Privacy Policy Preferences Enforced by SPARQL Query Rewriting

When specifying privacy preferences, the data owner can control who may access its personal data, for which purpose and under which accuracy. In this paper we present an approach that enforces the privacy policy preferences by query transformation. We present also how to instrument this rewriting query algorithm using a privacy-aware model like PrivOrBAC. We take into account various dimensions of privacy preferences through the concepts of consent, accuracy, purpose and recipient.

[1]  Jorge Lobo,et al.  Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.

[2]  Nektarios Gioldasis,et al.  SPARQL2XQuery 2.0: Supporting Semantic-based queries over XML data , 2010, 2010 Fifth International Workshop Semantic Media Adaptation and Personalization.

[3]  William J. Kirsch,et al.  The protection of privacy and transborder flows of personal data: the work of the Council of Europe, the Organization for Economic Co-operation and Development and the European Economic Community , 1982, Legal Issues of Economic Integration.

[4]  Anna Cinzia Squicciarini,et al.  WWW 2009 MADRID! Track: Security and Privacy / Session: Web Privacy Collective Privacy Management in Social Networks , 2022 .

[5]  Ning Zhang,et al.  A Purpose-Based Access Control Model , 2007, Third International Symposium on Information Assurance and Security.

[6]  Nektarios Gioldasis,et al.  Semantic Based Access over XML Data , 2009, WSKS.

[7]  Amirreza Masoumzadeh,et al.  PuRBAC: Purpose-Aware Role-Based Access Control , 2008, OTM Conferences.

[8]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[9]  Nora Cuppens-Boulahia,et al.  Contextual Privacy Management in Extended Role Based Access Control Model , 2009, DPM/SETOP.

[10]  Jeremy J. Carroll,et al.  Resource description framework (rdf) concepts and abstract syntax , 2003 .

[11]  David J. DeWitt,et al.  Limiting Disclosure in Hippocratic Databases , 2004, VLDB.

[12]  Nora Cuppens-Boulahia,et al.  fQuery: SPARQL Query Rewriting to Enforce Data Confidentiality , 2010, DBSec.

[13]  Pierre-Antoine Champin,et al.  Composing Data-Providing Web Services in P2P-Based Collaboration Environments , 2007, CAiSE.

[14]  Mark Crichard Privacy and electronic communications , 2003, Comput. Law Secur. Rev..

[15]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[16]  Hhs Office for Civil Rights Standards for privacy of individually identifiable health information. Final rule. , 2002, Federal register.

[17]  Nora Cuppens-Boulahia,et al.  Rewriting of SPARQL/Update Queries for Securing Data Access , 2010, ICICS.

[18]  Jorge Lobo,et al.  On the Correctness Criteria of Fine-Grained Access Control in Relational Databases , 2007, VLDB.

[19]  E. Prud hommeaux,et al.  SPARQL query language for RDF , 2011 .

[20]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[21]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[22]  A. Hasan,et al.  Organisation for Economic Co-operation and Development , 2007 .

[23]  Jeff Z. Pan,et al.  Resource Description Framework , 2020, Definitions.