On the design of a privacy aware authorization engine for collaborative environments

Business networking has substantially reshaped common enterprise procedures and has paved the way for the development of ground-breaking information sharing patterns and inter-organizational cooperative practices. Yet, critical issues still stand unaddressed; privacy and sensitive information confidentiality implications threaten to diminish the economic and social benefits derived from online collaboration. Nevertheless, privacy preservation refers to a multidimensional and cross-disciplinary subject, accompanied by both legal as well as technical challenges. In this context, this paper describes the design of a privacy-aware decision engine operating within synergistic contexts. Decision making regarding the production of authorizations and information usage rules is founded on a detailed privacy context and the enforcement of a deductive reasoning algorithm. The proposed reasoning process spans two distinct phases, taking into account an a priori perspective of the system while at the same time maintaining responsiveness in dynamic contexts.

[1]  Pratim Datta,et al.  Online consumer market inefficiencies and intermediation , 2011, DATB.

[2]  Deborah L. McGuinness,et al.  OWL Web ontology language overview , 2004 .

[3]  Dimitra I. Kaklamani,et al.  Leveraging Access Control for Privacy Protection: A Survey , 2012 .

[4]  Andrea Westerinen,et al.  Terminology for Policy-Based Management , 2001, RFC.

[5]  David W. Chadwick,et al.  A Multi-privacy Policy Enforcement System , 2010, PrimeLife.

[6]  Sabrina De Capitani di Vimercati,et al.  A privacy-aware access control system , 2008, J. Comput. Secur..

[7]  George Yee Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards , 2011 .

[8]  Jacques Bughin,et al.  The rise of enterprise 2.0 , 2008 .

[9]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[10]  Fabio Ricciato,et al.  Towards Privacy-Preserving Network Monitoring: Issues and Challenges , 2007, 2007 IEEE 18th International Symposium on Personal, Indoor and Mobile Radio Communications.

[11]  Antonio Maña,et al.  Interoperable semantic access control for highly dynamic coalitions , 2010, Secur. Commun. Networks.

[12]  Dejan S. Milojicic Interview with Rich Friedrich, Dave Cohen, and Alex Dreiling , 2008, IEEE Internet Computing.

[13]  M. Cruz-cunha,et al.  Information Communication Technology Law, Protection and Access Rights: Global Approaches and Issues , 2010 .

[14]  A. Acquisti The Economics of Personal Data and the Economics of Privacy , 2010 .

[15]  William J. Kirsch,et al.  The protection of privacy and transborder flows of personal data: the work of the Council of Europe, the Organization for Economic Co-operation and Development and the European Economic Community , 1982, Legal Issues of Economic Integration.

[16]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[17]  Dimitra I. Kaklamani,et al.  Legislation-Aware Privacy Protection in Passive Network Monitoring , 2010 .

[18]  Rudolf Schmid,et al.  Organization for the advancement of structured information standards , 2002 .

[19]  Dimitra I. Kaklamani,et al.  Privacy-Aware Access Control and Authorization in Passive Network Monitoring Infrastructures , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[20]  Jan Camenisch,et al.  Efficient Attributes for Anonymous Credentials , 2012, TSEC.

[21]  Michael Weber,et al.  Towards context adaptive privacy decisions in ubiquitous computing , 2012, 2012 IEEE International Conference on Pervasive Computing and Communications Workshops.

[22]  Gilbert Moïsio,et al.  Internet Engineering Task Force , 2014 .

[23]  Yves Poullet,et al.  EU data protection policy. The Directive 95/46/EC: Ten years after , 2006, Comput. Law Secur. Rev..

[24]  X Itu,et al.  Information technology-open systems interconnection-the directory: Public-key and attribute certific , 2000 .

[25]  Bhavani M. Thuraisingham,et al.  ROWLBAC: representing role based access control in OWL , 2008, SACMAT '08.

[26]  Dimitra I. Kaklamani,et al.  Trust in an Enterprise World: A Survey , 2014 .

[27]  Hubert Österle,et al.  Business Networking: Shaping Enterprise Relationships on the Internet , 1999 .

[28]  David W. Chadwick,et al.  How to Securely Break into RBAC: The BTG-RBAC Model , 2009, 2009 Annual Computer Security Applications Conference.

[29]  Noboru Sonehara,et al.  On Privacy-compliant Disclosure of Personal Data to Third Parties using Digital Watermarking , 2011, J. Inf. Hiding Multim. Signal Process..

[30]  Antonio F. Gómez-Skarmeta,et al.  Semantic-based authorization architecture for Grid , 2011, Future Gener. Comput. Syst..

[31]  Marco Casassa Mont,et al.  Dealing with Privacy Obligations: Important Aspects and Technical Approaches , 2004, TrustBus.

[32]  Nora Cuppens-Boulahia,et al.  Modeling contextual security policies , 2008, International Journal of Information Security.

[33]  Mirina Grosz,et al.  World Wide Web Consortium , 2010 .