Introduction to algorithms
Directed hypergraphs and applications
Discrete Applied Mathematics - Special issue: combinatorial structures and algorithms
Web Services and Business Transactions
World Wide Web
Directed Hypergraphs: Problems, Algorithmic Results, and a Novel Decremental Approach
ICTCS '01 Proceedings of the 7th Italian Conference on Theoretical Computer Science
Maximum Flows and Critical Vertices in AND/OR Graphs
COCOON '02 Proceedings of the 8th Annual International Conference on Computing and Combinatorics
Information Flow in a Purpose-Oriented Access Control Model
ICPADS '97 Proceedings of the 1997 International Conference on Parallel and Distributed Systems
Information sharing across private databases
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
Tropos: An Agent-Oriented Software Development Methodology
Autonomous Agents and Multi-Agent Systems
Purpose based access control of complex data for privacy protection
Proceedings of the tenth ACM symposium on Access control models and technologies
Problem-Solving Methods in Artificial Intelligence
Problem-Solving Methods in Artificial Intelligence
Modeling Security Requirements Through Ownership, Permission and Delegation
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Privacy constraint processing in a privacy-enhanced database management system
Data & Knowledge Engineering
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Limiting disclosure in hippocratic databases
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Platform for enterprise privacy practices: privacy-enabled management of customer data
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Protecting privacy during on-line trust negotiation
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Privacy is linking permission to purpose
SP'04 Proceedings of the 12th international conference on Security Protocols
Minimal disclosure in hierarchical hippocratic databases with delegation
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Security and Trust in IT Business Outsourcing: a Manifesto
Electronic Notes in Theoretical Computer Science (ENTCS)
P4A: A New Privacy Model for XML
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Towards the development of privacy-aware systems
Information and Software Technology
No purpose, no data: goal-oriented access control forambient assisted living
Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
Purpose control: did you process the data for the intended purpose?
SDM'11 Proceedings of the 8th VLDB international conference on Secure data management
A novel Threat Evaluation method for privacy-aware system in RFID
International Journal of Ad Hoc and Ubiquitous Computing
A contextual privacy-aware access control model for network monitoring workflows: work in progress
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Privacy analysis in mobile social networks: the influential factors for disclosure of personal data
International Journal of Wireless and Mobile Computing
A privacy-aware access control model for distributed network monitoring
Computers and Electrical Engineering
Hi-index | 0.00 |
The protection of customer privacy is a fundamental issue in today’s corporate marketing strategies. Not surprisingly, many research efforts have proposed new privacy-aware technologies. Among them, Hippocratic databases offer mechanisms for enforcing privacy rules in database systems for inter-organizational business processes (also known as virtual organizations). This paper extends these mechanisms to allow for hierarchical purposes, distributed authorizations and minimal disclosure supporting the business processes of virtual organizations that want to offer their clients a number of ways to fulfill a service. Specifically, we use a goal-oriented approach to analyze privacy policies of the enterprises involved in a business process. On the basis of the purpose hierarchy derived through a goal refinement process, we provide algorithms for determining the minimum set of authorizations needed to achieve a service. This allows us to automatically derive access control policies for an inter-organizational business process from the collection of privacy policies associated with different participating enterprises. By using effective on-line algorithms, the derivation of such minimal information can also be done on-the-fly by the customer wishing to access a service.