research-article

A Framework for Expressing and Enforcing Purpose-Based Privacy Policies

Authors:

Mohammad Jafari,

Reihaneh Safavi-Naini,

Philip W. L. Fong,

Ken BarkerAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 17, Issue 1

Article No.: 3, Pages 1 - 31

https://doi.org/10.1145/2629689

Published: 15 August 2014 Publication History

Abstract

Purpose is a key concept in privacy policies. Although some models have been proposed for enforcing purpose-based privacy policies, little has been done in defining formal semantics for purpose, and therefore an effective enforcement mechanism for such policies has remained a challenge. We have developed a framework for expressing and enforcing such policies by giving a formal definition of purpose and proposing a modal-logic language for formally expressing purpose constraints. The semantics of this language are defined over an abstract model of workflows. Based on this formal framework, we discuss some properties of purpose, show how common forms of purpose constraints can be formalized, how purpose-based constraints can be connected to more general access control policies, and how they can be enforced in a workflow-based information system by extending common access control technologies.

References

[1]

A. V. Aho, M. S. Lam, R. Sethi, and J. D. Ullman. 2006. Compilers: Principles, Techniques, and Tools (2nd. Ed.). Addison-Wesley.

Digital Library

[2]

S. S. Al-Fedaghi. 2007. Beyond purpose-based privacy access control. In Proceedings of the 18th Australasian Database Conference (ADC'07). James Bailey and Alan Fekete (Eds.), 23--32.

Digital Library

[3]

V. Atluri and W. K. Huang. 1996. An authorization model for workflows. In Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS'96). Lecture Notes in Computer Science, vol. 1146, Springer, Berlin/Heidelberg, 44--64.

Digital Library

[4]

E. Bertino, E. Ferrari, and V. Atluri. 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2, 1 (1999), 65--104.

Digital Library

[5]

P. A. Bonatti, E. Damiani, S. de Capitani di Vimercati, and P. Samarati. 2001. A component-based architecture for secure data publication. In Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC'01). 309--318.

Digital Library

[6]

M. Bratman. 1987. Intention, Plans, and Practical Reason. Harvard University Press.

[7]

T. D. Breaux and A. I. Antón. 2005. Deriving semantic models from privacy policies. In Proceedings of the 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05). 67--76.

Digital Library

[8]

J. W. Byun, E. Bertino, and N. Li. 2005. Purpose-based access control of complex data for privacy protection. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT'05). ACM, 102--110.

Digital Library

[9]

J. W. Byun and N. Li. 2008. Purpose-based access control for privacy protection in relational database systems. VLDB J. 17 (2008), 603--619.

Digital Library

[10]

W. Cheung and Y. Gil. 2007. Towards privacy aware data analysis workflows for e-Science. In Proceedings of the Workshop on Semantic e-Science (SeS'07). 17--25.

[11]

K. Connor. 2012. HL7 Harmonization Proposal July 2012 Security WG Purpose of Use. http://wiki.hl7.org/index.php&quest;title=HL7_Security_Document_Library.

[12]

J. Crampton. 2005. A reference monitor for workflow systems with constrained task execution. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT'05). 38--47.

Digital Library

[13]

J. Crampton and H. Khambhammettu. 2008. Delegation and satisfiability in workflow systems. In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT'08). 31--40.

Digital Library

[14]

C. Desmarais, X. Shen, S. Shirmohammadi, A. Cameron, N. D. Georganas, and I. Kerr. 2007. PLUTO -- A privacy control protocol for e-Commerce communities. In Proceedings of the 4th IEEE International Conference on Enterprise Computing, E-Commerce and E-Services (CEC). 349--256.

[15]

L. L. Dimitropoulos. 2006. Privacy and security solutions for interoperable health information exchange. http://www.rti.org/pubs/nationwide_summary.pdf.

[16]

C. A. Ellis and G. J. Nutt. 1993. Modeling and enactment of workflow systems. In Proceedings of the 14th International Conference on Application and Theory of Petri Nets. Lecture Notes in Computer Science, vol. 691, Springer, Berlin/Heidelberg, 1--16.

Digital Library

[17]

J. Fan, K. Barker, B. Porter, and P. Clark. 2001. Representing roles and purpose. In Proceedings of the 1st International Conference on Knowledge Capture (K-CAP'01). 38--43.

Digital Library

[18]

S. Fischer-Hübner. 2001. IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms, Chapter 5: A task-based privacy model. Springer, Berlin.

