Skip to main content
SpringerLink
Log in

Hierarchical hippocratic databases with minimal disclosure for virtual organizations

  • Special Issue Paper
  • Published:
The VLDB Journal Aims and scope Submit manuscript

Abstract

The protection of customer privacy is a fundamental issue in today’s corporate marketing strategies. Not surprisingly, many research efforts have proposed new privacy-aware technologies. Among them, Hippocratic databases offer mechanisms for enforcing privacy rules in database systems for inter-organizational business processes (also known as virtual organizations). This paper extends these mechanisms to allow for hierarchical purposes, distributed authorizations and minimal disclosure supporting the business processes of virtual organizations that want to offer their clients a number of ways to fulfill a service. Specifically, we use a goal-oriented approach to analyze privacy policies of the enterprises involved in a business process. On the basis of the purpose hierarchy derived through a goal refinement process, we provide algorithms for determining the minimum set of authorizations needed to achieve a service. This allows us to automatically derive access control policies for an inter-organizational business process from the collection of privacy policies associated with different participating enterprises. By using effective on-line algorithms, the derivation of such minimal information can also be done on-the-fly by the customer wishing to access a service.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Agrawal, R., Evfimievski, A., Srikant, R.: Information sharing across private databases. In: Proceedings of SIGMOD’03, pp. 86–97. ACM Press, New York (2003)

  2. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases In: Proceedings of VLDB’02, pp. 143–154. Morgan Kaufmann, San Francisco (2002)

  3. Ausiello, G., Franciosa, P.G., Frigioni, D.: Directed hypergraphs: problems, algorithmic results, and a novel decremental approach. In: Proceedings of ICTCS’01, LNCS 2202, pp. 312–327. Springer, Berlin Heidelberg New York (2001)

  4. Ausiello, G., Giaccio, R., Italiano, G.F., Nanni, U.: Optimal traversal of directed hypergraphs. Technical Report TR-92-073, The International Computer Science Institute (ICSI) (1992)

  5. Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Proceedings of ESORICS’03, LNCS 2808, pp. 162–180. Springer, Berlin Heidelberg New York (2003)

  6. Bresciani P., Giorgini P., Giunchiglia F., Mylopoulos J., Perini A. (2004) TROPOS: An agent-oriented software development methodology. JAAMAS 8(3): 203–236

    Google Scholar 

  7. Byun, J.W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Proceedings of SACMAT’05, pp. 102–110. ACM Press, New York (2005)

  8. Chang C.L., Slage J.R. (1971) An admissible and optimal algorithm for searching AND/OR graphs. Artif. Intell. 2, 117–128

    Article  MATH  Google Scholar 

  9. Cormen T.H., Leiserson C.E., Rivest R.L. (1990) Introduction to algorithms, 2nd edn. MIT Press, Cambridge

    Google Scholar 

  10. Cranor, L., Langheinrich, M., Marchiori, M., Reagle, J.: The platform for privacy preferences 1.0 (P3P1.0) specification. W3C recommendation (2002). http://www.w3.org/TR/P3P/

  11. Desmedt, Y., Wang, Y.: Maximum flows and critical vertices in and/or graphs. In: Proceedings of COCOON’02, pp. 238–248. Springer, Berlin Heidelberg New York (2002)

  12. Dijkstra, E.W.: A note on two problems in connection with graphs. Numer. Math. 1, 269–271 (1959)

    Google Scholar 

  13. Ferrari, E., Thuraisingham, B.M.: Security and privacy for web databases and services. In: Proceedings of the 9th International Conference on Extending Database Technology, LNCS 2992, pp. 17–28. Springer, Berlin Heidelberg New York (2004)

  14. Gallo G., Longo G., Pallottino S., Nguyen S. (1993) Directed hypergraphs and applications. Discrete Appl. Math. 42(2–3): 177–201

    Article  MATH  MathSciNet  Google Scholar 

  15. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: Proceedings of RE’05, pp. 167–176. IEEE Press, Lausanne (2005)

  16. Handy C. (1995) Trust and the virtual organization. Harv. Bus. Rev. 73, 40–50

    Google Scholar 

  17. Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: privacy-enabled management of customer data. In: Proceedings of PET’02, LNCS 2482, pp. 69–84. Springer, Berlin Heidelberg New York (2002)

  18. LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.J.: Limiting Disclosure in Hippocratic Databases. In: Proceedings of VLDB’04, pp. 108–119. Morgan Kaufmann, San Francisco (2004)

  19. Martelli, A., Montanari, U.: Additive AND/OR graphs. In: Proceedings of IJCAI’73, pp. 1–11. Morgan Kaufmann San Francisco (1973)

  20. Massacci, F., Mylopoulos, J., Zannone, N.: Minimal disclosure in hierarchical hippocratic databases with delegation. In: Proceedings of ESORICS’05, LNCS 3679, pp. 438–454. Springer, Berlin Heidelberg New York (2005)

  21. Massacci, F., Zannone, N.: Privacy is linking permission to purpose. In: Proceedings of the 12th International Workshop on Sec. protocols (2004)

  22. Nilsson N.J. (1971) Problem solving methods in AI. McGraw-Hill, New York

    Google Scholar 

  23. Papazoglou M.P. (2003) Web services and business transactions. World Wide Web Internet Web Inform. Sys. 6, 49–91

    Article  Google Scholar 

  24. Sahni S. (1974) Computationally related problems. SIAM J. Comp. 3(4): 262–279

    Article  MathSciNet  Google Scholar 

  25. Seamons, K.E., Winslett, M., Yu, T., Yu, L., Jarvis, R.: Protecting privacy during on-line trust negotiation. In: Proceedings of PET’02, LNCS 2482, pp. 129–143. Springer, Berlin Heidelberg New York (2002)

  26. Sebastiani, R., Giorgini, P., Mylopoulos, J.: Simple and minimum-cost satisfiability for goal models. In: Proceedings of CAiSE’04, LNCS 3084, pp. 20–35. Springer, Berlin New York (2004)

  27. Thuraisingham B. (2005) Privacy constraint processing in a privacy-enhanced database management system. Data Knowl. Eng. 55(2): 103–236

    Article  Google Scholar 

  28. Tumer, A., Dogac, A., Toroslu, H.: A Semantic based Privacy framework for web services. In: Proceedings of ESSW’03 (2003)

  29. Yasuda, M., Tachikawa, T., Takizawa, M.: Information flow in a purpose-oriented access control model. In: Proceedings of ICPADS’97, pp. 244–249. IEEE Press, Lausanne (1997)

Download references

Author information

Authors and Affiliations

  1. Department of Information and Communication Technology, University of Trento, Trento, Italy

    Fabio Massacci, John Mylopoulos & Nicola Zannone

Authors
  1. Fabio Massacci
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Mylopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nicola Zannone
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nicola Zannone.

Additional information

This is an expanded and revised version of [20].

Rights and permissions

Reprints and permissions

About this article

Cite this article

Massacci, F., Mylopoulos, J. & Zannone, N. Hierarchical hippocratic databases with minimal disclosure for virtual organizations. The VLDB Journal 15, 370–387 (2006). https://doi.org/10.1007/s00778-006-0009-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00778-006-0009-y

Keywords

Search

Navigation