A Three Layered Model to Implement Data Privacy Policies

Gerardo Canfora, Corrado Aaron Visaggio

Abstract

Many business services for private companies and citizens are increasingly accomplished trough the web and mobile devices. As such a scenario is characterized by high dynamism and untrustworthiness, existing technologies could be unsuccessful. This paper proposes an approach, inspired to the front-end trust filter paradigm, to manage data privacy in a very flexible way. Our approach has the potential to reduce the change impact due to the dynamism and to foster the reuse of strategies, and their implementations, across organizations.

References

  1. Agrawal R., Kiernan,J., Srikant R., and Xu Y., 2002, Hippocratic databases. In VLDB, the 28th Int'l Conference on Very Large Database.
  2. Agrawal R., Bird P., Grandison T., Kiernan J., Logan S., Rjaibt W., 2005 Extending Relational Database Systems to Automatically Enforce Privacy Policies. In ICDE'05 Int'l Conference on Data Engineering, IEEE Computer Society.
  3. Ashley P., Hada S., Karjoth G., Powers C., Schunter M., 2003. Enterprise Privacy Authorization Language (EPAL 1.1). IBM Reserach Report. (available at: http://www.zurich.ibm.com/security/enterprice-privacy/epal - last access on 19.02.07).
  4. Bayardo R.J., and Srikant R., 2003. Technology Solutions for Protecting Privacy. In Computer. IEEE Computer Society.
  5. Fung C.M:, Wang K., and Yu S.P., 2005. Top-Down Specialization for information and Privacy Preservation. In ICDE'05, 21st International Conference on Data Engineering. IEEE Computer Society.
  6. Langheinrich M.,2005. Personal privacy in ubiquitous computing -Tools and System Support. PhD. Dissertation, ETH Zurich.
  7. Machanavajjhala A., Gehrke J., and Kifer D., 2006. l-Diversity: Privacy Beyond kAnonymity. In ICDE'06 22nd Int'l Conference on Data Engineering . IEEE Computer Society.
  8. Maurer U., 2004. The role of Cryptography in Database Security. In SIGMOD, int'l conference on Management of Data. ACM.
  9. Muralidhar, K., Parsa, R., and Sarathy R. 1999. A General Additive Data Perturbation Method for Database Security. In Management Science, Vol. 45, No. 10.
  10. Northrop L., 2006. Ultra-Large-Scale System. The software Challenge of the Future. SEI Carnegie Mellon University Report (available at http://www.sei.cmu.edu/uls/ - last access on 19.02.07).
  11. Oberholzer H.J.G., and Olivier M.S., 2005, Privacy Contracts as an Extension of Privacy Policy. In ICDE'05, 21st Int'l Conference on Data Engineering. IEEE Computer Society.
  12. Pfleeger C.R., and Pfleeger S.L., 2002. Security in Computing. Prentice Hall.
  13. Sackman S., Struker J., and Accorsi R., 2006. Personalization in Privacy-Aware Highly dynamic Systems. Communications of the ACM, Vol. 49 No.9.ACM.
  14. Squicciarini A., Bertino E., Ferrari E., Ray I., 2006 Achieving Privacy in Trust Negotiations with an Ontology-Based Approach. In IEEE Transactions on Dependable and Secure Computing, IEEE CS.
  15. Subirana B., and Bain M., 2006. Legal Programming. In Communications of the ACM, Vol. 49 No.9. ACM.
  16. Sweeney L., 2002. k-Anonymity: A model for Protecting Privacy. In International Journal on Uncertainty, Fuzziness and Knowledge Based Systems, 10.
  17. Platform for Privacy Preferences (P3P) Project, W3C, http://www.w3.org/P3P/ (last access on January 2007).
Download


Paper Citation


in Harvard Style

Canfora G. and Aaron Visaggio C. (2007). A Three Layered Model to Implement Data Privacy Policies . In Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007) ISBN 978-972-8865-96-2, pages 155-165. DOI: 10.5220/0002418301550165


in Bibtex Style

@conference{wosis07,
author={Gerardo Canfora and Corrado Aaron Visaggio},
title={A Three Layered Model to Implement Data Privacy Policies},
booktitle={Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)},
year={2007},
pages={155-165},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002418301550165},
isbn={978-972-8865-96-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)
TI - A Three Layered Model to Implement Data Privacy Policies
SN - 978-972-8865-96-2
AU - Canfora G.
AU - Aaron Visaggio C.
PY - 2007
SP - 155
EP - 165
DO - 10.5220/0002418301550165