Purpose-Oriented Access Control Model in Object-Based Systems
ACISP '97 Proceedings of the Second Australasian Conference on Information Security and Privacy
A Component-Based Architecture for Secure Data Publication
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
A Privacy-Aware Database Interface
A Privacy-Aware Database Interface
Privacy Enforcement with an Extended Role-Based Access Control Model
Privacy Enforcement with an Extended Role-Based Access Control Model
Purpose based access control of complex data for privacy protection
Proceedings of the tenth ACM symposium on Access control models and technologies
Deriving Semantic Models from Privacy Policies
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Privacy-aware role based access control
Proceedings of the 12th ACM symposium on Access control models and technologies
Beyond purpose-based privacy access control
ADC '07 Proceedings of the eighteenth conference on Australasian database - Volume 63
A Purpose-Based Access Control Model
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Design of PriServ, a privacy service for DHTs
PAIS '08 Proceedings of the 2008 international workshop on Privacy and anonymity in information society
Purpose based access control for privacy protection in relational database systems
The VLDB Journal — The International Journal on Very Large Data Bases
Dynamic Purpose-Based Access Control
ISPA '08 Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications
Enforcing P3P policies using a digital rights management system
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Enhancing user privacy through data handling policies
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Privacy preservation and protection by extending generalized partial indices
BNCOD'06 Proceedings of the 23rd British National Conference on Databases, conference on Flexible and Efficient Information Handling
Using purpose lattices to facilitate customisation of privacy agreements
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Towards defining semantic foundations for purpose-based privacy policies
Proceedings of the first ACM conference on Data and application security and privacy
Towards purpose enforcement model for privacy-aware usage control policy in distributed healthcare
International Journal of Security and Networks
Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
| Hi-index | 0.00 |
One of the main privacy concerns of users when submitting their data to an organization is that their data will be used only for the specified purposes. Although privacy policies can specify the purpose, enforcing such policies remains a challenge. In this paper we propose an approach to enforcing purpose in access control systems that uses workflows. The intuition behind this approach is that purpose of access can be inferred, and hence associated with, the workflow in which the access takes place. We thus propose to encode purposes as properties of workflows used by organizations and show how this can be implemented. The approach is more general than other known approaches to purpose-based enforcement, and can be used to implement them. We argue the advantages of the new approach in terms of accuracy and expressiveness.