Purpose Control: Did You Process the Data for the Intended Purpose?

Data protection legislation requires personal data to be collected and processed only for lawful and legitimate purposes. Unfortunately, existing protection mechanisms are not appropriate for purpose control: they only prevent unauthorized actions from occurring and do not guarantee that the data are actually used for the intended purpose. In this paper, we present a flexible framework for purpose control, which connects the intended purpose of data to the business model of an organization and detects privacy infringements by determining whether the data have been processed only for the intended purpose.

[1]  Bruce Schneier,et al.  Secure audit logs to support computer forensics , 1999, TSEC.

[2]  Nicola Zannone,et al.  Formal Analysis of BPMN Via a Translation into COWS , 2008, COORDINATION.

[3]  Francesco Tiezzi,et al.  A Calculus for Orchestration of Web Services , 2007, ESOP.

[4]  Duane DeCouteau,et al.  Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare Version 1.0 , 2008 .

[5]  Lillian Røstad,et al.  A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[6]  Farhad Arbab,et al.  Coordination Models and Languages , 1998, Adv. Comput..

[7]  Francisco Curbera,et al.  Web Services Business Process Execution Language Version 2.0 , 2007 .

[8]  Hyokyung Bahn,et al.  P/PA-SPTF: Parallelism-aware request scheduling algorithms for MEMS-based storage devices , 2009, TOS.

[9]  Perdita Stevens,et al.  Modelling Recursive Calls with UML State Diagrams , 2003, FASE.

[10]  Antoine Geissbühler,et al.  Comprehensive management of the access to the electronic patient record: Towards trans-institutional networks , 2007, Int. J. Medical Informatics.

[11]  John Mylopoulos,et al.  Hierarchical hippocratic databases with minimal disclosure for virtual organizations , 2006, The VLDB Journal.

[12]  Weibo Gong,et al.  Anomaly detection using call stack information , 2003, 2003 Symposium on Security and Privacy, 2003..

[13]  Gene Tsudik,et al.  A new approach to secure logging , 2008, TOS.

[14]  Nicola Zannone,et al.  Towards the development of privacy-aware systems , 2009, Inf. Softw. Technol..

[15]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[16]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[17]  Q. He A Framework for Modeling Privacy Requirements in Role Engineering , 2003 .

[18]  Sabah S. Al-Fedaghi,et al.  Beyond Purpose-Based Privacy Access Control , 2007, ADC.

[19]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[20]  Dieter Gollmann,et al.  Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , 2005, ESORICS.

[21]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[22]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[23]  Frank Gens,et al.  Cloud Computing Benefits, risks and recommendations for information security , 2010 .

[24]  Gordon D. Plotkin,et al.  The origins of structural operational semantics , 2004, J. Log. Algebraic Methods Program..

[25]  Jerry den Hartog,et al.  Audit-based compliance control , 2007, International Journal of Information Security.

[26]  Nataliya Guts,et al.  A Formal Implementation of Value Commitment , 2008, ESOP.

[27]  Paul Ashley,et al.  E-P3P privacy policies and privacy authorization , 2002, WPES '02.

[28]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[29]  Günter Karjoth,et al.  A privacy policy model for enterprises , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[30]  Wil M. P. van der Aalst,et al.  Conformance checking of processes based on monitoring real behavior , 2008, Inf. Syst..

[31]  Andrea Omicini,et al.  Proceedings of the 2004 ACM Symposium on Applied Computing (SAC 2004) , 2004 .

[32]  David Blumenthal Meaningful use: an assessment. An interview with David Blumenthal, M.D., National Coordinator for Health Information Technology, Office of the National Coordinator. Interview by Mark Hagland. , 2011, Healthcare informatics : the business magazine for information and communication systems.

[33]  Michael Backes,et al.  Efficient comparison of enterprise privacy policies , 2004, SAC '04.

[34]  Stefania Gnesi,et al.  A Model Checking Approach for Verifying COWS Specifications , 2008, FASE.

[35]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[36]  Christos Faloutsos,et al.  Auditing Compliance with a Hippocratic Database , 2004, VLDB.

[37]  Wil M. P. van der Aalst,et al.  Workflow mining: discovering process models from event logs , 2004, IEEE Transactions on Knowledge and Data Engineering.

[38]  Alexander Pretschner,et al.  On Obligations , 2005, ESORICS.