3rd International ICST Symposium on Information Assurance and Security

Research Article

Enforcing Privacy by Means of an Ontology Driven XACML Framework

  • @INPROCEEDINGS{10.1109/IAS.2007.52,
        author={Dhiah  el Diehn I. Abou-Tair and Stefan  Berlik and Udo  Kelter},
        title={Enforcing Privacy by Means of an Ontology Driven XACML Framework},
        proceedings={3rd International ICST Symposium on  Information Assurance and Security},
        publisher={IEEE},
        proceedings_a={IAS},
        year={2007},
        month={9},
        keywords={Access control  Application software  Computer architecture  Data privacy  Data security  Information security  Law  Ontologies  Protection  Software systems},
        doi={10.1109/IAS.2007.52}
    }
    
  • Dhiah el Diehn I. Abou-Tair
    Stefan Berlik
    Udo Kelter
    Year: 2007
    Enforcing Privacy by Means of an Ontology Driven XACML Framework
    IAS
    IEEE
    DOI: 10.1109/IAS.2007.52
Dhiah el Diehn I. Abou-Tair1,*, Stefan Berlik1,*, Udo Kelter1,*
  • 1: Databases and Software Engineering Group University of Siegen Siegen, Germany
*Contact email: aboutair@informatik.uni-siegen.de, berlik@informatik.uni-siegen.de, kelter@informatik.uni-siegen.de

Abstract

Nowadays enforcing privacy in enterprises is recognized as an issue of impact. Actually, it is a big challenge to adapt normative laws and regulations in a software system. It is a challenging task to include the formalized laws and rules in enterprises since e.g. more than one regulation may affect the terms of privacy concerning one situation. Traditional access control provides a general mechanism for assigning rights to individual users or roles. In the context of privacy this is insufficient; it offers no means to fulfil certain aspects such as limitations to the duration for which private data may be stored. To enforce privacy in enterprises we further need a fine granular access control mechanism on the data entities to ensure that every aspect of privacy can be reflected. This paper provides a novel solution for this by means of ontologies. The usage of ontologies in our approach differs from the conventional form in focusing on generating access control policies which are adapted from our software framework to provide fine granular access on the diverse data sources.