论文信息 - A hippocratic privacy protection framework for relational databases

A hippocratic privacy protection framework for relational databases

Individuals are not comfortable when disclosing their personal information to corporate organisations and are becoming increasingly concerned. Decision criteria needed for privacy protection are more complex than those that apply to access control when managing security. A typical problem in this context concerns giving individuals better control over their personal information, while at the same time allowing the organisation to process its transactions on the same personalised information. To address this difficulty, we consider extending the Hippocratic principles and model them in our Hippocratic Privacy Protection (HPP) framework that is based on the concept of privacy contracting. A prototype of the proposed HPP framework was constructed to serve as a proof of concept in order to demonstrate the developed HPP framework as an applicable and efficacious model for solving privacy problems. Based on this prototype, we afford individuals more control over their personal information. The prototype that we developed is validated against a proposed PET evaluation framework.

[1] Martin S. Olivier,et al. Privacy Contracts as an Extension of Privacy Policies , 2005, 21st International Conference on Data Engineering Workshops (ICDEW'05).

[2] Aimilia Tasidou,et al. Towards Privacy in Personal Data Management , 2008, 2008 Panhellenic Conference on Informatics.

[3] Raj Sharman,et al. Handbook of Research on Social and Organizational Liabilities in Information Security , 2008 .

[4] John Sören Pettersson,et al. Making PRIME usable , 2005, SOUPS '05.

[5] Anneke Kleppe,et al. The Object Constraint Language: Getting Your Models Ready for MDA , 2003 .

[6] Lin Liu,et al. Towards a personalized privacy management framework , 2010, SESS '10.

[7] F. Cate. The Failure of Fair Information Practice Principles , 2006 .

[8] Ramakrishnan Srikant,et al. Hippocratic Databases , 2002, VLDB.

[9] Abhi Shelat,et al. Privacy and identity management for everyone , 2005, DIM '05.

[10] D. McGraw,et al. Privacy as an enabler, not an impediment: building trust into health information exchange. , 2009, Health affairs.

[11] Martin Gogolla,et al. Object Constraint Language , 2009, Encyclopedia of Database Systems.

[12] Patrizio Pelliccione,et al. Towards a Graphical Tool for Refining User to System Requirements , 2008, GT-VMT@ETAPS.

[13] Jos Warmer,et al. The object constraint language , 1998 .

[14] Martin S. Olivier,et al. Privacy contracts incorporated in a privacy protection framework , 2006, Comput. Syst. Sci. Eng..