Abstract
Privacy becomes a major concern for both customers and enterprises in today’s corporate marketing strategies, many research efforts have been put into developing new privacy-aware technologies. Among them, Hippocratic databases are one of the important mechanisms to guarantee the respect of privacy principles in data management, which adopt purpose as a central concept associated with each piece of data stored in the databases. The proposed mechanism provides basic principles for future database systems protecting privacy of data as a founding tenet. However, Hippocratic databases do not allow to distinguish which particular method is used for fulfilling a purpose. Especially, the issues like purpose hierarchies, task delegations and minimal privacy cost are missing from the proposed mechanism.
In this paper, we extend these mechanisms in order to support inter-organizational business processes in Hippocratic databases. A comprehensive approach for negotiation of personal information between customers and enterprises based on user preferences is developed when enterprises offer their clients a number of ways to fulfill a service. We organize purposes into purpose directed graphs through AND/OR decomposition, which supports task delegations and distributed authorizations. Specially, customers have controls of deciding how to get a service fulfilled on the basis of their personal feeling of trust for any service customization. Quantitative analysis is performed to characterize privacy penalties dealing with privacy cost and customer’s trust. Finally, efficient algorithms are given to guarantee the minimal privacy cost and maximal customer’s trust involved in a business process.
This research is funded by an ARC Discovery Project DP0663414.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: Proceedings of VLDB 2002, pp. 143–154. Morgan Kaufmann, San Francisco (2002)
Agrawal, R., Evfimievski, A., Srikant, R.: Information sharing across private databases. In: Proceedings of SIGMOD 2003, pp. 86–97. ACM Press, New York (2003)
Ashley, P., Powers, C.S., Schunter, M.: Privacy promises, access control, and privacy management. In: Third International Symposium on Electronic Commerce (2002)
Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)
Bertino, E., Ferrari, E., Squicciarini, A.C.: Trust-X: A Peer-to-Peer Framework for Trust Establishment. IEEE Trans. Knowl. Data Eng. 16(7), 827–842 (2004)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proc. IEEE Symp. Security Privacy, pp. 164–173 (1996)
Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: An agent-oriented software development methodology. JAAMAS 8(3), 203–236 (2004)
Byun, J.W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Proceedings of SACMAT 2005, pp. 102–110. ACM Press, New York (2005)
Byun, J.W., Bertino, E., Li, N.: Purpose based access control for privacy protection in relational database systems. Technical Report 2004-52, Purdue University
Cranor, L., Langheinrich, M., Marchiori, M., Reagle, J.: The platform for privacy preferences 1.0 (P3P1.0) specification. W3C recommendation (2002), http://www.w3.org/TR/P3P/
Ferrari, E., Thuraisingham, B.: Security and privacy for web databases and services. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K., Ferrari, E. (eds.) EDBT 2004. LNCS, vol. 2992, pp. 17–28. Springer, Heidelberg (2004)
Finin, T., Joshi, A.: Agents, trust, and information access on the semantic web. ACM SIGMODRec 31(4), 30–35 (2002)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements engineering meets trust management. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 176–190. Springer, Heidelberg (2004)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: Proceedings of RE 2005, pp. 167–176. IEEE Press, Lausanne (2005)
Handy, C.: Trust and the virtual organization. Harv. Bus. Rev. 73, 40–50 (1995)
Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: Privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)
Massacci, F., Zannone, N.: Privacy is linking permission to purpose. In: Proceedings of the 12th International Workshop on Sec. protocols (2004)
Nilsson, N.J.: Problem solving methods in AI. McGraw-Hill, New York (1971)
Nilsson, N.J.: Principles of Artificial Intelligence. Morgan Kaufmann, San Francisco (1994)
Seamons, K.E., Winslett, M., Yu, T., Yu, L., Jarvis, R.: Protecting privacy during on-line trust negotiation. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 129–143. Springer, Heidelberg (2003)
Tumer, A., Dogac, A., Toroslu, H.: A Semantic based Privacy framework forweb services. In: Proceedings of ESSW 2003 (2003)
Yasuda, M., Tachikawa, T., Takizawa, M.: Information flow in a purpose-oriented access control model. In: Proceedings of ICPADS 1997, pp. 244–249. IEEE Press, Lausanne (1997)
World Wide Web Consortium (W3C). A P3P Preference Exchange Language 1.0 (APPEL 1.0), www.w3.org/TR/P3P-preferences
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, M., Sun, X., Wang, H., Zhang, Y. (2009). Optimal Privacy-Aware Path in Hippocratic Databases. In: Zhou, X., Yokota, H., Deng, K., Liu, Q. (eds) Database Systems for Advanced Applications. DASFAA 2009. Lecture Notes in Computer Science, vol 5463. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00887-0_39
Download citation
DOI: https://doi.org/10.1007/978-3-642-00887-0_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00886-3
Online ISBN: 978-3-642-00887-0
eBook Packages: Computer ScienceComputer Science (R0)