[19]

J. H. Gallier. 1985. Logic for Computer Science: Foundations of Automatic Theorem Proving. Harper & Row Publishers, Inc., New York, NY.

Digital Library

[20]

H. Haygood, Q. He, S. Smith, and J. Snare. 2003. A privacy-aware database interface. Technical Report TR-2003-05, North Carolina State University.

Digital Library

[21]

Q. He. 2003. Privacy enforcement with an extended role-based access control model. Technical Report TR-2003-09, North Carolina State University.

Digital Library

[22]

Q. He and A. I. Antón. 2003. A framework for modeling privacy requirements in role engineering. In Proceedings of the International Workshop on Requirements Engineering. 115--124.

[23]

M. Hilty, D. Basin, and A. Pretschner. 2005. On obligations. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS'05). 98--117.

Digital Library

[24]

D. Hollingsworth. 1995. The workflow reference model. Technical Report TC00-1003, Workflow Management Coalition.

[25]

M. Huth and M. Ryan. 2004. Logic in Computer Science: Modelling and Reasoning about Systems. Cambridge University Press.

Digital Library

[26]

IBM. 2003. The Enterprise Privacy Authorization Language (EPAL 1.1). IBM.

[27]

IHTSDO. 2012. SNOMED CT, Systematized Nomenclature of Medicine-Clinical Terms. IHTSDO, International Health Terminology Standards Development Organisation. http://www.ihtsdo.org/snomed-ct/.

[28]

K. Irwin, T. Yu, and W. H. Winsborough. 2006. On the modeling and analysis of obligations. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS'06). 134--143.

Digital Library

[29]

ISO. 2011. ISO/TS 14265:2011 Health Informatics - Classification of Purposes for Processing Personal Health Information. ISO, International Organization for Standardization.

[30]

ISO. 2009. Data Exchange Standards -- HL7 Clinical Document Architecture, Release 2. ISO/HL7 27932:2009. ISO, International Organization for Standardization.

[31]

ISO. 2003. HL7 Reference Information Model, ANSI/HL7 V3 RIM, R1-2003. ISO, International Organization for Standardization.

[32]

M. Jafari, Jörg Denzinger, R. Safavi-Naini, and K. Barker. 2013a. A workflow authorization framework for enforcing purpose-based privacy policies. Technical Report 2013-1046-13, University of Calgary.

[33]

M. Jafari, P. W. L. Fong, R. Safavi-Naini, and K. Barker. 2013b. A framework for expressing and enforcing purpose-based privacy policies. Technical Report 2013-1037-04, University of Calgary.

[34]

M. Jafari, P. W. L. Fong, R. Safavi-Naini, K. Barker, and N. P. Sheppard. 2011. Towards defining semantic foundations for purpose-based privacy policies. In Proceedings of the 1st ACM Conference on Data and Application Security and Privacy (CODASPY'11). ACM, 213--224.

Digital Library

[35]

M. Jafari, R. Safavi-Naini, C. Saunders, and N. P. Sheppard. 2010. Using digital rights management for securing data in a medical research environment. In Proceedings of the 19th Annual ACM Workshop on Digital Rights Management (DRM'10). ACM, 55--60.

Digital Library

[36]

M. Jafari, R. Safavi-Naini, and N. P. Sheppard. 2009. Enforcing purpose of use via workflows. In Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society (WPES'09). ACM, 113--116.

Digital Library

[37]

M. Jawad, P. S. Alvaredo, and P. Valduriez. 2008. Design of PriServ, a privacy service for DHTs. In Proceedings of the International Workshop on Privacy and Anonymity in the Information Society. 21--26.

Digital Library

[38]

T. Jensen, D. Le Metayer, and T. Thorn. 1999. Verification of control flow based security properties. In Proceedings of the IEEE Symposium on Security and Privacy. 89--103.

[39]

M. E. Kabir, H. Wang, and E. Bertino. 2012. A role-involved purpose-based access control model. Inform. Syst. Frontiers 14 (2012), 3, 809--822.

Digital Library

[40]

S. Kripke. 1963. Semantical considerations on modal logic. Acta Philosophica Fennica 16, 1963 (1963), 83--94.

[41]

N. Lohmann, E. Verbeek, and R. Dijkman. 2009. Petri net transformations for business processes—A survey. In Transactions on Petri Nets and Other Models of Concurrency II. Lecture Notes in Computer Science, vol. 5460, Springer, Berlin/Heidelberg, 46--63.

