Privacy Reference Monitor - A Computer Model for Law Compliant Privacy Protection

The Internet and computers did not invent or even cause privacy issues. The issues existed long before the creation of computers and Internet. The existence of The Internet, computers and large data storage make it possible to collect, process and transmit large volumes of data, including personal data. In this paper, we shall study the privacy from following two different views, namely legal framework and computer security model, and attempt to identify the difference between them. Because of the difference, we further argue that the current computer security model is not sufficient to support the privacy requirements in the legal framework. We propose a computer model “privacy reference monitor” to handle those unsupported requirements. The design of the privacy reference monitor is privacy policy neutral with a small number of functions. With minimal functionalities, we believe that it is possible to implement a verifiable privacy reference monitor.

[1]  Gerardo Canfora,et al.  A Three Layered Model to Implement Data Privacy Policies , 2008, WOSIS.

[2]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[3]  Rudolf Schmid,et al.  Organization for the advancement of structured information standards , 2002 .

[4]  Dimitra I. Kaklamani,et al.  A middleware architecture for privacy protection , 2007, Comput. Networks.

[5]  H. P Gassmann,et al.  OECD guidelines governing the protection of privacy and transborder flows of personal data , 1981 .

[6]  Vasilios Zorkadis,et al.  A Model Enabling Law Compliant Privacy Protection through the Selection and Evaluation of Appropriate Security Controls , 2002, InfraSec.

[7]  Jingsha He,et al.  A Privacy-Enhanced Access Control Model , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[8]  Debra Herrmann,et al.  Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI , 2007 .

[9]  Chris Weber,et al.  Privacy Defended: Protecting Yourself Online , 2002 .

[10]  Jorge Lobo,et al.  Conditional Privacy-Aware Role Based Access Control , 2007, ESORICS.

[11]  Sabah S. Al-Fedaghi,et al.  Beyond Purpose-Based Privacy Access Control , 2007, ADC.

[12]  Debra Herrmann,et al.  Complete Guide to Security and Privacy Metrics , 2007 .

[13]  S. Fischer-h bner IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms , 2001 .

[14]  Jennifer Seberry,et al.  Fundamentals of Computer Security , 2003, Springer Berlin Heidelberg.

[15]  Simone Fischer-Hübner,et al.  IT-Security and Privacy , 2001, Lecture Notes in Computer Science.

[16]  Claire Wright,et al.  Internet Law in Hong Kong , 2003 .