Minimal Disclosure in Hierarchical Hippocratic Databases with Delegation

Hippocratic Databases have been proposed as a mechanism to guarantee the respect of privacy principles in data management. We argue that three major principles are missing from the proposed mechanism: hierarchies of purposes, delegation of tasks and authorizations (i.e. outsourcing), and the minimal disclosure of private information. In this paper, we propose a flexible framework for the negotiation of personal information among customers and (possibly virtual) enterprises based on user preferences when enterprises may adopt different processes to provide the same service. We use a goal-oriented approach to analyze the purposes of a Hippocratic system and derive a purpose and delegation hierarchy. Based on this hierarchy, effective algorithms are given to determine the minimum set of authorizations needed for a service. In this way, the minimal authorization table of a global business process can be automatically constructed from the collection of privacy policy tables associated with the collaborating enterprises. By using effective on-line algorithms, the derivation of such minimal information can also be done on-the-fly by the customer wishing to use the services of a virtual organization.

[1]  John Mylopoulos,et al.  Simple and Minimum-Cost Satisfiability for Goal Models , 2004, CAiSE.

[2]  Ismail Hakki Toroslu,et al.  A Semantic-Based User Privacy Protection Framework for Web Services , 2003, ITWP.

[3]  James R. Slagle,et al.  An Admissible and Optimal Algorithm for Searching AND/OR Graphs , 1971, Artif. Intell..

[4]  Mike P. Papazoglou,et al.  Web Services and Business Transactions , 2003, World Wide Web.

[5]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[6]  David J. DeWitt,et al.  Limiting Disclosure in Hippocratic Databases , 2004, VLDB.

[7]  Asuman Dogac,et al.  A Semantic based Privacy Framework for Web Services , 2003 .

[8]  Alexandre V. Evfimievski,et al.  Information sharing across private databases , 2003, SIGMOD '03.

[9]  John Mylopoulos,et al.  Requirements Engineering Meets Trust Management: Model, Methodology, and Reasoning , 2004, iTrust.

[10]  John Mylopoulos,et al.  Requirements engineering for trust management: model, methodology, and reasoning , 2006, International Journal of Information Security.

[11]  Alberto Martelli,et al.  Additive AND/OR Graphs , 1973, IJCAI.

[12]  W. W. Bledsoe,et al.  Review of "Problem-Solving Methods in Artificial Intelligence by Nils J. Nilsson", McGraw-Hill Pub. , 1971, SGAR.

[13]  G. Italiano,et al.  Optimal Traversal of Directed Hypergraphs , 1992 .

[14]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[15]  Yongge Wang,et al.  Maximum Flows and Critical Vertices in AND/OR Graphs , 2002, COCOON.

[16]  Marianne Winslett,et al.  Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation , 2001, NDSS.

[17]  Sartaj Sahni,et al.  Computationally Related Problems , 1974, SIAM J. Comput..

[18]  John Mylopoulos,et al.  Reasoning with Goal Models , 2002, ER.

[19]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[20]  Daniele Frigioni,et al.  Directed Hypergraphs: Problems, Algorithmic Results, and a Novel Decremental Approach , 2001, ICTCS.

[21]  Giorgio Gallo,et al.  Directed Hypergraphs and Applications , 1993, Discret. Appl. Math..