Abstract
We define a semantic model for purpose, based on which purpose-based privacy policies can be meaningfully expressed and enforced in a business system. The model is based on the intuition that the purpose of an action is determined by its situation among other inter-related actions. Actions and their relationships can be modeled in the form of an action graph which is based on the business processes in a system. Accordingly, a modal logic and the corresponding model checking algorithm are developed for formal expression of purpose-based policies and verifying whether a particular system complies with them. It is also shown through various examples, how various typical purpose-based policies as well as some new policy types can be expressed and checked using our model.
| Original language | English |
|---|---|
| Title of host publication | CODASPY'11: Proceedings of the 1st ACM Conference on Data and Application Security and Privacy, 21-23 February 2011, San Antonio, Texas, USA |
| Publisher | ACM |
| Pages | 213-224 |
| Number of pages | 12 |
| ISBN (Print) | 9781450304665 |
| DOIs | |
| Publication status | Published - 2011 |
| Event | ACM Conference on Data and Application Security & Privacy - Duration: 21 Feb 2011 → … |
Conference
| Conference | ACM Conference on Data and Application Security & Privacy |
|---|---|
| Period | 21/02/11 → … |
Keywords
- access control
- algorithms
- computer security
- electronic data processing
- modality (logic)
- privacy