Enforcement of privacy requirements

Enterprises collect and use private information for various purposes. Access control can limit who can obtain such data, however, the purpose of their use is not clear. In this paper we focus on the purpose of data access and demonstrate that dynamic role-based access control (RBAC) is not sufficient for enforcement of privacy requirements. We extend RBAC with monitoring capability and describe a formal approach to determining whether access control policies actually implement privacy requirements based on the behaviour of the system. We show how access control fails to detect privacy violations and use small examples to demonstrate how our technique is used to solve such issues. We also describe a prototype implementation of our technique and present two case studies that demonstrate the applicability of our approach in practice.

[1]  Clare-Marie Karat,et al.  Optimizing a policy authoring framework for security and privacy policies , 2010, SOUPS.

[2]  Robert Morris,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM 2001.

[3]  Jorge Lobo,et al.  Privacy-aware role-based access control , 2010 .

[4]  W. M. Wonham,et al.  Modular supervisory control of discrete-event systems , 1988, Math. Control. Signals Syst..

[5]  Gerald J. Sussman,et al.  Data-Purpose Algebra: Modeling Data Usage Policies , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[6]  Reihaneh Safavi-Naini,et al.  A Framework for Expressing and Enforcing Purpose-Based Privacy Policies , 2014, TSEC.

[7]  Luca Viganò,et al.  Workflow and Access Control Reloaded: a Declarative Specification Framework for the Automated Analysis of Web Services , 2011, Scalable Comput. Pract. Exp..

[8]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[9]  Reihaneh Safavi-Naini,et al.  Towards defining semantic foundations for purpose-based privacy policies , 2011, CODASPY '11.

[10]  Elisa Bertino,et al.  A conditional purpose-based access control model with dynamic roles , 2011, Expert Syst. Appl..

[11]  Nicola Zannone,et al.  Purpose Control: Did You Process the Data for the Intended Purpose? , 2011, Secure Data Management.

[12]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[13]  Fred H. Cate,et al.  The Limits of Notice and Choice , 2010, IEEE Security & Privacy.

[14]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[15]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[16]  C. Matthew Curtin,et al.  Standardizing Breach Incident Reporting: Introduction of a Key for Hierarchical Classification , 2010, 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[17]  Ting Yu,et al.  Don't Reveal My Intension: Protecting User Privacy Using Declarative Preferences during Distributed Query Processing , 2011, ESORICS.

[18]  Elisa Bertino,et al.  Privacy Protection , 2022 .

[19]  Philip W. L. Fong,et al.  Relationship-based access control policies and their policy languages , 2011, SACMAT '11.

[20]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[21]  John Mylopoulos,et al.  From Hippocratic Databases to Secure Tropos: a Computer-Aided Re-Engineering Approach , 2007, Int. J. Softw. Eng. Knowl. Eng..

[22]  Ninghui Li,et al.  Towards Formal Verification of Role-Based Access Control Policies , 2008, IEEE Transactions on Dependable and Secure Computing.

[23]  Mark Evered,et al.  A Case Study in Access Control Requirements for a Health Information System , 2004, ACSW.

[24]  Amirreza Masoumzadeh,et al.  PuRBAC: Purpose-Aware Role-Based Access Control , 2008, OTM Conferences.

[25]  Annie I. Antón,et al.  Precluding incongruous behavior by aligning software requirements with security and privacy policies , 2003, Inf. Softw. Technol..

[26]  Ashish Tiwari,et al.  Sal 2 , 2004, CAV.

[27]  Lalana Kagal,et al.  Preserving Privacy Based on Semantic Policy Tools , 2010, IEEE Security & Privacy.

[28]  Elisa Bertino,et al.  A role-involved purpose-based access control model , 2012, Inf. Syst. Frontiers.

[29]  Yves Demazeau,et al.  Representing privacy regulations with deontico-temporal operators , 2011, Web Intell. Agent Syst..

[30]  Francesco Tiezzi,et al.  A Calculus for Orchestration of Web Services , 2007, ESOP.

[31]  Jorge Lobo,et al.  Conditional Privacy-Aware Role Based Access Control , 2007, ESORICS.

[32]  Jun Gu,et al.  Dynamic Purpose-Based Access Control , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications.

[33]  Patrick Valduriez,et al.  Protecting Data Privacy in Structured P2P Networks , 2009, Globe.

[34]  Patrick Valduriez,et al.  Design of PriServ, a privacy service for DHTs , 2008, PAIS '08.

[35]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[36]  Ning Zhang,et al.  A Purpose-Based Access Control Model , 2007 .

[37]  Padmanabhan Krishnan,et al.  Enforcement of Privacy Requirements , 2013, SEC.

[38]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[39]  Wieslaw Zielonka,et al.  Notes on Finite Asynchronous Automata , 1987, RAIRO Theor. Informatics Appl..

[40]  Michael Carl Tschantz,et al.  On the Semantics of Purpose Requirements in Privacy Policies , 2011, ArXiv.