Purpose-Based Policy Enforcement in Actor-Based Systems

  • Shahrzad RiahiEmail author
  • Ramtin KhosraviEmail author
  • Fatemeh GhassemiEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10522)


Preserving data privacy is a challenging issue in distributed systems as private data may be propagated as part of the messages transmitted among system components. We study the problem of preserving data privacy on actor model as a well known reference model for distributed asynchronous systems. Our approach to prevent private data disclosure is to enforce purpose-based privacy policies which control the access and usage of private data. We propose a method to specify purposes based on workflows modeled by Petri nets in which transitions correspond to message communications. We first use model checking to verify whether the actor model behaves conforming to the purpose model. Then, the satisfaction of the policies are checked using data dependence analysis. We also provide a method to evaluate the effectiveness of policies through checking of private data disclosure in the presence of privacy policies. Since these checks are performed statically at design time, no runtime overhead is imposed on the system.


Actor-based systems Privacy Purpose Data disclosure Formal verification Rebeca 


  1. 1.
    Agha, G.A.: ACTORS - a model of concurrent computation in distributed systems. MIT Press series in artificial intelligence. MIT Press, Cambridge (1985)Google Scholar
  2. 2.
    Solove, D.J.: A taxonomy of privacy. Univ. PA Law Rev. 154(3), 477–560 (2006)CrossRefGoogle Scholar
  3. 3.
    Tschantz, M.C., Wing, J.M.: Formal methods for privacy. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 1–15. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-05089-3_1 CrossRefGoogle Scholar
  4. 4.
    Rath, A.T., Colin, J.N.: Modeling and expressing purpose validation policy for privacy-aware usage control in distributed environment. In: Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication, ACM, New York (2014)Google Scholar
  5. 5.
    Jafari, M., Safavi-Naini, R., Sheppard, N.P.: Enforcing purpose of use via workflows. In: Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society (WPES 2009), pp. 113–116. ACM, New York (2009)Google Scholar
  6. 6.
    Di Masellis, R., Ghidini, C., Ranise, S.: A declarative framework for specifying and enforcing purpose-aware policies. In: Foresti, S. (ed.) STM 2015. LNCS, vol. 9331, pp. 55–71. Springer, Cham (2015). doi: 10.1007/978-3-319-24858-5_4 CrossRefGoogle Scholar
  7. 7.
    Masoumzadeh, A., Joshi, J.B.D.: PuRBAC: purpose-aware role-based access control. In: Meersman, R., Tari, Z. (eds.) OTM 2008. LNCS, vol. 5332, pp. 1104–1121. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-88873-4_12 CrossRefGoogle Scholar
  8. 8.
    Jawad, M., Alvarado, P.S., Valduriez, P.: Design of PriServ, a privacy service for DHTs. In: Proceedings of the 2008 International Workshop on Privacy and Anonymity in Information Society. PAIS 2008, pp. 21–25. ACM, New York (2008)Google Scholar
  9. 9.
    Byun, J., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, New York, USA, pp. 102–110 (2005)Google Scholar
  10. 10.
    Ni, Q., Bertino, E., Lobo, J., Brodie, C., Karat, C., Karat, J., Trombeta, A.: Privacy-aware role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(3), 24:1–24:31 (2010)CrossRefGoogle Scholar
  11. 11.
    Tschantz, M.C., Datta, A., Wing, J.M.: Formalizing and enforcing purpose restrictions in privacy policies. In: IEEE Symposium on Security and Privacy (SP), pp. 176–190. IEEE (2012)Google Scholar
  12. 12.
    Jafari, M., Safavi-Naini, R., Fong, P.W.L., Barker, K.: A framework for expressing and enforcing purpose-based privacy policies. ACM Trans. Inf. Syst. Secur. (TISSEC) 17(1), 3:1–3:31 (2014)CrossRefGoogle Scholar
  13. 13.
    Sirjani, M., Movaghar, A., Shali, A., de Boer, F.: Modeling and verification of reactive systems using Rebeca. Fundam. Informaticae 63, 385–410 (2004)zbMATHMathSciNetGoogle Scholar
  14. 14.
    Kabir, M.E., Wang, H.: Conditional purpose based access control model for privacy protection. In: Proceedings of the Twentieth Australasian Conference on Australasian Database, Australia, vol. 92, pp. 135–142 (2009)Google Scholar
  15. 15.
    Ronne, J.: Leveraging actors for privacy compliance. In: Proceedings of the 2nd edn. on Programming Systems, Languages and Applications Based on Actors, Agents, and Decentralized Control Abstractions (AGERE! 2012), pp. 133–136. ACM, New York (2012)Google Scholar
  16. 16.
    Lohmann, N., Verbeek, E., Dijkman, R.: Petri net transformations for business processes – a survey. In: Jensen, K., van der Aalst, W.M.P. (eds.) Transactions on Petri Nets and Other Models of Concurrency II. LNCS, vol. 5460, pp. 46–63. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00899-3_3 CrossRefGoogle Scholar
  17. 17.
    Reisig, W.: Petri Nets, An Introduction. EATCS Monographs on Theoretical Computer Science. Springer-Verlag, Berlin Heidelberg (1985). doi: 10.1007/978-3-642-69968-9 CrossRefzbMATHGoogle Scholar
  18. 18.
    Best, E., Koutny, M.: Process algebra. In: Desel, J., Reisig, W., Rozenberg, G. (eds.) ACPN 2003. LNCS, vol. 3098, pp. 180–209. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-27755-2_5 CrossRefGoogle Scholar
  19. 19.
    Web Services Business Process Execution Language Version 2.0, OASIS Standard, 11 April 2007, OASIS (2007).
  20. 20.
    OMG: Business Process Modeling Notation (BPMN) Version 2.0., Object Management Group (2011).
  21. 21.
    Aalst, W.M.P.: The application of petri nets to workow management. J. Circ. Syst. Comput. 8(1), 21–66 (1998)CrossRefGoogle Scholar
  22. 22.
    Aalst, W.M.P.: Three good reasons for using a petri-net-based workflow management system. In: Wakayama, T., Kannapan, S., Khoong, C.M., Navathe, S., Yates, J. (eds.) Information and Process Integration in Enterprises. The Springer International Series in Engineering and Computer Science, vol. 428, pp. 161–182. Springer, Boston (1998). doi: 10.1007/978-1-4615-5499-8_10 CrossRefGoogle Scholar
  23. 23.
    Sabouri, H., Sirjani, M.: Slicing-based reductions for Rebeca. In: Proceedings of FACS08, pp. 209–224. Elsevier ENTCS Post-proceedings (2008)Google Scholar
  24. 24.
    RMC (Rebeca Model Checker) tool (2016).

Copyright information

© IFIP International Federation for Information Processing 2017

Authors and Affiliations

  1. 1.School of Electrical and Computer Engineering, College of EngineeringUniversity of TehranTehranIran

Personalised recommendations