Towards defining semantic foundations for purpose-based privacy policies
Jafari, Mohammad , Fong, Philip W. L. , Safavi-Naini, Rei , Barker, Ken , & Sheppard, Nicholas P. (2011) Towards defining semantic foundations for purpose-based privacy policies. In Proceedings of the First ACM Conference on Data and Application Security and Privacy (CODASPY '11), ACM, Hilton Palacio Del Rio, San Antonio, Texas, pp. 213-224.
We define a semantic model for purpose, based on which purpose-based privacy policies can be meaningfully expressed and enforced in a business system. The model is based on the intuition that the purpose of an action is determined by its situation among other inter-related actions. Actions and their relationships can be modeled in the form of an action graph which is based on the business processes in a system. Accordingly, a modal logic and the corresponding model checking algorithm are developed for formal expression of purpose-based policies and verifying whether a particular system complies with them. It is also shown through various examples, how various typical purpose-based policies as well as some new policy types can be expressed and checked using our model.
Impact and interest:
Citation countsare sourced monthly fromand citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
Full-text downloadsdisplays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
|Item Type:||Conference Paper|
|Subjects:||Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTATION THEORY AND MATHEMATICS (080200) > Computational Logic and Formal Languages (080203)|
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
|Divisions:||Current > QUT Faculties and Divisions > Division of Technology, Information and Learning Support|
|Deposited On:||28 Feb 2011 08:11|
|Last Modified:||12 Jan 2012 08:04|
Repository Staff Only: item control page