Enforcing purpose of use via workflows

Mohammad Jafari; Reihaneh Safavi-Naini; Nicholas Paul Sheppard

doi:10.1145/1655188.1655206

Enforcing purpose of use via workflows

Mohammad Jafari, Reihaneh Safavi-Naini, Nicholas Paul Sheppard

Western Sydney University

Research output: Chapter in Book / Conference Paper › Conference Paper › peer-review

13 Citations (Scopus)

Abstract

One of the main privacy concerns of users when submitting their data to an organization is that their data will be used only for the specified purposes. Although privacy policies can specify the purpose, enforcing such policies remains a challenge. In this paper we propose an approach to enforcing purpose in access control systems that uses workflows. The intuition behind this approach is that purpose of access can be inferred, and hence associated with, the workflow in which the access takes place. We thus propose to encode purposes as properties of workflows used by organizations and show how this can be implemented. The approach is more general than other known approaches to purpose-based enforcement, and can be used to implement them. We argue the advantages of the new approach in terms of accuracy and expressiveness.

Original language	English
Title of host publication	WPES '09: Proceedings of the 8th ACM workshop on Privacy in the Electronic Society, 9 November 2009, Chicago, Illinois, USA
Publisher	ACM
Pages	113-116
Number of pages	4
ISBN (Print)	9781605587837
DOIs	https://doi.org/10.1145/1655188.1655206
Publication status	Published - 2009
Event	ACM Workshop on Privacy in the Electronic Society - Duration: 9 Nov 2009 → …

Publication series

Name
ISSN (Print)	1543-7221

Conference

Conference	ACM Workshop on Privacy in the Electronic Society
Period	9/11/09 → …

Keywords

access control
computer networks
privacy
security measures
work flow

Access to Document

10.1145/1655188.1655206

Cite this

@inproceedings{32caf99eaa4846258e4972510a145997,

title = "Enforcing purpose of use via workflows",

abstract = "One of the main privacy concerns of users when submitting their data to an organization is that their data will be used only for the specified purposes. Although privacy policies can specify the purpose, enforcing such policies remains a challenge. In this paper we propose an approach to enforcing purpose in access control systems that uses workflows. The intuition behind this approach is that purpose of access can be inferred, and hence associated with, the workflow in which the access takes place. We thus propose to encode purposes as properties of workflows used by organizations and show how this can be implemented. The approach is more general than other known approaches to purpose-based enforcement, and can be used to implement them. We argue the advantages of the new approach in terms of accuracy and expressiveness.",

keywords = "access control, computer networks, privacy, security measures, work flow",

author = "Mohammad Jafari and Reihaneh Safavi-Naini and Sheppard, {Nicholas Paul}",

year = "2009",

doi = "10.1145/1655188.1655206",

language = "English",

isbn = "9781605587837",

publisher = "ACM",

pages = "113--116",

booktitle = "WPES '09: Proceedings of the 8th ACM workshop on Privacy in the Electronic Society, 9 November 2009, Chicago, Illinois, USA",

note = "ACM Workshop on Privacy in the Electronic Society ; Conference date: 09-11-2009",

}

TY - GEN

T1 - Enforcing purpose of use via workflows

AU - Jafari, Mohammad

AU - Safavi-Naini, Reihaneh

AU - Sheppard, Nicholas Paul

PY - 2009

Y1 - 2009

N2 - One of the main privacy concerns of users when submitting their data to an organization is that their data will be used only for the specified purposes. Although privacy policies can specify the purpose, enforcing such policies remains a challenge. In this paper we propose an approach to enforcing purpose in access control systems that uses workflows. The intuition behind this approach is that purpose of access can be inferred, and hence associated with, the workflow in which the access takes place. We thus propose to encode purposes as properties of workflows used by organizations and show how this can be implemented. The approach is more general than other known approaches to purpose-based enforcement, and can be used to implement them. We argue the advantages of the new approach in terms of accuracy and expressiveness.

AB - One of the main privacy concerns of users when submitting their data to an organization is that their data will be used only for the specified purposes. Although privacy policies can specify the purpose, enforcing such policies remains a challenge. In this paper we propose an approach to enforcing purpose in access control systems that uses workflows. The intuition behind this approach is that purpose of access can be inferred, and hence associated with, the workflow in which the access takes place. We thus propose to encode purposes as properties of workflows used by organizations and show how this can be implemented. The approach is more general than other known approaches to purpose-based enforcement, and can be used to implement them. We argue the advantages of the new approach in terms of accuracy and expressiveness.

KW - access control

KW - computer networks

KW - privacy

KW - security measures

KW - work flow

UR - http://handle.westernsydney.edu.au:8081/1959.7/uws:52024

U2 - 10.1145/1655188.1655206

DO - 10.1145/1655188.1655206

M3 - Conference Paper

SN - 9781605587837

SP - 113

EP - 116

BT - WPES '09: Proceedings of the 8th ACM workshop on Privacy in the Electronic Society, 9 November 2009, Chicago, Illinois, USA

PB - ACM

T2 - ACM Workshop on Privacy in the Electronic Society

Y2 - 9 November 2009

ER -

Enforcing purpose of use via workflows

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this