Maintaining privacy on derived objects

Protecting privacy means to ensure users that access to their personal data complies with their preferences. However, information can be manipulated in order to derive new objects that may disclose part of the original information. Therefore, control of information flow is necessary for guaranteeing privacy protection since users should know and control not only who access their personal data, but also who access information derived from their data. Actually, current approaches for access control do not provide support for managing propagation of information and for representing user preferences.This paper proposes to extend the Flexible Authorization Framework (FAF) in order to automatically verify whether a subject is entitled to process personal data and derive the authorizations associated with the outcome of data processing. In order to control information flow, users may specify the range of authorizations that can be associated with objects derived from their data. The framework guarantees that every "valid" derived object does not disclose more information than users want and preserves the permissions that users want to maintain. To make the discussion more concrete, we illustrate the proposal with a bank case study.

[1]  Vijay Karamcheti,et al.  dRBAC: distributed role-based access control for dynamic coalition environments , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[2]  Andrew C. Myers,et al.  Security policies for downgrading , 2004, CCS '04.

[3]  Birgit Pfitzmann,et al.  A Toolkit for Managing Enterprise Privacy Policies , 2003, ESORICS.

[4]  Marianne Winslett,et al.  Protecting Privacy during On-Line Trust Negotiation , 2002, Privacy Enhancing Technologies.

[5]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[6]  Pierangela Samarati,et al.  Authentication, access control, and audit , 1996, CSUR.

[7]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[8]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[9]  Elisa Bertino,et al.  Information Flow Control in Object-Oriented Systems , 1997, IEEE Trans. Knowl. Data Eng..

[10]  Alley Stoughton Access Flow: A Protection Model which Integrates Access Control and Information Flow , 1981, 1981 IEEE Symposium on Security and Privacy.

[11]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[12]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[13]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[14]  Wolfgang Faber,et al.  The DLV system for knowledge representation and reasoning , 2002, TOCL.

[15]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[16]  Elisa Bertino,et al.  Providing flexibility in information flow control for object oriented systems , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[17]  Peter J. Stuckey,et al.  Programming with Constraints: An Introduction , 1998 .

[18]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[19]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[20]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[21]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[22]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[23]  Marianne Winslett,et al.  Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation , 2001, NDSS.

[24]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..