Abstract
Web services enable software systems to exchange data over the Internet. Often Web services need to disclose sensible data to service consumers. For data providers, the disclosure of sensitive data is often restrictive only to particular users for some particular purposes. Therefore, preserving privacy is a fundamental requirement in Web services. Hippocratic database has been introduced for privacy protection in relational database systems where the access decisions, allowed or denied, are based on privacy policies and authorization tables. To provide more options of data access, purpose trees are proposed to capture purpose hierarchies so that information can be provided to users according to proposes. Ontology has been used for classification hierarchies, which can be efficiently accessed via ontology query languages. In this paper, we propose an ontology-based data access model so that different level of data access can be provided to Web service users with different roles for different purposes. To do this we will use ontology to capture purpose hierarchies and data generalization hierarchy. We demonstrate our access model with prototypes of finance services, and also provide performance evaluation results.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ghani, N.A., Sidek, Z.M.: Privacy-preserving in web services using hippocratic database. In: International Symposium on Information Technology, vol. 1, pp. 1–5 (2008)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: 28th International Conference on Very Large Data Bases (VLDB), pp. 143–154 (2002)
LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.: Limiting disclosure in hippocratic databases. In: 30th International Conference on Very Large Data Bases (VLDB), pp. 108–119 (2004)
Agrawal, R., Kini, A., LeFevre, K., Wang, A., Xu, Y., Zhou, D.: Managing healthcare data hippocratically. In: ACM SIGMOD International Conference on Management of Data, pp. 947–948 (2004)
Massacci, F., Mylopoulos, J., Zannone, N.: Hierarchical hippocratic databases with minimal disclosure for virtual organizations. VLDB J. 15(4), 370–387 (2006)
Laura-Silva, Y., Aref, W.: Realizing privacy-preserving features in hippocratic databases. In: IEEE 23rd International Conference on Data Engineering Workshop, pp. 198–206 (2007)
Li, M., Sun, X., Wang, H., Zhang, Y., Zhang, J.: Privacy-aware access control with trust management in web service. World Wide Web 14(4), 407–430 (2011)
Xiao, X., Tao, Y.: Personalized privacy preservation. In: ACM SIGMOD International Conference on Management of Data, pp. 229–240 (2006)
Samarati, P., Sweeney, L.: Generalizing data to provide anonymity when disclosing information. In: ACM SIGACT SIGMOD SIGART Symposium on Principles of Database Systems, vol. 17, p. 188 (1998)
Sweeney, L.: Achieving k-anonymity privacy protection using generalization and suppression. Int. J. Uncertainty Fuzziness Knowl. Based Syst. 10(05), 571–588 (2002)
Miller, J., Campan, A., Truta, T.M.: Constrained k-anonymity: privacy with generalization boundaries. In: Practical Privacy-Preserving Data Mining, p. 30 (2008)
Kisilevich, S., Rokach, L., Elovici, Y., Shapira, B.: Efficient multidimensional suppression for k-anonymity. IEEE Trans. Knowl. Data Eng. 22(3), 334–347 (2010)
Omran, E., Bokma, A., Abu-Almaati, S.: A k-anonymity based semantic model for protecting personal information and privacy. In: IEEE International Advance Computing Conference, pp. 1443–1447 (2009)
Martínez, S., Sánchez, D., Valls, A., Batet, M.: The role of ontologies in the anonymization of textual variables. In: 13th International Conference of the Catalan Association for Artificial Intelligence, vol. 220, p. 153 (2010)
Domingo-Ferrer, J., Torra, V.: Disclosure control methods and information loss for microdata. In: Confidentiality, Disclosure, and Data Access: Theory and Practical Applications for Statistical Agencies, pp. 93–112 (2001)
Iqbal, Z., Noll, J., Alam, S., Chowdhury, M.M.: Toward user-centric privacy-aware user profile ontology for future services. In: 3rd International Conference on Communication Theory, Reliability, and Quality of Service, pp. 249–254 (2010)
Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W., Thuraisingham, B.: R owl bac: representing role based access control in owl. In: 13th ACM Symposium on Access Control Models and Technologies, pp. 73–82 (2008)
Cirio, L., Cruz, I.F., Tamassia, R.: A role and attribute based access control system using semantic web technologies. In: Meersman, R., Tari, Z. (eds.) OTM-WS 2007, Part II. LNCS, vol. 4806, pp. 1256–1266. Springer, Heidelberg (2007)
Kabir, M.E., Wang, H., Bertino, E.: A role-involved purpose-based access control model. Inf. Syst. Front. 14(3), 809–822 (2012)
Tumer, A., Dogac, A., Toroslu, I.H.: A semantic based privacy framework for web services. In: Proceedings of ESSW (2003)
Gruber, T., et al.: A translation approach to portable ontology specifications. Knowl. Acquisition 5(2), 199–220 (1993)
Wang, Y., Liu, W., Bell, D.: A concept hierarchy based ontology mapping approach. In: Bi, Y., Williams, M.-A. (eds.) KSEM 2010. LNCS, vol. 6291, pp. 101–113. Springer, Heidelberg (2010)
Li, M., Wang, H., Plank, A.: Privacy-aware access control with generalization boundaries. In: 32nd Australasian Conference on Computer Science, pp. 105–112 (2009)
Talouki, M., NematBakhsh, M.a., Baraani, A.: K-anonymity privacy protection using ontology. In: 14th International CSI Computer Conference, pp. 682–685 (2009)
Iyengar, V.S.: Transforming data to satisfy privacy constraints. In: 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 279–288 (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Hartmann, S., Ma, H., Vechsamutvaree, P. (2015). Providing Ontology-Based Privacy-Aware Data Access Through Web Services. In: Jeusfeld, M., Karlapalem, K. (eds) Advances in Conceptual Modeling. ER 2015. Lecture Notes in Computer Science(), vol 9382. Springer, Cham. https://doi.org/10.1007/978-3-319-25747-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-25747-1_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25746-4
Online ISBN: 978-3-319-25747-1
eBook Packages: Computer ScienceComputer Science (R0)