Abstract
Achieving privacy preservation in a data-sharing computing environment is a challenging problem. The requirements for a privacy preserving data access policy should be formally specified in order to be able to establish consistency between the privacy policy and its purported implementation in practice. Previous work has shown that when specifying a privacy policy, the notion of purpose should be used as the basis for access control. A privacy policy should ensure that data can only be used for its intended purpose, and the access purpose should be compliant with the data's intended purpose. This paper presents a mechanism to specify privacy policy using VDM. The entities in the purpose-based access control model are specified, the invariants corresponding to the privacy requirements in privacy policy are specified, and the operations in the model and their proof obligations are defined and investigated. © 2007 IEEE.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - IAS 2007 3rd Internationl Symposium on Information Assurance and Security|Proc. IAS Int. Symp. Inf. Assur. Secur. |
| Publisher | IEEE Computer Society |
| Pages | 143-148 |
| Number of pages | 5 |
| ISBN (Print) | 0769528767, 9780769528762 |
| DOIs | |
| Publication status | Published - 2007 |
| Event | 3rd Internationl Symposium on Information Assurance and Security, IAS 2007 - Manchester Duration: 1 Jul 2007 → … http://dblp.uni-trier.de/db/conf/IEEEias/IEEEias2007.html#YangBZ07http://dblp.uni-trier.de/rec/bibtex/conf/IEEEias/YangBZ07.xmlhttp://dblp.uni-trier.de/rec/bibtex/conf/IEEEias/YangBZ07 |
Conference
| Conference | 3rd Internationl Symposium on Information Assurance and Security, IAS 2007 |
|---|---|
| City | Manchester |
| Period | 1/07/07 → … |
| Internet address |