Minimal disclosure in hierarchical Hippocratic databases with delegation

F. Massacci, J. Mylopoulos, N. Zannone

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Hippocratic Databases have been proposed as a mechanism to guarantee the respect of privacy principles in data management. We argue that three major principles are missing from the proposed mechanism: hierarchies of purposes, delegation of tasks and authorizations (i.e. outsourcing), and the minimal disclosure of private information. In this paper, we propose a flexible framework for the negotiation of personal information among customers and (possibly virtual) enterprises based on user preferences when enterprises may adopt different processes to provide the same service. We use a goal-oriented approach to analyze the purposes of a Hippocratic system and derive a purpose and delegation hierarchy. Based on this hierarchy, effective algorithms are given to determine the minimum set of authorizations needed for a service. In this way, the minimal authorization table of a global business process can be automatically constructed from the collection of privacy policy tables associated with the collaborating enterprises. By using effective online algorithms, the derivation of such minimal information can also be done on-the-fly by the customer wishing to use the services of a virtual organization. © Springer-Verlag Berlin Heidelberg 2005.
Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages438-454
DOIs
Publication statusPublished - 2005
Externally publishedYes
Event10th European Symposium on Research in Computer Security, ESORICS 2005 - , Italy
Duration: 12 Sept 200514 Sept 2005

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference10th European Symposium on Research in Computer Security, ESORICS 2005
Country/TerritoryItaly
Period12/09/0514/09/05

Fingerprint

Dive into the research topics of 'Minimal disclosure in hierarchical Hippocratic databases with delegation'. Together they form a unique fingerprint.

Cite this