Using Purpose Lattices to Facilitate Customisation of Privacy Agreements

van Staden, Wynand; Olivier, Martin S.

doi:10.1007/978-3-540-74409-2_22

Wynand van Staden¹ &
Martin S. Olivier¹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4657))

Included in the following conference series:

International Conference on Trust, Privacy and Security in Digital Business

538 Accesses
3 Citations

Abstract

Protecting the privacy of individuals demands that special care be taken with the handling of an individual’s personal information. Either the system should store as little or no user data at all, or it should protect access to the data in cases where it is necessary that data has to be stored. A common approach to the protection of PII (in a privacy aware system) is to associate a set of purposes with the PII which indicates the enterprise’s use of the data.

Purposes placed in a hierarchical structure (such as a lattice) can subsume each other, which can provide flexibility in the customisation of a privacy agreement. In this article the customisation of privacy agreements using purposes placed in a lattice is considered. In particular minimal acceptance levels, maximal acceptance levels, validation and invalidation of agreements with respect to purpose lattices are introduced.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proceedings of the 28th VLDB Conference, 2002, Hong Kong, China (2002)
Google Scholar
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorisation language (EPAL 1.1). Technical report, International Business Machines Corporation (2003)
Google Scholar
Byun, J.-W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: SACMAT 2005, Stockholm, Sweden, June 2005, ACM Press, New York (2005)
Google Scholar
Chaum, D.L.: Untraceable electronic mail, retrun addresses and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)
Article Google Scholar
Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The platform for privacy preferences (P3P1.0) specification. Technical report, W3C (2002), Available at http://www.w3.org/TR/P3P/
Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy, May 2003, IEEE Computer Society Press, Los Alamitos (2003)
Google Scholar
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)
Google Scholar
Fischer-Hübner, S.: IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. Springer, Heidelberg (2001)
MATH Google Scholar
Karjoth, G., Schunter, M.: A privacy policy model for enterprises. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, June 2002, Springer, Heidelberg (2002)
Google Scholar
OASIS Access Control TC. OASIS extensible access control markup language (xacml) version 2.0. Technical report, OASIS (February 2005)
Google Scholar
Oberholzer, H.J.G., Olvier, M.S.: Privacy contracts incorporated in a privacy protection framework. International Journal of Computer Systems Science and Engineering 21(1), 5–16 (2006)
Google Scholar
OECD guidelines on the protection of privacy and transborder flows of personal data. Technical report, Organisation for Economic Co-operation and Development (1980)
Google Scholar
Olivier, M.S.: A layered architecture for privacy-enhancing technologies. In: Eloff, J.H.P., Venter, H.S., Labuschagne, L., Eloff, M. (eds.) Proceedings of the Third Annual Information Security South Africa Conference (ISSA2003), Sandton, South Africa, July 2003, pp. 113–126 (2003)
Google Scholar
Pfitzmann, A., Hansen, M.: Anonymity, unobservability, and pseudonymity: A consolidated proposal for terminology. Draft (July 2000)
Google Scholar
Schunter, M., Ashley, P.: The platform for enterprise privacy practices. Technical report, IBM (2002)
Google Scholar
van Staden, W.J.C., Olivier, M.S.: Purpose organisation. In: Proceedings of the fifth annual Information Security South Africa (ISSA) Conference, Sandton, June 2005, Johannesburg, South Africa (2005)
Google Scholar

Download references

Author information

Authors and Affiliations

Information and Computer Security Architecture Research Group, University of Pretoria, Pretoria, South Africa
Wynand van Staden & Martin S. Olivier

Authors

Wynand van Staden
View author publications
You can also search for this author in PubMed Google Scholar
Martin S. Olivier
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Costas Lambrinoudakis Günther Pernul A Min Tjoa

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

van Staden, W., Olivier, M.S. (2007). Using Purpose Lattices to Facilitate Customisation of Privacy Agreements. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_22

Download citation

DOI: https://doi.org/10.1007/978-3-540-74409-2_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics