Article

Privacy is linking permission to purpose

Authors:

Fabio Massacci,

Nicola ZannoneAuthors Info & Claims

SP'04: Proceedings of the 12th international conference on Security Protocols

Pages 179 - 191

https://doi.org/10.1007/11861386_20

Published: 26 April 2004 Publication History

Publisher Site

Abstract

The last years have seen a peak in privacy related research. The focus has been mostly on how to protect the individual from being tracked, with plenty of anonymizing solutions.

We advocate another model that is closer to the “physical” world: we consider our privacy respected when our personal data is used for the purpose for which we gave it in the first place.

Essentially, in any distributed authorization protocol, credentials should mention their purpose beside their powers. For this information to be meaningful we should link it to the functional requirements of the original application.

We sketch how one can modify a requirement engineering methodology to incorporate security concerns so that we explicitly trace back the high-level goals for which a functionality has been delegated by a (human or software) agent to another one. Then one could be directly derive purpose-based trust management solutions from the requirements.

References

[1]

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic Databases. In Proc. of the 27th Int. Conf. on Very Large Data Bases (VLDB'02), 2002.

Digital Library

Google Scholar

[2]

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. An Implementation of P3P Using Database Technology. In Proc. of the 9th Int. Conf. on Extending Database Technology, volume 2992 of Lecture Notes in Comp. Sci., pages 845-847. Springer-Verlag Heidelberg, 2004.

Crossref

Google Scholar

[3]

P. Bresciani, F. Giunchiglia, J. Mylopoulos, and A. Perini. TROPOS: An Agent-Oriented Software DevelopmentMethodology. J. of Autonomous Agents and Multi-Agent Sys. (JAAMAS), (To appear).

Digital Library

Google Scholar

[4]

J. Castro, M. Kolp, and J. Mylopoulos. Towards Requirements-Driven Information Systems Engineering: The Tropos Project. Inform. Sys., 27(6):365-389, 2002.

Digital Library

Google Scholar

[5]

T. Dell'Armi, W. Faber, G. Ielpa, N. Leone, and G. Pfeifer. Aggregate Functions in Disjunctive Logic Programming: Semantics, Complexity, and Implementation in DLV. In Proc. of the 18th Int. Joint Conf. on Artif. Intell. (IJCAI'03). Morgan Kaufmann Publishers, 2003.

Digital Library

Google Scholar

[6]

C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, and T. Ylonen. SPKI Certificate Theory, September 1999. IEFT RFC 2693.

Digital Library

Google Scholar

[7]

P. Giorgini, F. Massacci, J. Mylopoulous, and N. Zannone. Requirements Engineering meets Trust Management: Model, Methodology, and Reasoning. In Proc. of the 2nd Int. Conf. on Trust Management (iTrust 2004), Lecture Notes in Comp. Sci. Springer-Verlag Heidelberg, 2004.

Google Scholar

[8]

N. Li, B. N. Grosof, and J. Feigenbaum. Delegation logic: A logic-based approach to distributed authorization. ACM Trans. on Inform. and Sys. Sec. (TISSEC), 6(1):128-171, 2003.

Digital Library

Google Scholar

[9]

N. Li and J. C. Mitchell. Datalog with Constraints: A Foundation for Trustmanagement Languages. In Proc. of the 5th Int. Symp. on Practical Aspects of Declarative Lang. (PADL'03), 2003.

Digital Library

Google Scholar

[10]

N. Li and J. C. Mitchell. RT: A Role-based Trust-management Framework. In Proc. of DARPA Inform. Survivability Conf. & Exposition (DISCEX'03), 2003.

Google Scholar

[11]

K. E. Seamons, M.Winslett, T. Yu, L. Yu, and R. Jarvis. Protecting Privacy during On-line Trust Negotiation. In Proc. of the 2nd Workshop on Privacy Enhancing Technologies, 2002.

Digital Library

Google Scholar

[12]

P. Syverson. The paradoxical value of privacy. In Proc. of 2nd Annual Workshop on Economics and Inform. Sec. (WEIS 2003), 2003.

Google Scholar

Cited By

View all

Rifaut AFeltus CTurki SKhadraoui DMakarevich OPoet RElçi AGaur MOrgun MBabenko LFerdous SHo ALaxmi VPieprzyk J(2015)Analysis of the impact of ethical issues on the management of the access rightsProceedings of the 8th International Conference on Security of Information and Networks10.1145/2799979.2799996(12-19)Online publication date: 8-Sep-2015
https://dl.acm.org/doi/10.1145/2799979.2799996

Index Terms

Privacy is linking permission to purpose
1. Security and privacy
  1. Human and societal aspects of security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime
    2. Privacy policies

Index terms have been assigned to the content through auto-classification.

Recommendations

Privacy-enhanced linking

While computer scientists are uniquely situated to incorporate privacy protections in the link analysis algorithms they construct, most computer scientists are unaware of this opportunity and of ways to think about achieving needed protections. The work ...
A purpose-based privacy-aware system using privacy data graph
MoMM '09: Proceedings of the 7th International Conference on Advances in Mobile Computing and Multimedia

Privacy issue is receiving a great deal of attention since the need of privacy is increasing and new threats are emerging. The growing concern of users for their personal information has made it critical to implant effective technologies for privacy and ...
The purpose driven privacy preservation for accelerometer-based activity recognition

Accelerometer-based activity recognition (AAR) attracted a lot of attentions due to the wide spread of smartphones with energy-efficiency. However, since accelerometer data contains individual characteristics; AAR might raise privacy concerns. Although ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SP'04: Proceedings of the 12th international conference on Security Protocols

April 2004

324 pages

ISBN:3540409254

Editors:
Bruce Christianson
Computer Science Department, University of Hertfordshire
,
Bruno Crispo
Computer Systems Group, Vrije Universiteit, Amsterdam, The Netherlands
,
James A. Malcolm
Computer Systems Group, Georgia Institute of Technology, Atlanta, GA
,
Michael Roe
Computer Systems Group, Microsoft Research, Cambridge, UK

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 26 April 2004

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Rifaut AFeltus CTurki SKhadraoui DMakarevich OPoet RElçi AGaur MOrgun MBabenko LFerdous SHo ALaxmi VPieprzyk J(2015)Analysis of the impact of ethical issues on the management of the access rightsProceedings of the 8th International Conference on Security of Information and Networks10.1145/2799979.2799996(12-19)Online publication date: 8-Sep-2015
https://dl.acm.org/doi/10.1145/2799979.2799996

Abstract

References

Cited By

Index Terms

Recommendations

Privacy-enhanced linking

A purpose-based privacy-aware system using privacy data graph

The purpose driven privacy preservation for accelerometer-based activity recognition

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations