Privacy, information technology, and health care
Communications of the ACM
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
Can P3P help to protect privacy worldwide?
MULTIMEDIA '00 Proceedings of the 2000 ACM workshops on Multimedia
A logical framework for reasoning about access control models
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
An Access Control Model for Data Archives
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
Obligation Monitoring in Policy Management
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A security policy model for clinical information systems
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
IT-security and privacy: design and use of privacy-enhancing security mechanisms
IT-security and privacy: design and use of privacy-enhancing security mechanisms
E-P3P privacy policies and privacy authorization
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Virtual enterprise access control requirements
SAICSIT '03 Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
Efficient comparison of enterprise privacy policies
Proceedings of the 2004 ACM symposium on Applied computing
Conflict and combination in privacy policy languages
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Enterprise privacy promises and enforcement
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
Usable security and privacy: a case study of developing privacy management tools
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Cryptographic alias e-mail addresses for privacy enforcement in business outsourcing
Proceedings of the 2005 workshop on Digital identity management
SWS '04 Proceedings of the 2004 workshop on Secure web service
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Privacy intrusion detection using dynamic Bayesian networks
ICEC '06 Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet
Supporting access control policies across multiple operating systems
Proceedings of the 43rd annual Southeast regional conference - Volume 2
A Bayesian Network Approach to Detecting Privacy Intrusion
WI-IATW '06 Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology
Privacy-aware role based access control
Proceedings of the 12th ACM symposium on Access control models and technologies
A middleware architecture for privacy protection
Computer Networks: The International Journal of Computer and Telecommunications Networking
SQL's revoke with a view on privacy
Proceedings of the 2007 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries
Privacy policy enforcement in enterprises with identity management solutions
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
A privacy-aware access control system
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
Evaluating assistance of natural language policy authoring
Proceedings of the 4th symposium on Usable privacy and security
Towards the development of privacy-aware systems
Information and Software Technology
Designing Privacy-Aware Personal Health Record Systems
ER '08 Proceedings of the ER 2008 Workshops (CMLSA, ECDM, FP-UML, M2AS, RIGiM, SeCoGIS, WISM) on Advances in Conceptual Modeling: Challenges and Opportunities
PuRBAC: Purpose-Aware Role-Based Access Control
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Privacy policy enforcement in enterprises with identity management solutions
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Platform for enterprise privacy practices: privacy-enabled management of customer data
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Simplified privacy controls for aggregated services: suspend and resume of personal data
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Privacy-aware role-based access control
ACM Transactions on Information and System Security (TISSEC)
A dynamic privacy model for web services
Computer Standards & Interfaces
Privacy policies with modal logic: the dynamic turn
DEON'10 Proceedings of the 10th international conference on Deontic logic in computer science
A semantic privacy-preserving model for data sharing and integration
Proceedings of the International Conference on Web Intelligence, Mining and Semantics
Purpose control: did you process the data for the intended purpose?
SDM'11 Proceedings of the 8th VLDB international conference on Secure data management
Enhancing user privacy through data handling policies
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Towards scalable management of privacy obligations in enterprises
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Privacy enforcement for IT governance in enterprises: doing it for real
TrustBus'05 Proceedings of the Second international conference on Trust, Privacy, and Security in Digital Business
A privacy enhanced role-based access control model for enterprises
ICCNMC'05 Proceedings of the Third international conference on Networking and Mobile Computing
A semantic-based user privacy protection framework for web services
ITWP'03 Proceedings of the 2003 international conference on Intelligent Techniques for Web Personalization
Privacy injector — automated privacy enforcement through aspects
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
A systemic approach to automate privacy policy enforcement in enterprises
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
A dynamic logic for privacy compliance
Artificial Intelligence and Law - Special issue on Deontic Logic and Normative Systems
Using purpose lattices to facilitate customisation of privacy agreements
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
A privacy preserving model bridging data provider and collector preferences
Proceedings of the Joint EDBT/ICDT 2013 Workshops
Crafting a balance between big data utility and protection in the semantic data cloud
Proceedings of the 3rd International Conference on Web Intelligence, Mining and Semantics
Extensible policy framework for heterogeneous network environments
International Journal of Information and Computer Security
Hi-index | 0.00 |
Privacy is an increasing concern in the marketplace. Although enterprises promise sound privacy practices to their customers, there is no technical mechanism to enforce them internally. In this paper; we describe a privacy policy model that protects personal data from privacy violations by means enforcing enterprise-wide privacy policies. By extending Jajodia et al.Flexible Authorization Framework (FAF) with grantors and obligations, we create a privacy control language that includes user consent, obligations, and distributed administration. Conditions impose restrictions on the use of the collected data, such as modeling guardian consent and options. Access decisions are extended with obligations, which list a set of activities that must be executed together with the access request. Grantors allow to define a separation of duty between the security officer and the privacy officer.