Hierarchical hippocratic databases with minimal disclosure for virtual organizations

The protection of customer privacy is a fundamental issue in today’s corporate marketing strategies. Not surprisingly, many research efforts have proposed new privacy-aware technologies. Among them, Hippocratic databases offer mechanisms for enforcing privacy rules in database systems for inter-organizational business processes (also known as virtual organizations). This paper extends these mechanisms to allow for hierarchical purposes, distributed authorizations and minimal disclosure supporting the business processes of virtual organizations that want to offer their clients a number of ways to fulfill a service. Specifically, we use a goal-oriented approach to analyze privacy policies of the enterprises involved in a business process. On the basis of the purpose hierarchy derived through a goal refinement process, we provide algorithms for determining the minimum set of authorizations needed to achieve a service. This allows us to automatically derive access control policies for an inter-organizational business process from the collection of privacy policies associated with different participating enterprises. By using effective on-line algorithms, the derivation of such minimal information can also be done on-the-fly by the customer wishing to access a service.

[1]  Giorgio Gallo,et al.  Directed Hypergraphs and Applications , 1993, Discret. Appl. Math..

[2]  John Mylopoulos,et al.  Simple and Minimum-Cost Satisfiability for Goal Models , 2004, CAiSE.

[3]  Marianne Winslett,et al.  Protecting Privacy during On-Line Trust Negotiation , 2002, Privacy Enhancing Technologies.

[4]  Alberto Martelli,et al.  Additive AND/OR Graphs , 1973, IJCAI.

[5]  Bhavani M. Thuraisingham,et al.  Privacy constraint processing in a privacy-enhanced database management system , 2005, Data Knowl. Eng..

[6]  Makoto Takizawa,et al.  Information flow in a purpose-oriented access control model , 1997, Proceedings 1997 International Conference on Parallel and Distributed Systems.

[7]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[8]  Ismail Hakki Toroslu,et al.  A Semantic-Based User Privacy Protection Framework for Web Services , 2003, ITWP.

[9]  W. W. Bledsoe,et al.  Review of "Problem-Solving Methods in Artificial Intelligence by Nils J. Nilsson", McGraw-Hill Pub. , 1971, SGAR.

[10]  Thomas H. Cormen,et al.  Introduction to algorithms [2nd ed.] , 2001 .

[11]  Sartaj Sahni,et al.  Computationally Related Problems , 1974, SIAM J. Comput..

[12]  John Mylopoulos,et al.  Modeling security requirements through ownership, permission and delegation , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[13]  Ioannis Hatzilygeroudis,et al.  Rule-based update methods for a hybrid rule base , 2005, Data Knowl. Eng..

[14]  C. Handy Trust and the virtual organization , 1999 .

[15]  Elisa Bertino,et al.  Privacy Protection , 2022 .

[16]  Asuman Dogac,et al.  A Semantic based Privacy Framework for Web Services , 2003 .

[17]  Daniele Frigioni,et al.  Directed Hypergraphs: Problems, Algorithmic Results, and a Novel Decremental Approach , 2001, ICTCS.

[18]  David J. DeWitt,et al.  Limiting Disclosure in Hippocratic Databases , 2004, VLDB.

[19]  James R. Slagle,et al.  An Admissible and Optimal Algorithm for Searching AND/OR Graphs , 1971, Artif. Intell..

[20]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[21]  Mike P. Papazoglou,et al.  Web Services and Business Transactions , 2003, World Wide Web.

[22]  Bhavani M. Thuraisingham,et al.  Security and Privacy for Web Databases and Services , 2004, EDBT.

[23]  Fabio Massacci,et al.  Privacy Is Linking Permission to Purpose , 2004, Security Protocols Workshop.

[24]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[25]  John Mylopoulos,et al.  Minimal Disclosure in Hierarchical Hippocratic Databases with Delegation , 2005, ESORICS.

[26]  G. Italiano,et al.  Optimal Traversal of Directed Hypergraphs , 1992 .

[27]  Edsger W. Dijkstra,et al.  A note on two problems in connexion with graphs , 1959, Numerische Mathematik.

[28]  Yongge Wang,et al.  Maximum Flows and Critical Vertices in AND/OR Graphs , 2002, COCOON.

[29]  Fausto Giunchiglia,et al.  Tropos: An Agent-Oriented Software Development Methodology , 2004, Autonomous Agents and Multi-Agent Systems.

[30]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[31]  Birgit Pfitzmann,et al.  A Toolkit for Managing Enterprise Privacy Policies , 2003, ESORICS.

[32]  Alexandre V. Evfimievski,et al.  Information sharing across private databases , 2003, SIGMOD '03.