Purpose Control: Did You Process the Data for the Intended Purpose?

  • Milan Petković
  • Davide Prandi
  • Nicola Zannone
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6933)


Data protection legislation requires personal data to be collected and processed only for lawful and legitimate purposes. Unfortunately, existing protection mechanisms are not appropriate for purpose control: they only prevent unauthorized actions from occurring and do not guarantee that the data are actually used for the intended purpose. In this paper, we present a flexible framework for purpose control, which connects the intended purpose of data to the business model of an organization and detects privacy infringements by determining whether the data have been processed only for the intended purpose.


Purpose Control Active Task Hospital Information System Intended Purpose Label Transition System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Guarda, P., Zannone, N.: Towards the Development of Privacy-Aware Systems. Information and Software Technology 51(2), 337–350 (2009)CrossRefGoogle Scholar
  2. 2.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: Proceedings of the 28th International Conference on Very Large Data Bases, pp. 143–154. Morgan Kaufmann, San Francisco (2002)CrossRefGoogle Scholar
  3. 3.
    Ashley, P., Hada, S., Karjoth, G., Schunter, M.: E-P3P privacy policies and privacy authorization. In: Proceedings of the 2002 ACM Workshop on Privacy in the Electronic Society, pp. 103–109. ACM, New York (2002)Google Scholar
  4. 4.
    Byun, J.-W., Li, N.: Purpose based access control for privacy protection in relational database systems. VLDB J 17(4), 603–619 (2008)CrossRefGoogle Scholar
  5. 5.
    Massacci, F., Mylopoulos, J., Zannone, N.: Hierarchical Hippocratic Databases with Minimal Disclosure for Virtual Organizations. VLDB J 15(4), 370–387 (2006)CrossRefGoogle Scholar
  6. 6.
    Catteddu, D., Hogben, G.: Cloud Computing – Benefits, risks and recommendations for information security. European Network and Information Security Agency (ENISA), Report (2009)Google Scholar
  7. 7.
    Daskala, B.: Being diabetic in 2011 – Identifying Emerging and Future Risks in Remote Health Monitoring and Treatment. European Network and Information Security Agency (ENISA), Report (2009)Google Scholar
  8. 8.
    Karjoth, G., Schunter, M., Waidner, M.: Platform for Enterprise Privacy Practices: Privacy-enabled Management of Customer Data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Lovis, C., Spahni, S., Cassoni, N., Geissbuhler, A.: Comprehensive management of the access to the electronic patient record: Towards trans-institutional networks. Int. J. of Medical Informatics 76(5-6), 466–470 (2007)CrossRefGoogle Scholar
  10. 10.
    Lapadula, A., Pugliese, R., Tiezzi, F.: Calculus for Orchestration of Web Services. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 33–47. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    OASIS, Web Services Business Process Execution Language – Version 2.0, OASIS Standard (2007),
  12. 12.
    Object Management Group, Business Process Modeling Notation (BPMN) Specification (version 1.2), OMG document (2009),
  13. 13.
    Rozinat, A., van der Aalst, W.M.P.: Conformance checking of processes based on monitoring real behavior. Inf. Syst. 33(1), 64–95 (2008)CrossRefGoogle Scholar
  14. 14.
    Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare, Committee Draft (2008),
  15. 15.
    Plotkin, G.: The origins of structural operational semantics. J. Log. Algebr. Program 60, 3–15 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Prandi, D., Quaglia, P., Zannone, N.: Formal analysis of BPMN via a translation into COWS. In: Wang, A.H., Tennenholtz, M. (eds.) COORDINATION 2008. LNCS, vol. 5052, pp. 249–263. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Office of the National Coordinator for Health Information Technology Electronic Health Records and Meaningful Use (2010),
  18. 18.
    Ma, D., Tsudik, G.: A new approach to secure logging. ACM Trans. Storage 5(1), 1–21 (2009)CrossRefGoogle Scholar
  19. 19.
    Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2(2), 159–176 (1999)CrossRefGoogle Scholar
  20. 20.
    Rostad, L., Edsberg, O.: A study of access control requirements for healthcare systems based on audit trails from access logs. In: Proceedings of the 22nd Annual Computer Security Applications Conference, pp. 175–186. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  21. 21.
    Fantechi, A., Gnesi, S., Lapadula, A., Mazzanti, F., Pugliese, R., Tiezzi, F.: A model checking approach for verifying COWS specifications. In: Fiadeiro, J.L., Inverardi, P. (eds.) FASE 2008. LNCS, vol. 4961, pp. 230–245. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    He, Q., Antón, A.I.: A Framework for Modeling Privacy Requirements in Role Engineering. In: Proceedings of the 9th International Workshop on Requirements Engineering: Foundation for Software Quality, pp. 137–146 (2003)Google Scholar
  23. 23.
    Karjoth, G., Schunter, M.: A Privacy Policy Model for Enterprises. In: Proceedings of the 15th IEEE Workshop on Computer Security Foundations, pp. 271–281. IEEE Computer Society, Los Alamitos (2002)CrossRefGoogle Scholar
  24. 24.
    Backes, M., Karjoth, G., Bagga, W., Schunter, M.: Efficient comparison of enterprise privacy policies. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 375–382. ACM, New York (2004)CrossRefGoogle Scholar
  25. 25.
    Hilty, M., Basin, D.A., Pretschner, A.: On Obligations. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 98–117. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  26. 26.
    OASIS, eXtensible Access Control Markup Language (XACML) Version 2.0, OASIS Standard (2005),
  27. 27.
    Al-Fedaghi, S.S.: Beyond purpose-based privacy access control. In: Proceedings of the 8th Conference on Australasian Database, pp. 23–32. Australian Computer Society, Inc. (2007)Google Scholar
  28. 28.
    Fournet, C., Guts, N., Nardelli, F.Z.: A formal implementation of value commitment. In: Gairing, M. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 383–397. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  29. 29.
    Cederquist, J.G., Corin, R.J., Dekker, M.A.C., Etalle, S., den Hartog, J.I., Lenzini, G.: Audit-based compliance control. Int. J. Inf. Sec. 6(2-3), 133–151 (2007)CrossRefGoogle Scholar
  30. 30.
    Agrawal, R., Bayardo, R., Faloutsos, C., Kiernan, J., Rantzau, R., Srikant, R.: Auditing Compliance with a Hippocratic Database. In: Proceedings of the 30th International Conference on Very Large Data Bases. VLDB Endowment, pp. 516–527 (2004)Google Scholar
  31. 31.
    Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 62–75. IEEE Computer Society, Los Alamitos (2003)Google Scholar
  32. 32.
    Kumar, S., Spafford, E.H.: A Pattern Matching Model for Misuse Intrusion Detection. In: Proceedings of the 17th National Computer Security Conference, pp. 11–21 (1994)Google Scholar
  33. 33.
    van der Aalst, W.M.P., Weijters, T., Maruster, L.: Workflow Mining: Discovering Process Models from Event Logs. IEEE Trans. Knowl. Data Eng. 16(9), 1128–1142 (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Milan Petković
    • 1
    • 3
  • Davide Prandi
    • 2
  • Nicola Zannone
    • 3
  1. 1.Philips Research EindhovenNetherlands
  2. 2.Centre for Integrative BiologyUniversity of TrentoItaly
  3. 3.Eindhoven University of TechnologyNetherlands

Personalised recommendations