Privacy Is Linking Permission to Purpose

Massacci, Fabio; Zannone, Nicola

doi:10.1007/11861386_20

Fabio Massacci²⁰ &
Nicola Zannone²⁰

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3957))

Included in the following conference series:

International Workshop on Security Protocols

416 Accesses
2 Citations

Abstract

The last years have seen a peak in privacy related research. The focus has been mostly on how to protect the individual from being tracked, with plenty of anonymizing solutions.

We advocate another model that is closer to the “physical” world: we consider our privacy respected when our personal data is used for the purpose for which we gave it in the first place.

Essentially, in any distributed authorization protocol, credentials should mention their purpose beside their powers. For this information to be meaningful we should link it to the functional requirements of the original application.

We sketch how one can modify a requirement engineering methodology to incorporate security concerns so that we explicitly trace back the high-level goals for which a functionality has been delegated by a (human or software) agent to another one. Then one could be directly derive purpose-based trust management solutions from the requirements.

This work has been partially funded by the IST programme of the EU Commission, FET under the IST-2001-37004 WASP project and by the FIRB programme of MIUR under the RBNE0195K5 ASTRO Project. We would like to thank P. Giorgini, M. Pistore, and J. Mylopoulos for many useful discussions on Tropos.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: Proc. of the 27th Int. Conf. on Very Large Data Bases (VLDB 2002) (2002)
Google Scholar
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: An Implementation of P3P Using Database Technology. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K., Ferrari, E. (eds.) EDBT 2004. LNCS, vol. 2992, pp. 845–847. Springer, Heidelberg (2004)
Chapter Google Scholar
Bresciani, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: An Agent-Oriented Software Development Methodology. J. of Autonomous Agents and Multi-Agent Sys. (JAAMAS) (to appear)
Google Scholar
Castro, J., Kolp, M., Mylopoulos, J.: Towards Requirements-Driven Information Systems Engineering: The Tropos Project. Inform. Sys. 27(6), 365–389 (2002)
Article MATH Google Scholar
Dell’Armi, T., Faber, W., Ielpa, G., Leone, N., Pfeifer, G.: Aggregate Functions in Disjunctive Logic Programming: Semantics, Complexity, and Implementation in DLV. In: Proc. of the 18th Int. Joint Conf. on Artif. Intell. (IJCAI 2003), Morgan Kaufmann Publishers, San Francisco (2003)
Google Scholar
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: SPKI Certificate Theory, IEFT RFC 2693 (September 1999)
Google Scholar
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements Engineering meets Trust Management: Model, Methodology, and Reasoning. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 176–190. Springer, Heidelberg (2004)
Chapter Google Scholar
Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. ACM Trans. on Inform. and Sys. Sec. (TISSEC) 6(1), 128–171 (2003)
Article Google Scholar
Li, N., Mitchell, J.C.: DATALOG with Constraints: A Foundation for Trust Management Languages. In: Dahl, V., Wadler, P. (eds.) PADL 2003. LNCS, vol. 2562, pp. 58–73. Springer, Heidelberg (2002)
Chapter Google Scholar
Li, N., Mitchell, J.C.: RT: A Role-based Trust-management Framework. In: Proc. of DARPA Inform. Survivability Conf. & Exposition (DISCEX 2003) (2003)
Google Scholar
Seamons, K.E., Winslett, M., Yu, T., Yu, L., Jarvis, R.: Protecting privacy during on-line trust negotiation. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 129–143. Springer, Heidelberg (2003)
Chapter Google Scholar
Syverson, P.: The paradoxical value of privacy. In: Proc. of 2nd Annual Workshop on Economics and Inform. Sec. (WEIS 2003) (2003)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Information and Communication Technology, University of Trento, Italy
Fabio Massacci & Nicola Zannone

Authors

Fabio Massacci
View author publications
You can also search for this author in PubMed Google Scholar
Nicola Zannone
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Computer Science Department, University of Hertfordshire, UK
Bruce Christianson
Computer Systems Group, Vrije Universiteit, Amsterdam, The Netherlands
Bruno Crispo
Georgia Institute of Technology, Atlanta, GA, USA
James A. Malcolm
Microsoft Research, Cambridge, UK
Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Massacci, F., Zannone, N. (2006). Privacy Is Linking Permission to Purpose. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2004. Lecture Notes in Computer Science, vol 3957. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11861386_20

Download citation

DOI: https://doi.org/10.1007/11861386_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40925-0
Online ISBN: 978-3-540-40926-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics