Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Systems Security

ICISS 2017: Information Systems Security pp 68–87Cite as

Towards Generalization of Privacy Policy Specification and Property-Based Information Leakage

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10717))

Abstract

In spite of deep and intensive research, the existing data privacy preserving approaches primarily suffer from the lack of generality. Some solutions deal with direct information leakage, whereas others deal with indirect information leakage which occurs due to the presence of data or functional dependencies. Moreover, privacy policy specification supported by individual method has limited expressibility, which allows to express very specific forms of privacy concerns. In this paper, we formalize a privacy-preserving policy specification language which is highly expressive to adapt a wide range of constraints in various forms, fitting suitably to the real world scenarios. Furthermore, we introduce a new form of dependency, known as Property-based Dependency, which may also cause an indirect information leakage. Finally, we propose a preventive solution, on top of the existing ones, for privacy policies expressed in our proposed language.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Generated by BDD interface http://formal.cs.utah.edu:8080/pbl/BDD.php.

References

  1. Chen, D., Zhao, H.: Data security and privacy protection issues in cloud computing. In: 2012 International Conference on Computer Science and Electronics Engineering (ICCSEE), vol. 1, pp. 647–651. IEEE (2012)

    Google Scholar 

  2. Bertino, E., Byun, J.-W., Li, N.: Privacy-preserving database systems. In: Aldini, A., Gorrieri, R., Martinelli, F. (eds.) FOSAD 2004-2005. LNCS, vol. 3655, pp. 178–206. Springer, Heidelberg (2005). https://doi.org/10.1007/11554578_6

    Chapter  Google Scholar 

  3. Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertainty Fuzziness Knowl. Based Syst. 10(05), 557–570 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  4. Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: l-diversity: privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data (TKDD) 1(1), 3 (2007)

    Article  Google Scholar 

  5. Li, N., Li, T., Venkatasubramanian, S.: t-Closeness: privacy beyond k-anonymity and l-diversity. In: IEEE 23rd International Conference on Data Engineering, ICDE 2007, pp. 106–115. IEEE (2007)

    Google Scholar 

  6. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragments and loose associations: respecting privacy in data publishing. Proc. VLDB Endow. 3(1–2), 1370–1381 (2010)

    Google Scholar 

  7. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Extending loose associations to multiple fragments. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 1–16. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39256-6_1

    Chapter  Google Scholar 

  8. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Loose associations to increase utility in data publishing. J. Comput. Secur. 23(1), 59–88 (2015)

    Google Scholar 

  9. Wang, H.W., Liu, R.: Privacy-preserving publishing data with full functional dependencies. In: Kitagawa, H., Ishikawa, Y., Li, Q., Watanabe, C. (eds.) DASFAA 2010. LNCS, vol. 5982, pp. 176–183. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12098-5_14

    Chapter  Google Scholar 

  10. Dong, B., Wang, W., Yang, J.: Secure data outsourcing with adversarial data dependency constraints. In: 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), IEEE International Conference on Intelligent Data and Security (IDS), pp. 73–78. IEEE (2016)

    Google Scholar 

  11. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Fragmentation in presence of data dependencies. IEEE Trans. Dependable Secure Comput. 11(6), 510–523 (2014)

    Google Scholar 

  12. Wang, Q., Yu, T., Li, N., Lobo, J., Bertino, E., Irwin, K., Byun, J.W.: On the correctness criteria of fine-grained access control in relational databases. In: Proceedings of the 33rd International Conference on Very Large Data Bases, VLDB Endowment, pp. 555–566 (2007)

    Google Scholar 

  13. Landberg, A.H., Nguyen, K., Pardede, E., Rahayu, J.W.: \(\delta \)-dependency for privacy-preserving XML data publishing. J. Biomed. Inf. 50, 77–94 (2014)

    Article  Google Scholar 

  14. Farkas, C., Jajodia, S.: The inference problem: a survey. ACM SIGKDD Explor. Newsl. 4(2), 6–11 (2002)

    Article  Google Scholar 

  15. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proceedings of the 28th International Conference on Very Large Data Bases, VLDB Endowment, pp. 143–154 (2002)

    Google Scholar 

  16. Paci, F., Zannone, N.: Preventing information inference in access control. In: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, pp. 87–97. ACM (2015)

    Google Scholar 

  17. Earley, J.: An efficient context-free parsing algorithm. Commun. ACM 13(2), 94–102 (1970)

    Article  MATH  Google Scholar 

  18. Mastroeni, I.: On the rôle of abstract non-interference in language-based security. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 418–433. Springer, Heidelberg (2005). https://doi.org/10.1007/11575467_27

    Chapter  Google Scholar 

  19. Giacobazzi, R., Mastroeni, I.: Abstract non-interference: parameterizing non-interference by abstract interpretation. ACM SIGPLAN Not. 39(1), 186–197 (2004)

    Article  MATH  Google Scholar 

  20. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Livraga, G., Samarati, P.: Enforcing confidentiality and data visibility constraints: an OBDD approach. In: Li, Y. (ed.) DBSec 2011. LNCS, vol. 6818, pp. 44–59. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22348-8_6

    Chapter  Google Scholar 

  21. Agrawal, R., Bird, P., Grandison, T., Kiernan, J., Logan, S., Rjaibi, W.: Extending relational database systems to automatically enforce privacy policies. In: 21st International Conference on Data Engineering, ICDE 2005, Proceedings, pp. 1013–1022. IEEE (2005)

    Google Scholar 

  22. Iyilade, J., Vassileva, J.: P2U: a privacy policy specification language for secondary data sharing and usage. In: 2014 IEEE Security and Privacy Workshops (SPW), pp. 18–22. IEEE (2014)

    Google Scholar 

  23. Cranor, L.F.: P3P: making privacy policies more useful. IEEE Secur. Priv. 99(6), 50–55 (2003)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Indian Institute of Technology Patna, Patna, India

    Dileep Kumar Koshley, Sapana Rani & Raju Halder

Authors
  1. Dileep Kumar Koshley
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sapana Rani
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Raju Halder
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dileep Kumar Koshley .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Bombay, Mumbai, India

    Rudrapatna K. Shyamasundar

  2. Indian Institute of Technology Bombay, Mumbai, India

    Virendra Singh

  3. Rutgers University, Newark, New Jersey, USA

    Jaideep Vaidya

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Koshley, D.K., Rani, S., Halder, R. (2017). Towards Generalization of Privacy Policy Specification and Property-Based Information Leakage. In: Shyamasundar, R., Singh, V., Vaidya, J. (eds) Information Systems Security. ICISS 2017. Lecture Notes in Computer Science(), vol 10717. Springer, Cham. https://doi.org/10.1007/978-3-319-72598-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72598-7_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72597-0

  • Online ISBN: 978-3-319-72598-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation