On Using Obligations for Usage Control in Joining of Datasets

  • Mortaza S. Bargh
  • Marco Vink
  • Sunil Choenni
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 867)


Legitimately collected and accessed data must also be used appropriately according to laws, guidelines, policies or the (current) preferences of data subjects. For example, inconsistency between the data collection purpose and the data usage purpose may conflict with some privacy principles. In this contribution we motivate adopting the usage control model when joining vertically-separated relational datasets and characterize it as obligations within the Usage Control (UCON) model. Such obligations are defined by the state of the object (i.e., a dataset) in the UCON model with respect to the state of another object/dataset. In case of the join operation, dependency on two UCON objects (i.e., two datasets) results in a new type of UCON obligations. We describe also a number of mechanisms to realize the identified concept in database management systems. To this end, we also provide some example methods for determining whether two given datasets can be joined.


Access control Join operation Obligations Privacy Usage control 


  1. 1.
    Agrawal, R., et al.: Hippocratic databases. In: Proceedings of the 28th International Conference on Very Large Data Bases, vol. 4, no. 1890, pp. 143–154 (2002)CrossRefGoogle Scholar
  2. 2.
    Bargh, M.S., Choenni, S.: On preserving privacy whilst integrating data in connected information systems. In: Proceedings of International Conference on Cloud Security Management (ICCSM 2013), Guimarães, Portugal (2013)Google Scholar
  3. 3.
    Bargh, MS., Vink, M.E., Choenni, S.: On usage control in relational database management systems: obligations and their enforcement in joining datasets. In: Proceedings of 3rd International Conference on Information Systems Security and Privacy (ICISSP), Porto, Portugal, 19–21 February 2017Google Scholar
  4. 4.
    Bettini, C., et al.: Provisions and obligations in policy rule management. J. Netw. Syst. Manag. 11(3), 351–372 (2013)CrossRefGoogle Scholar
  5. 5.
    Byun, J., Li, N.: Purpose based access control for privacy protection in relational database systems. VLDB J. 17, 603–619 (2008)CrossRefGoogle Scholar
  6. 6.
    Choenni, S., Bargh, M.S., Roepan, C., Meijer, R.F.: Privacy and security in smart data collection by citizens. In: Gil-Garcia, J.R., Pardo, T.A., Nam, T. (eds.) Smarter as the New Urban Agenda. PAIT, vol. 11, pp. 349–366. Springer, Cham (2016). Scholar
  7. 7.
    Choenni, S., van Dijk, J., Leeuw, F.: Preserving privacy whilst integrating data: applied to criminal justice. Inf. Polity 15(1–2), 125–138 (2010)Google Scholar
  8. 8.
    Colombo, P., Ferrari, E.: Enforcing obligations within relational database management systems. IEEE Trans. Depend. Secur. Comput. 11, 1–14 (2014)CrossRefGoogle Scholar
  9. 9.
    Dawes, S.S.: Information policy meta-principles: stewardship and usefulness. In: Sprague Jr., R.H. (ed.) Proceedings of the 43rd Hawaii International Conference on System Sciences (HICSS), pp. 1–10 (2010)Google Scholar
  10. 10.
    Dawes, S.S.: Stewardship and usefulness: policy principles for information-based transparency. Gov. Inf. Q. 27(4), 377–383 (2010)CrossRefGoogle Scholar
  11. 11.
    Fung, B.C.M., et al.: Privacy-preserving data publishing. ACM Comput. Surv. 42(4), 1–53 (2010)CrossRefGoogle Scholar
  12. 12.
    Gama, P., Ribeiro, C., Ferreira, P.: Heimdhal: a history-based policy engine for grids. In: Sixth IEEE International Symposium on In Cluster Computing and the Grid (CCGRID) (2006)Google Scholar
  13. 13.
    Hilty, M., Basin, D., Pretschner, A.: On obligations. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 98–117. Springer, Heidelberg (2005). Scholar
  14. 14.
    Jacobs, B., et al.: Polymorphic Encryption and Pseudonymization (PEP) for Privacy-Friendly Personalised Medicine. Presentations, ICIS Digital Security, Radboud University, 16 September 2016Google Scholar
  15. 15.
    Karr, A.F., et al.: Secure, privacy-preserving analysis of distributed databases. Technometrics 49(3), 335–345 (2007)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Katt, B. et al.: A general obligation model and continuity: enhanced policy enforcement engine for usage control. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT 2008), pp. 123–132 (2008)Google Scholar
  17. 17.
    Kosinski, M., Stillwell, D., Graepel, T.: Private traits and attributes are predictable from digital records of human behavior. Proc. Natl. Acad. Sci. U.S.A. 110(15), 5802–5805 (2013)CrossRefGoogle Scholar
  18. 18.
    Laur, S., Talviste, R., Willemson, J.: From oblivious AES to efficient and secure database join in the multiparty setting. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 84–101. Springer, Heidelberg (2013). Scholar
  19. 19.
    Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010)CrossRefGoogle Scholar
  20. 20.
    Lopez, J., Oppliger, R., Pernul, G.: Authentication and authorization infrastructures (AAIs): a comparative survey. Comput. Secur. 23(7), 578–590 (2004)CrossRefGoogle Scholar
  21. 21.
    de Montjoye, Y.-A., et al.: Unique in the crowd: the privacy bounds of human mobility. Sci. Rep. 3, 1376 (2013)CrossRefGoogle Scholar
  22. 22.
    Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets open datasets. In: IEEE Symposium on Security and Privacy (SP 2008), pp. 111–125 (2008)Google Scholar
  23. 23.
    Ni, Q., Bertino, E., Lobo, J.: An obligation model bridging access control policies and privacy policies. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies - SACMAT 2008, p. 133 (2008)Google Scholar
  24. 24.
    Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. Inf. Syst. 7(1), 128–174 (2004)CrossRefGoogle Scholar
  25. 25.
    Sandhu, R., Park, J.: Usage control: a vision for next generation access control. In: Gorodetsky, V., Popyack, L., Skormin, V. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17–31. Springer, Heidelberg (2003). Scholar
  26. 26.
    Sankar, L., Rajagopalan, S., Poor, H.: Utility-privacy tradeoff in databases: an information-theoretic approach. IEEE Trans. Inf. Forensics Secur. 8, 838–852 (2013)CrossRefGoogle Scholar
  27. 27.
    Sweeny, L.: Uniqueness of simple demographics in the U.S. population. Carnegie Mellon University, Laboratory for International Data Privacy, Pittsburgh, PA (2000)Google Scholar
  28. 28.
    Verheul, E., et al.: Polymorphic Encryption and Pseudonymisation for Personalised Healthcare (2016).
  29. 29.
    Wang, W., Ying, L., Zhang, J.: On the relation between identifiability, differential privacy and mutual-information privacy. In: 52nd IEEE Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 1086–1092 (2014)Google Scholar
  30. 30.
    Zhang, X., et al.: Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur. 8(4), 351–387 (2005)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Research and Documentation CentreMinistry of Security and JusticeThe HagueThe Netherlands
  2. 2.Creating 010Rotterdam University of Applied SciencesRotterdamThe Netherlands

Personalised recommendations