A Declarative Framework for Specifying and Enforcing Purpose-aware Policies
Abstract
Purpose is crucial for privacy protection as it makes users confident that their personal data are processed as intended. Available proposals for the specification and enforcement of purpose-aware policies are unsatisfactory for their ambiguous semantics of purposes and/or lack of support to the run-time enforcement of policies. In this paper, we propose a declarative framework based on a first-order temporal logic that allows us to give a precise semantics to purpose-aware policies and to reuse algorithms for the design of a run-time monitor enforcing purpose-aware policies. We also show the complexity of the generation and use of the monitor which, to the best of our knowledge, is the first such a result in literature on purpose-aware policies.
Cite
@article{arxiv.1507.08153,
title = {A Declarative Framework for Specifying and Enforcing Purpose-aware Policies},
author = {Riccardo De Masellis and Chiara Ghidini and Silvio Ranise},
journal= {arXiv preprint arXiv:1507.08153},
year = {2015}
}
Comments
Extended version of the paper accepted at the 11th International Workshop on Security and Trust Management (STM 2015)