A Framework for Expressing and Enforcing Purpose-Based Privacy Policies

dc.contributor.authorJafari, Mohammaden_US
dc.contributor.authorFong, Philipen_US
dc.contributor.authorSafavi-Naini, Reihanehen_US
dc.contributor.authorBarker, Kenen_US
dc.date.accessioned2013-01-28T17:34:14Z
dc.date.available2013-01-28T17:34:14Z
dc.date.issued2013-01-28
dc.description.abstractPurpose is a key concept in privacy policies and has been mentioned in major privacy laws and regulations. Although some models have been proposed for enforcing purpose-based policies, little has been done in de ning formal semantics for purpose and therefore an e ective enforcement mechanism for policies has remained a challenge. In this paper, we develop a framework for formalizing and enforcing purpose-based privacy policies. Purpose is formally de ned as the dynamic situation of an action within the network of inter-related actions in the system. Accordingly, we propose a modal-logic language for formally expressing constraints about purposes of actions which can be used to model purpose-based policies. The semantics of this language are de ned over an abstract model of activities in the system which is directly derivable from business processes. Based on this formal framework, we discuss some properties of purpose and show how some well-known, as well as new forms of purpose constraints can be formalized using the proposed language. We also show how purpose-based constraints can be tied to other access control policies in the system. Finally, we present a model-checking algorithm for verifying whether a given state of the system complies with a given set of policies, followed by a discussion of how this can be used in an actual implementation of a purpose reference monitor.en_US
dc.description.refereedNoen_US
dc.identifier.department2013-1037-04en_US
dc.identifier.doihttp://dx.doi.org/10.11575/PRISM/30597
dc.identifier.urihttp://hdl.handle.net/1880/49351
dc.language.isoengen_US
dc.publisher.corporateUniversity of Calgaryen_US
dc.publisher.facultyScienceen_US
dc.subjectPurposeen_US
dc.subjectSemanticsen_US
dc.subjectpurpose-Based policiesen_US
dc.subject.otherPrivacy, Modal Logic, Workflow, Petri Neten_US
dc.titleA Framework for Expressing and Enforcing Purpose-Based Privacy Policiesen_US
dc.typetechnical reporten_US
thesis.degree.disciplineComputer Scienceen_US
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
2013-1037-04.pdf
Size:
730.63 KB
Format:
Adobe Portable Document Format
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.84 KB
Format:
Item-specific license agreed upon to submission
Description: