Abstract
Privacy is concerned with the protection of personal information. Traditional security models (such as the Bell-LaPadula model) assume that users can be trusted and instead concentrate on the processes within the boundaries of the computer system. The InfoPriv model goes further by assuming that users (especially people) are not trustworthy. The information flow between the users should, therefore, be taken into account as well. The basic elements of InfoPriv are entities and the information flow between them. Information flow can either be positive (permitted) or negative (not permitted). It is shown how InfoPriv can be formalised by using graph theory. This formalisation includes the notion of information sanitisers (or trusted entities). InfoPriv is concluded with a discussion of its static and dynamic aspects. A Prolog prototype based on InfoPriv has been implemented and tested successfully on a variety of privacy policies.
Chapter PDF
References
Anonymous, General Accounting Office United States, National Crime Information Center: Legislation Needed to Deter Misuse of Criminal Justice Information, Document GAO/T-GGD-93–41, Washington, 1993
Anonymous, European Union, Directive 95/46/EC on the Protection of Individuals With Regard to the Processing of Personal Data and on the Free Movement of such Data, 1995
Anonymous, Information Infrastructure Task Force, Privacy Working Group, Principles for Providing and Using Personal Information, Washington, 1995
Anonymous, General Accounting Office United States, IRS Systems Security: Tax Processing Operations and Data Still at Risk Due to Serious Weaknesses, Document GAO/AIMD-97–49, Washington, 1997
Anonymous, Information Infrastructure Task Force, Information Policy Committee, Options for Promoting Privacy on the National Information Infrastructure, Washington, 1997
DE Bell, LJ LaPadula, “Secure Computer Systems: Unified Exposition & Multics Interpretation”, Technical Report MTIS AD-A023588, MITRE Corporation, 1975
TH Cormen, CE Leiserson, RL Rivest, Introduction to Algorithms, McGraw-Hill Book Company, MIT, 1994
] DE Denning, “A lattice Model for Secure Information Flow”, Communications of the ACM, 19, 5, 236–243, 1976
LCJ Dreyer, MS Olivier, “Dynamic Aspects of the InfoPriv Model”, In: Proc. 9th Database and Expert Systems Applications Dexa 98 (RR Wagner Editor), IEEE Computer Society, Los Alamitos, 340–345, 1998
LCJ Dreyer, MS Olivier, “A workbench for privacy policies”, In: Proc. 22th Computer Software and Applications Conference Compsac 98 (E Hughes editor), IEEE Computer Society, Los Alamitos, 350–355, 1998
S Hsieh, E Unger, R Mata-Toledo, “Using Program Dependence graphs for information flow control”, J. Systems Software, 17, 227–232, 1992
CP Pfleeger, Security in Computing, Prentice Hall, New Jersey, 1989
F Rabitti, E Bertino, W Kim, D Woelk, “A model of authorization for next-generation database systems”, ACM Transactions on Database Systems, 16, 1, 1991 88–131.
RS Sandhu, “Lattice-Based Access Control Models”, IEEE Computer, 919, 1993
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer Science+Business Media New York
About this chapter
Cite this chapter
Dreyer, L.C.J., Olivier, M.S. (1999). An Information-Flow Model for Privacy (Infopriv). In: Jajodia, S. (eds) Database Security XII. IFIP — The International Federation for Information Processing, vol 14. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35564-1_5
Download citation
DOI: https://doi.org/10.1007/978-0-387-35564-1_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-4914-4
Online ISBN: 978-0-387-35564-1
eBook Packages: Springer Book Archive