Towards defining semantic foundations for purpose-based privacy policies

Jafari, Mohammad, Fong, Philip W. L., Safavi-Naini, Rei, Barker, Ken, & Sheppard, Nicholas P. (2011) Towards defining semantic foundations for purpose-based privacy policies. In Proceedings of the First ACM Conference on Data and Application Security and Privacy (CODASPY '11), ACM, Hilton Palacio Del Rio, San Antonio, Texas, pp. 213-224.

View at publisher


We define a semantic model for purpose, based on which purpose-based privacy policies can be meaningfully expressed and enforced in a business system. The model is based on the intuition that the purpose of an action is determined by its situation among other inter-related actions. Actions and their relationships can be modeled in the form of an action graph which is based on the business processes in a system. Accordingly, a modal logic and the corresponding model checking algorithm are developed for formal expression of purpose-based policies and verifying whether a particular system complies with them. It is also shown through various examples, how various typical purpose-based policies as well as some new policy types can be expressed and checked using our model.

Impact and interest:

16 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

106 since deposited on 27 Feb 2011
6 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 40324
Item Type: Conference Paper
Refereed: Yes
Keywords: purpose, privacy policy, access control, modal logic
DOI: 10.1145/1943513.1943541
ISBN: 9781450304665
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTATION THEORY AND MATHEMATICS (080200) > Computational Logic and Formal Languages (080203)
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Divisions: Current > QUT Faculties and Divisions > Division of Technology, Information and Library Services
Deposited On: 27 Feb 2011 22:11
Last Modified: 11 Jan 2012 22:04

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page