Name
Abstract | ||
|---|---|---|
One of the main privacy concerns of users when submitting their data to an organization is that their data will be used only for the specified purposes. Although privacy policies can specify the purpose, enforcing such policies remains a challenge. In this paper we propose an approach to enforcing purpose in access control systems that uses workflows. The intuition behind this approach is that purpose of access can be inferred, and hence associated with, the workflow in which the access takes place. We thus propose to encode purposes as properties of workflows used by organizations and show how this can be implemented. The approach is more general than other known approaches to purpose-based enforcement, and can be used to implement them. We argue the advantages of the new approach in terms of accuracy and expressiveness. |
Year | DOI | Venue |
|---|---|---|
2009 | 10.1145/1655188.1655206 | WPES |
Keywords | Field | DocType |
purpose-based enforcement,access control system,known approach,enforcing purpose,privacy policy,specified purpose,main privacy concern,new approach,privacy,workflow,access control | ENCODE,Computer science,Computer security,Privacy policy,Intuition,Enforcement,Access control,Workflow,Expressivity | Conference |
Citations | PageRank | References |
13 | 0.71 | 17 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Mohammad Jafari | 1 | 60 | 4.80 |
| Reihaneh Safavi-Naini | 2 | 2378 | 257.74 |
| Nicholas Paul Sheppard | 3 | 285 | 25.84 |