International Workshop on Security and Trust Management

Security and Trust Management pp 55-71 | Cite as

A Declarative Framework for Specifying and Enforcing Purpose-Aware Policies

  • Riccardo De Masellis
  • Chiara Ghidini
  • Silvio Ranise
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9331)


Purpose is crucial for privacy protection as it makes users confident that their personal data are processed as intended. Available proposals for the specification and enforcement of purpose-aware policies are unsatisfactory for their ambiguous semantics of purposes and/or lack of support to the run-time enforcement of policies.

In this paper, we propose a declarative framework based on a first-order temporal logic that allows us to give a precise semantics to purpose-aware policies and to reuse algorithms for the design of a run-time monitor enforcing purpose-aware policies. We also show the complexity of the generation and use of the monitor which, to the best of our knowledge, is the first such a result in literature on purpose-aware policies.


Data Owner Access Control Policy Access Control Model Authorization Policy Policy Enforcement Point 


  1. 1.
    Directive 95/46/ec of the european parliament and of the council of 24 october 1995.
  2. 2.
    van der Aalst, W.M.P., Pesic, M., Schonenberg, H.: Declarative workflows: balancing between flexibility and support. CS - R&D 23(2), 99–113 (2009)Google Scholar
  3. 3.
    Arkoudas, K., Chadha, R., Chiang, C.J.: Sophisticated access control via SMT and logical frameworks. Proc. ACM TISSEC 16(4), 17 (2014)Google Scholar
  4. 4.
    Barth, A., Datta, A., Mitchell, J.C., Sundaram, S.: Privacy and utility in business processes. In: Proceedings of 20th IEEE Computer Security Foundations Symposium, July 2007Google Scholar
  5. 5.
    Basin, D., Klaedtke, F., Müller, S.: Monitoring security policies with metric first-order temporal logic. In: Proceedings of ACM SACMAT, pp. 23–34. ACM, New York, USA (2010)Google Scholar
  6. 6.
    Basin, D., Burri, S.J., Karjoth, G.: Dynamic enforcement of abstract separation of duty constraints. ACM TISSeC 15(3), 13:1–13:30 (2012)CrossRefGoogle Scholar
  7. 7.
    Bauer, A., Küster, J.-C., Vegliach, G.: From propositional to first-order monitoring. In: Legay, A., Bensalem, S. (eds.) RV 2013. LNCS, vol. 8174, pp. 59–75. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  8. 8.
    Bertolissi, C., dos Santos, D.R., Ranise, S.: Automated synthesis of run-time monitors to enforce authorization policies in business processes. In: Asia CCS. ACM (2015)Google Scholar
  9. 9.
    Byun, J.W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Proceedings of the ACM SACMAT, pp. 102–110. ACM (2005)Google Scholar
  10. 10.
    Byun, J., Li, N.: Purpose based access control for privacy protection in relational database systems. VLDB J. 17(4), 603–619 (2008)CrossRefGoogle Scholar
  11. 11.
    Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: A privacy-aware access control system. J. Comput. Secur. (JCS) 16(4), 369–392 (2008)CrossRefGoogle Scholar
  12. 12.
    Crampton, J.: A reference monitor for workflow systems with constrained task execution. In: Proceedings of ACM SACMAT, pp. 38–47. ACM (2005)Google Scholar
  13. 13.
    Crampton, J., Huth, M., Kuo, J.P.: Authorized workflow schemas: deciding realizability through \({\sf LTL(F)}\) model checking. Int. J. Soft. Tools Technol. Transf. (STTT) 16(1), 31–48 (2014)CrossRefGoogle Scholar
  14. 14.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Samarati, P.: Access control policies and languages. IJCSE 3(2), 94–102 (2007)CrossRefGoogle Scholar
  15. 15.
    De Giacomo, G., De Masellis, R., Grasso, M., Maggi, F.M., Montali, M.: Monitoring business metaconstraints based on LTL and LDL for finite traces. In: Sadiq, S., Soffer, P., Völzer, H. (eds.) BPM 2014. LNCS, vol. 8659, pp. 1–17. Springer, Heidelberg (2014) Google Scholar
  16. 16.
