic
  privacy
  purpose-based policies
  semantics
  workflow