Digital Library

[42]

A. Masoumzadeh and J. B. D. Joshi. 2008. PuRBAC: Purpose-aware role-based access control. In On the Move to Meaningful Internet Systems, Part II, Lecture Notes in Computer Science, vol. 5332, Springer, Berlin, 1104--1121.

Digital Library

[43]

NCI. 2012. NCI Thesaurus v.12.04e. http://nciterms.nci.nih.gov. NCI.

[44]

OASIS. 2013. eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS.

[45]

OASIS. 2005. Privacy Policy Profile of XACML v2.0. OASIS.

[46]

OASIS. 2009. Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of Security Assertion Markup Language (SAML) for Healthcare, Version 1.0. OASIS.

[47]

OECD. 1980. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. OECD.

[48]

H. Peng, J. Gu, and X. Ye. 2008. Dynamic purpose-based access control. In Proceedings of the International Symposium on Parallel and Distributed Processing with Applications. 695--700.

Digital Library

[49]

J. L. Peterson. 1977. Petri nets. ACM Comput. Surv. 9, 3 (1977), 223--252.

Digital Library

[50]

C. S. Powers, P. Ashley, and M. Schunter. 2002. Privacy promises, access control, and privacy management. In Proceedings of the 3rd International Symposium on Electronic Commerce (ISEC'02). IEEE Computer Society, 13--21.

Digital Library

[51]

S. J. Russell and P. Norvig. 2009. Artificial Intelligence: A Modern Approach (3rd. Ed.). Prentice Hall.

Digital Library

[52]

L. Torre. 2012. Logics for security and privacy. In Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXVI. Lecture Notes and Computer Science, vol. 7371, Springer, Berlin/Heidelberg, 1--7.

Digital Library

[53]

M. C. Tschantz, A. Datta, and J. M. Wing. 2012. Formalizing and enforcing purpose restrictions in privacy policies. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 176--190.

Digital Library

[54]

W. M. P. van der Aalst and A. H. M. ter Hofstede. 2002. Workflow patterns: On the expressive power of (Petri-net based) workflow languages. In Proceedings of the 4th International Workshop on Practical Use of Coloured Petri Nets and the CPN Tools (CPN'02). 1--20.

[55]

W. M. P. van der Aalst and A. H. M. ter Hofstede. 2005. YAWL: Yet another workflow language. J. Inform. Syst. 30, 4 (2005), 245--275.

Digital Library

[56]

W. M. P. van der Aalst, A. H. M. ter Hofstede, B. Kiepuszewski, and A. P. Barros. 2003. Workflow patterns. Distrib.Parallel Datab. 14 (2003), 1, 5--51.

Digital Library

[57]

W. M. P. van der Aalst, K. M. van Hee, and G. J. Houben. 1994. Modelling workflow management systems with high-level Petri nets. In Proceedings of the 2nd Workshop on Computer-Supported Cooperative Work, Petri Nets and Related Formalisms. 31--50.

[58]

W. van Staden and M. S. Olivier. 2005. Purpose organisation. In Proceedings of the 5th Annual Information Security South Africa Conference (ISSA'05).

[59]

W. van Staden and M. S. Olivier. 2006. Extending SQL to allow the active usage of purposes. In Proceedings of the 3rd International Conference on Trust, Privacy and Security in Digital Business. Lecture Notes in Computer Science, vol. 4083, Springer, Berlin/Heidelberg, 123--131.

Digital Library

[60]

W. van Staden and M. S. Olivier. 2007. Using purpose lattices to facilitate customisation of privacy agreements. In Proceedings of the 4th International Conference on Trust, Privacy and Security in Digital Business. Lecture Notes in Computer Science, vol. 4657, Springer, Berlin/Heidelberg, 201--209.

Digital Library

[61]

W3C. 2006. The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. W3C.

[62]

G. Winskel. 1993. Formal Semantics of Programming Languages. The MIT Press.

Digital Library

[63]

N. Yang, H. Barringer, and N. Zhang. 2007. A purpose-based access control model. In Proceedings of the International Symposium on Information Assurance and Security. 143--148.

Digital Library

[64]

M. Yasuda, T. Tachikawa, and M. Takizawa. 1998. A purpose-oriented access control model. In Proceedings of the 12th International Conference on Information Networking. 168--173.

