An XPath-based preference language for P3P
WWW '03 Proceedings of the 12th international conference on World Wide Web
A formal analysis of information disclosure in data exchange
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Limiting disclosure in hippocratic databases
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Tamper detection in audit logs
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Auditing compliance with a Hippocratic database
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
A platform-independent approach for auditing information systems
HDKM '08 Proceedings of the second Australasian workshop on Health data and knowledge management - Volume 80
Requirements of secure storage systems for healthcare records
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
ACM SIGCOMM Computer Communication Review
Hi-index | 0.00 |
Governments worldwide are enacting data protection laws that restrict the disclosure and processing of personal information. These laws impose administrative and financial burdens on companies that manage personal information and may hinder the legitimate and valuable sharing and analysis of this information. In this paper we describe an integrated set of technologies, known as the Hippocratic Database (HDB), which enables compliance with security and privacy regulations without impeding the legitimate flow of information. HDB's Control Center allows companies to specify fine-grained disclosure policies based on the role of the user, the purpose of the access, the intended recipient, and other disclosure conditions. Its Active Enforcement component transparently enforces these policies by transforming user queries in a middleware layer to ensure that the database returns only policy-compliant information. HDB's Compliance Auditing system efficiently tracks all database accesses and allows auditors to formulate precise audit queries to monitor compliance with privacy and security policies. In this paper, we outline the basic architecture of the HDB solution, discuss the advantages of our approach, and illustrate the features of each component with practical compliance scenarios from the financial services industry.