Please use this identifier to cite or link to this item: http://hdl.handle.net/11023/924
Title: Modelling and Enforcing Purpose in Privacy Policies
Author: Jafari, Mohammad
Advisor: Safavi-Naini, Reyhaneh Alsadat
Barker, Kenneth Edwin
Keywords: Computer Science
Issue Date: 6-Sep-2013
Abstract: Privacy concerns are among the most significant side effects of advances in computer and networking technologies. Expressing and enforcing privacy policies is necessary to ensure that processing of personal information in these systems does not violate privacy of individuals. Privacy laws and regulations, as well as various privacy policy languages and privacy-preserving systems show no disagreement in that purpose of use has a key role in privacy policies and is an important factor in controlling access to personal data. In the current literature on privacy, purposes have been treated mostly as opaque labels with little or no semantics. The resulting ambiguities have made purposes susceptible to malicious or inadvertent misinterpretations. Consequently, enforcing purpose-based policies has also remained a challenge. In this research, we address these problems. We develop a framework that defines purposes formally and provides a formal language for expressing purpose constraints, as well as the corresponding method for evaluating them in the context of a workflow. The semantics of this language are defined over an abstract model of business workflows. We show how purpose constraints can be linked to access control rules to form purpose-based policies and develop an enforcement mechanism in the form of a workflow reference monitor to ensure compliance to such policies. We also show how a simple form of such a reference monitor can be implemented using XACML, a common open standard access control system in the industry.
URI: http://hdl.handle.net/11023/924
Appears in Collections:Electronic Theses

Files in This Item:
File Description SizeFormat 
ucalgary_2013_jafari_mohammad.pdf1.2 MBAdobe PDFView/Open


Items in The Vault are protected by copyright, with all rights reserved, unless otherwise indicated.