Abstract
Today privacy is a key issue when securing business processes. It has received increasing attention from consumers, companies, researchers and legislators. Organizations claim to have their own privacy policy as well as guarantee its proper enforcement. In this work we consider privacy features at the early stages of the systems development and specifically focus on modelling and analysis of the system requirements. A framework for modelling privacy access control policies was created through (i) defining access control policies that satisfy privacy requirements (ii) verification of designed privacy access control policy, and (iii) a set of heuristics for defining policy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Barth, A., Datta, A., Mitchell, J.C., Sundaram, S.: Privacy and utility in business processes. In: Proceedings of 20th IEEE Computer Security Foundations Symposium, pp. 279–294 (2007)
Anton, A.I., Earp, J.B., Potts, C., Alspaugh, T.A.: The role of policy and privacy values in requirements engineering. In: Proceedings of the 5th IEEE International Symposium on Requirements Engineering (RE’01), Toronto, Canada, pp.138–145 (2001)
Sandhu, R., Samarati, R.: Access control: principles and practice. IEEE Commun. Mag. 32(9), 40–48 (1994)
Ni, Q., Trombetta, A., Bertino, E., Lobo, J.: Privacy-aware role based access control. In: Proceedings of SACMAT’07, Sophia Antipolis, France (2007)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House, London (2007)
Law of the Republic of Kazakhstan “On informatization”, Astana (2007)
Lu, C.: Powerful Privacy Potential: P3P in the Context of Legislation and Education (2003)
Stufflebeam, W., Antón, A.I., He, Q., Jain, N.: Specifying privacy policies with P3P and EPAL: lessons learned. In: Proceedings of the Workshop on Privacy in the Electronic Society, Washington (2004)
Anton, A.I., Earp, B., Bolchini, D., He, Q., Jensen, C., Stufflebeam, W.: The lack of clarity in financial privacy policies and the need for standardization. IEEE Secur. Priv. 2(2), 36–45 (2003)
Ashley, P., Hada, S., Karjoth, G., Schunter, M.: E-P3P privacy policies and privacy authorization. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES’02), Washington (2002)
Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)
Liu, L., Yu, E.S.K., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: Proceedings of 11th IEEE International Conference on Requirements Engineering (RE’03), Monterrey, USA, pp. 151–61 (2003)
He, Q., Anton, A.I.: A framework for modelling privacy requirements in role engineering. In: Proceedings of 9th International Workshop on Requirements Engineering – Foundation for Software Quality (REFSQ’03), pp. 137–146, Klagenfurt/Velden, Austria (2003)
Crook, R., Ince, D., Nuseibeh, B.: On modelling access policies: relating roles to their organisational context. In: Proceedings of 13th IEEE International Requirements Engineering Conference (RE’05), Paris, France (2005)
van Lamsweerde, A.: Requirements Engineering: From System Goals to UML Models to Software Specifications. Wiley, England (2009)
ISO/IEC 13568:2002. Information Technology – Z Formal Specification Notation – Syntax, Type System and Semantics (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Askarova, S., Mukhatov, D., Sharipbayev, A., Satybaldina, D. (2014). Short Paper: A Framework for the Privacy Access Control Model. In: Lohmann, N., Song, M., Wohed, P. (eds) Business Process Management Workshops. BPM 2013. Lecture Notes in Business Information Processing, vol 171. Springer, Cham. https://doi.org/10.1007/978-3-319-06257-0_40
Download citation
DOI: https://doi.org/10.1007/978-3-319-06257-0_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-06256-3
Online ISBN: 978-3-319-06257-0
eBook Packages: Computer ScienceComputer Science (R0)