Abstract
This paper addresses the problem of dealing with privacy management of personal data stored by enterprises. Accesses to personal data must keep into account privacy policies based on laws, enterprise guidelines, stated purposes of data and data subjects’ consent. In large organisations, people have different roles and skills: business tasks are achieved thanks to collaboration among these people. The rigid enforcement of privacy policies might create disruptions and unacceptable burdens in business practices. We introduce an innovative solution based on an adaptive privacy management system. Data are retrieved from standard data repositories: parts of these data are encrypted and associated with privacy policies. The actual access to the encrypted data is adaptive, depending on the requestor, the context and purpose. Multiple “views” on a data structure can be provided by our system. Our research and development is work in progress. We describe our current results and highlight next steps.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Rotemberg, M., Laurant, C.: Privacy International - Privacy and Human Rights 2004: an International Survey of Privacy Laws and Developments, Electronic Privacy Information Center (EPIC), Privacy International (2004), http://www.privacyinternational.org/survey/phr2004/
OECD: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980), http://www1.oecd.org/publications/e-book/9302011E.PDF
Wayner, P.: Translucent Databases. Flyzone Press (2002)
IBM: Hippocratic Databases (2004), http://www.almaden.ibm.com/software/quest/Projects/hippodb/
IBM: IBM Tivoli Privacy Manager, online technical documentation (2004), http://publib.boulder.ibm.com/tividd/td/PrivacyManagerfore-business1.1.html
IBM: The Enterprise Privacy Authorization Language (EPAL), EPAL 1.1 specification (2004), http://www.zurich.ibm.com/security/enterprise-privacy/epal/
Housley, R., Ford, W., Polk, W., Solo, D.: RFC2459: Internet X.509 Public Key Infrastructure Certificate and CRL profile, IETF (1999)
RSA : PKCS#7, Cryptographic Message Syntax Standard (1997), http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 213. Springer, Heidelberg (2001)
Cocks, C.: An Identity Based Encryption Scheme based on Quadratic Residues. Communications-Electronics Security Group (CESG), UK (2001)
Pearson, S. (ed.): Trusted Computing Platforms. Prentice Hall, Englewood Cliffs (2002)
Casassa Mont, M., Pearson, S., Bramhall, P.: Towards Accountable Management of Privacy and Identity Management. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 146–161. Springer, Heidelberg (2003)
EU Framework VI PRIME Project: Privacy and Identity Management for Europe (2004), http://www.prime-project.eu.org/
Bertino, E., Ferrari, E.: Secure and Selective Dissemination of XML Documents. In: ACM TISSEC, pp. 290–331 (2002)
Miklau, G., Suciu, D.: Controlling Access to Published Data Using Cryptography. In: VLDB (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mont, M.C., Pearson, S. (2005). An Adaptive Privacy Management System for Data Repositories. In: Katsikas, S., López, J., Pernul, G. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2005. Lecture Notes in Computer Science, vol 3592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11537878_24
Download citation
DOI: https://doi.org/10.1007/11537878_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28224-2
Online ISBN: 978-3-540-31796-8
eBook Packages: Computer ScienceComputer Science (R0)