    De Giacomo, G., De Masellis, R., Montali, M.: Reasoning on LTL on finite traces: Insensitivity to infiniteness. In: Proceedings of AAAI Conference on AI, pp. 1027–1033 (2014)Google Scholar
  17. 17.
    De Masellis, R., Ghidini, C., Ranise, S.: A declarative framework for specifying and enforcing purpose-aware policies (2015).
  18. 18.
    De Masellis, R., Maggi, F.M., Montali, M.: Monitoring data-aware business constraints with finite state automata. In: Proceedings of ICSSP, pp. 134–143 (2014)Google Scholar
  19. 19.
    De Masellis, R., Su, J.: Runtime enforcement of first-order LTL properties on data-aware business processes. In: Basu, S., Pautasso, C., Zhang, L., Fu, X. (eds.) ICSOC 2013. LNCS, vol. 8274, pp. 54–68. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  20. 20.
    Jafari, M., Safavi-Naini, R., Sheppard, N.P.: Enforcing purpose of use via workflows. In: Proceedings of WPES, pp. 113–116 (2009)Google Scholar
  21. 21.
    Jafari, M., Safavi-Naini, R., Fong, P.W.L., Barker, K.: A framework for expressing and enforcing purpose-based privacy policies. ACM Trans. Inf. Syst. Secur. 17(1), 3:1–3:31 (2014)CrossRefGoogle Scholar
  22. 22.
    Kröger, F., Merz, S.: Temporal Logic and State Systems. Texts in Theoretical Computer Science. An EATCS Series. Springer, Heidelberg (2008) MATHGoogle Scholar
  23. 23.
    Li, N., Mitchell, J.C.: Datalog with constraints: a foundation for trust management languages. In: PADL 2003, pp. 58–73 (2003)Google Scholar
  24. 24.
    Maggi, F.M., Montali, M., Westergaard, M., van der Aalst, W.M.P.: Monitoring business constraints with linear temporal logic: an approach based on colored automata. In: Rinderle-Ma, S., Toumani, F., Wolf, K. (eds.) BPM 2011. LNCS, vol. 6896, pp. 132–147. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  25. 25.
    Masoumzadeh, A., Joshi, J.B.D.: PuRBAC: purpose-aware role-based access control. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1104–1121. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  26. 26.
    Mossakowski, T., Drouineaud, M., Sohr, K.: A temporal-logic extension of role-based access control covering dynamic separation of duties. In: Proceedings of TIME-ICTL, pp. 83–90 (2003)Google Scholar
  27. 27.
    P. Yang, X. Xie, I.R., Lu, S.: Satisfiability analysis of workflows with control-flow patterns and authorization constraints. IEEE TSC 99 (2013)Google Scholar
  28. 28.
    Petković, M., Prandi, D., Zannone, N.: Purpose control: did you process the data for the intended purpose? In: Jonker, W., Petković, M. (eds.) SDM 2011. LNCS, vol. 6933, pp. 145–168. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  29. 29.
    Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Comm. ACM 49, 39–44 (2006)CrossRefGoogle Scholar
  30. 30.
    Qun, N., Elisa, B., Jorge, L., Carolyn, B., Karat, C.M., Alberto, T.: Privacy-aware role-based access control. TISSeC 13, 1–31 (2010)Google Scholar
  31. 31.
    Rath, A.T., Colin, J.N.: Modeling and expressing purpose validation policy for privacy-aware usage control in distributed environment. In: Proceedings of ICUIMC, pp. 14:1–14:8. ACM (2014)Google Scholar
  32. 32.
    Schneider, F.B.: Enforceable security policies. TISSeC 3, 30–50 (2000)CrossRefGoogle Scholar
  33. 33.
    Tschantz, M.C., Datta, A., Wing, J.M.: Formalizing and enforcing purpose restrictions in privacy policies. In: IEEE Symposium on Security and Privacy, pp. 176–190 (2012)Google Scholar
  34. 34.
    Wang, Q., Li, N.: Satisfiability and resiliency in workflow authorization systems. TISSeC 13, 40:1–40:35 (2010)Google Scholar
  35. 35.
    Westergaard, M., Maggi, F.M.: Declare: A tool suite for declarative workflow modeling and enactment. In: Proceedings of BPM (2011)Google Scholar
  36. 36.
    Westin, A.: Privacy and Freedom. Atheneum, New York (1968) Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Riccardo De Masellis
    • 1
  • Chiara Ghidini
    • 2
  • Silvio Ranise
    • 2
  1. 1.Trento RISETrentoItaly
  2. 2.Bruno Kessler FoundationTrentoItaly

Personalised recommendations