Digital Library

[65]

G. Zhan, Z. Li, X. Ye, and J. Wang. 2006. Privacy preservation and protection by extending generalized partial indices. In Proceedings of the British National Conference on Databases. 102--114.

Digital Library

Cited By

Mireku Kwakye MBarker K(2024)Blockchain-Based Privacy-Preservation Platform for Data Storage and Query ProcessingUbiquitous Security10.1007/978-981-97-1274-8_25(380-400)Online publication date: 13-Mar-2024
https://doi.org/10.1007/978-981-97-1274-8_25
Sun P(2019)Privacy Protection and Data Security in Cloud Computing: A Survey, Challenges, and SolutionsIEEE Access10.1109/ACCESS.2019.29461857(147420-147452)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2946185
Riahi SKhosravi RGhassemi F(2017)Purpose-Based Policy Enforcement in Actor-Based SystemsFundamentals of Software Engineering10.1007/978-3-319-68972-2_13(196-211)Online publication date: 11-Oct-2017
https://doi.org/10.1007/978-3-319-68972-2_13
Show More Cited By

Recommendations

Towards defining semantic foundations for purpose-based privacy policies
CODASPY '11: Proceedings of the first ACM conference on Data and application security and privacy

We define a semantic model for purpose, based on which purpose-based privacy policies can be meaningfully expressed and enforced in a business system. The model is based on the intuition that the purpose of an action is determined by its situation among ...
A language for automatically enforcing privacy policies
POPL '12

It is becoming increasingly important for applications to protect sensitive data. With current techniques, the programmer bears the burden of ensuring that the application's behavior adheres to policies about where sensitive values may flow. ...
Privacy-aware role-based access control

In this article, we introduce a comprehensive framework supporting a privacy-aware access control mechanism, that is, a mechanism tailored to enforce access control to data containing personally identifiable information and, as such, privacy sensitive. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 17, Issue 1

August 2014

118 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/2660572

Editor:
Gene Tsudik
University of California at Irvine, USA

Issue’s Table of Contents

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 August 2014

Accepted: 01 April 2014

Revised: 01 September 2013

Received: 01 February 2013

Published in TISSEC Volume 17, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Alberta Innovates - Technology Futures

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
705
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mireku Kwakye MBarker K(2024)Blockchain-Based Privacy-Preservation Platform for Data Storage and Query ProcessingUbiquitous Security10.1007/978-981-97-1274-8_25(380-400)Online publication date: 13-Mar-2024
https://doi.org/10.1007/978-981-97-1274-8_25
Sun P(2019)Privacy Protection and Data Security in Cloud Computing: A Survey, Challenges, and SolutionsIEEE Access10.1109/ACCESS.2019.29461857(147420-147452)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2946185
Riahi SKhosravi RGhassemi F(2017)Purpose-Based Policy Enforcement in Actor-Based SystemsFundamentals of Software Engineering10.1007/978-3-319-68972-2_13(196-211)Online publication date: 11-Oct-2017
https://doi.org/10.1007/978-3-319-68972-2_13
Ulusoy HKantarcioglu MPattuk EKagal L(2015)AccountableMRProceedings of the 2015 IEEE International Conference on Big Data (Big Data)10.1109/BigData.2015.7363786(451-460)Online publication date: 29-Oct-2015
https://dl.acm.org/doi/10.1109/BigData.2015.7363786
Krishnan PVorobyov K(2015)Enforcement of privacy requirementsComputers and Security10.1016/j.cose.2015.03.00452:C(164-177)Online publication date: 1-Jul-2015
https://dl.acm.org/doi/10.1016/j.cose.2015.03.004
Masellis RGhidini CRanise S(2015)A Declarative Framework for Specifying and Enforcing Purpose-Aware PoliciesProceedings of the 11th International Workshop on Security and Trust Management - Volume 933110.1007/978-3-319-24858-5_4(55-71)Online publication date: 21-Sep-2015
https://dl.acm.org/doi/10.1007/978-3-319-24858-5_4
Kumar NShyamasundar R(2014)Realizing Purpose-Based Privacy Policies Succinctly via Information-Flow LabelsProceedings of the 2014 IEEE Fourth International Conference on Big Data and Cloud Computing10.1109/BDCloud.2014.89(753-760)Online publication date: 3-Dec-2014
https://dl.acm.org/doi/10.1109/BDCloud.2014.89

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents