Minimal Disclosure in Hierarchical Hippocratic Databases with Delegation

  • Fabio Massacci
  • John Mylopoulos
  • Nicola Zannone
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3679)


Hippocratic Databases have been proposed as a mechanism to guarantee the respect of privacy principles in data management. We argue that three major principles are missing from the proposed mechanism: hierarchies of purposes, delegation of tasks and authorizations (i.e. outsourcing), and the minimal disclosure of private information.

In this paper, we propose a flexible framework for the negotiation of personal information among customers and (possibly virtual) enterprises based on user preferences when enterprises may adopt different processes to provide the same service. We use a goal-oriented approach to analyze the purposes of a Hippocratic system and derive a purpose and delegation hierarchy. Based on this hierarchy, effective algorithms are given to determine the minimum set of authorizations needed for a service. In this way, the minimal authorization table of a global business process can be automatically constructed from the collection of privacy policy tables associated with the collaborating enterprises. By using effective on-line algorithms, the derivation of such minimal information can also be done on-the-fly by the customer wishing to use the services of a virtual organization.


Business Process Source Node Data Item User Preference Decomposition Path 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Adam, N.R., Worthmann, J.C.: Security-control methods for statistical databases: a comparative study. CSUR 21(4), 515–556 (1989)CrossRefGoogle Scholar
  2. 2.
    Agrawal, R., Evfimievski, A., Srikant, R.: Information sharing across private databases. In: Proc. of the 2003 ACM SIGMOD Int. Conf. on Management of Data. ACM Press, New York (2003)Google Scholar
  3. 3.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: Proc. of VLDB 2002, pp. 143–154. Morgan Kaufmann, San Francisco (2002)Google Scholar
  4. 4.
    Ausiello, G., Franciosa, P.G., Frigioni, D.: Directed hypergraphs: Problems, algorithmic results, and a novel decremental approach. In: Restivo, A., Ronchi Della Rocca, S., Roversi, L. (eds.) ICTCS 2001. LNCS, vol. 2202, pp. 312–327. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Ausiello, G., Giaccio, R., Italiano, G.F., Nanni, U.: Optimal Traversal of Directed Hypergraphs. Technical Report TR-92-073, ICSI (September 1992)Google Scholar
  6. 6.
    Chang, C.L., Slage, J.R.: An admissible and optimal algorithm for searching AND/OR graphs. Artif. Intell. 2, 117–128 (1971)zbMATHCrossRefGoogle Scholar
  7. 7.
    Desmedt, Y., Wang, Y.: Maximum flows and critical vertices in AND/OR graphs. In: Ibarra, O.H., Zhang, L. (eds.) COCOON 2002. LNCS, vol. 2387, pp. 238–248. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Gallo, G., Longo, G., Pallottino, S., Nguyen, S.: Directed hypergraphs and applications. Discrete Applied Mathematics 42(2-3), 177–201 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements Engineering meets Trust Management: Model, Methodology, and Reasoning. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 176–190. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Giorgini, P., Mylopoulos, J., Nicchiarelli, E., Sebastiani, R.: Reasoning with Goal Models. In: Proc. of ER 2002, pp. 167–181 (2002)Google Scholar
  11. 11.
    Karjoth, G., Schunter, M., Waidner, M.: Platform for Enterprise Privacy Practices: Privacy-enabled Management of Customer Data. In: Proc. of PET 2002. Springer, Heidelberg (2002)Google Scholar
  12. 12.
    LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.J.: Limiting Disclosure in Hippocratic Databases. In: Proc. of VLDB 2004 (2004)Google Scholar
  13. 13.
    Martelli, A., Montanari, U.: Additive AND/OR Graphs. In: Proc. of IJCAI 1973, pp. 1–11. Morgan Kaufmann Publisher, INC., San Francisco (1973)Google Scholar
  14. 14.
    Massacci, F., Mylopoulos, J., Zannone, N.: Minimal Disclosure in Hierarchical Hippocratic Databases with Delegation, Technical Report DIT-05-051, Univ. di Trento (2005), Available on the web at
  15. 15.
    Nilsson, N.J.: Problem solving methods in AI. McGraw-Hill, New York (1971)Google Scholar
  16. 16.
    Papazoglou, M.P.: Web Services and Business Transactions. World Wide Web: Internet and Web Inform. Sys. 6, 49–91 (2003)Google Scholar
  17. 17.
    Sahni, S.: Computationally related problems. SIAM J. on Comp. 3(4), 262–279 (1974)CrossRefMathSciNetGoogle Scholar
  18. 18.
    Seamons, K., Winslett, M., Yu, T.: Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation. In: Proc. of NDSS 2001, pp. 109–125. IEEE Press, Los Alamitos (2001)Google Scholar
  19. 19.
    Sebastiani, R., Giorgini, P., Mylopoulos, J.: Simple and minimum-cost satisfiability for goal models. In: Persson, A., Stirna, J. (eds.) CAiSE 2004. LNCS, vol. 3084, pp. 20–35. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  20. 20.
    Tumer, A., Dogac, A., Toroslu, H.: A Semantic based Privacy Framework for Web Services. In: Proc. of ESSW 2003 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Fabio Massacci
    • 1
  • John Mylopoulos
    • 1
    • 2
  • Nicola Zannone
    • 1
  1. 1.Department of Information and Communication TechnologyUniversity of TrentoItaly
  2. 2.Department of Computer ScienceUniversity of TorontoCanada

Personalised recommendations