Skip to main content
SpringerLink
Log in

Short Paper: A Framework for the Privacy Access Control Model

  • Conference paper
  • First Online:
Business Process Management Workshops (BPM 2013)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 171))

Included in the following conference series:

  • 1582 Accesses

Abstract

Today privacy is a key issue when securing business processes. It has received increasing attention from consumers, companies, researchers and legislators. Organizations claim to have their own privacy policy as well as guarantee its proper enforcement. In this work we consider privacy features at the early stages of the systems development and specifically focus on modelling and analysis of the system requirements. A framework for modelling privacy access control policies was created through (i) defining access control policies that satisfy privacy requirements (ii) verification of designed privacy access control policy, and (iii) a set of heuristics for defining policy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Barth, A., Datta, A., Mitchell, J.C., Sundaram, S.: Privacy and utility in business processes. In: Proceedings of 20th IEEE Computer Security Foundations Symposium, pp. 279–294 (2007)

    Google Scholar 

  2. Anton, A.I., Earp, J.B., Potts, C., Alspaugh, T.A.: The role of policy and privacy values in requirements engineering. In: Proceedings of the 5th IEEE International Symposium on Requirements Engineering (RE’01), Toronto, Canada, pp.138–145 (2001)

    Google Scholar 

  3. Sandhu, R., Samarati, R.: Access control: principles and practice. IEEE Commun. Mag. 32(9), 40–48 (1994)

    Article  Google Scholar 

  4. Ni, Q., Trombetta, A., Bertino, E., Lobo, J.: Privacy-aware role based access control. In: Proceedings of SACMAT’07, Sophia Antipolis, France (2007)

    Google Scholar 

  5. Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House, London (2007)

    Google Scholar 

  6. Law of the Republic of Kazakhstan “On informatization”, Astana (2007)

    Google Scholar 

  7. Lu, C.: Powerful Privacy Potential: P3P in the Context of Legislation and Education (2003)

    Google Scholar 

  8. Stufflebeam, W., Antón, A.I., He, Q., Jain, N.: Specifying privacy policies with P3P and EPAL: lessons learned. In: Proceedings of the Workshop on Privacy in the Electronic Society, Washington (2004)

    Google Scholar 

  9. Anton, A.I., Earp, B., Bolchini, D., He, Q., Jensen, C., Stufflebeam, W.: The lack of clarity in financial privacy policies and the need for standardization. IEEE Secur. Priv. 2(2), 36–45 (2003)

    Article  Google Scholar 

  10. Ashley, P., Hada, S., Karjoth, G., Schunter, M.: E-P3P privacy policies and privacy authorization. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES’02), Washington (2002)

    Google Scholar 

  11. Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)

    Google Scholar 

  12. Liu, L., Yu, E.S.K., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: Proceedings of 11th IEEE International Conference on Requirements Engineering (RE’03), Monterrey, USA, pp. 151–61 (2003)

    Google Scholar 

  13. He, Q., Anton, A.I.: A framework for modelling privacy requirements in role engineering. In: Proceedings of 9th International Workshop on Requirements Engineering – Foundation for Software Quality (REFSQ’03), pp. 137–146, Klagenfurt/Velden, Austria (2003)

    Google Scholar 

  14. Crook, R., Ince, D., Nuseibeh, B.: On modelling access policies: relating roles to their organisational context. In: Proceedings of 13th IEEE International Requirements Engineering Conference (RE’05), Paris, France (2005)

    Google Scholar 

  15. van Lamsweerde, A.: Requirements Engineering: From System Goals to UML Models to Software Specifications. Wiley, England (2009)

    Google Scholar 

  16. ISO/IEC 13568:2002. Information Technology – Z Formal Specification Notation – Syntax, Type System and Semantics (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. L.N. Gumilyov Eurasian National University, Astana, 010000, Kazakhstan

    Sandugash Askarova, Altynbek Sharipbayev & Dina Satybaldina

  2. “Zerde” Holding JSC, Astana, 010000, Kazakhstan

    Darkhan Mukhatov

Authors
  1. Sandugash Askarova
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Darkhan Mukhatov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Altynbek Sharipbayev
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dina Satybaldina
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sandugash Askarova .

Editor information

Editors and Affiliations

  1. University of Rostock, Rostock, Germany

    Niels Lohmann

  2. Ulsan National Institute of Science and Technology, Ulsan, Korea, Republic of (South Korea)

    Minseok Song

  3. Stockholm University, Stockholm, Sweden

    Petia Wohed

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Askarova, S., Mukhatov, D., Sharipbayev, A., Satybaldina, D. (2014). Short Paper: A Framework for the Privacy Access Control Model. In: Lohmann, N., Song, M., Wohed, P. (eds) Business Process Management Workshops. BPM 2013. Lecture Notes in Business Information Processing, vol 171. Springer, Cham. https://doi.org/10.1007/978-3-319-06257-0_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-06257-0_40

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-06256-3

  • Online ISBN: 978-3-319-06257-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation