Hierarchical Hippocratic Databases with Minimal Disclosure for Virtual Organizations

Massacci, F and Mylopoulos, J and Zannone, N (2006) Hierarchical Hippocratic Databases with Minimal Disclosure for Virtual Organizations. UNSPECIFIED. (Unpublished)

Download (361Kb) | Preview


    The protection of customer privacy is a fundamental issue in today's corporate marketing strategies. Not surprisingly, many research efforts have proposed new privacy-aware technologies. Among them, Hippocratic databases offer mechanisms for enforcing privacy rules in database systems for inter-organizational business processes (also known as virtual organizations). This paper extends these mechanisms to allow for hierarchical purposes, distributed authorizations and minimal disclosure supporting the business processes of virtual organizations that want to offer their clients a number of ways to fulfill a service. Specifically, we use a goal-oriented approach to analyze privacy policies of the enterprises involved in a business process. Based on the purpose hierarchy derived through a goal refinement process, we provide algorithms for determining the minimum set of authorizations needed to achieve a service. This allows us to automatically derive access control policies for an inter-organizational business process from the collection of privacy policies associated with different participating enterprises. By using effective on-line algorithms, the derivation of such minimal information can also be done on-the-fly by the customer wishing to access a service.

    Item Type: Departmental Technical Report
    Department or Research center: Information Engineering and Computer Science
    Subjects: Q Science > QA Mathematics > QA076 Data Base Management
    Uncontrolled Keywords: Privacy Protection, Minimal Disclosure, Private Data Management, Information Security, Access Control, Virtual Organizations, Delegation
    Report Number: DIT-06-021
    Repository staff approval on: 27 Apr 2006

    Actions (login required)

    View Item