Abstract
Technology advancements have enabled the distribution and sharing of patient personal health data over several data sources. Each data source is potentially managed by a different organization, which expose its data as a Web service. Using such Web services, dynamic composition of atomic data type properties coupled with the context in which the data is accessed may breach sensitive data that may not comply with the users preference at the time of data collection. Thus, providing uniform access policies to such data can lead to privacy problems. Some fairly recent research has focused on providing solutions for dynamic privacy policy management. This paper advances these techniques, and fills some gaps in the existing works. In particular, dynamically incorporating user access context into the privacy policy decision, and its enforcement. We provide a formal model definition of the proposed approach and a preliminary evaluation of the model.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
The bio2rdf project, http://s4.semanticscience.org/bio2rdf/
Agrawal, D., Aggarwal, C.C.: On the design and quantification of privacy preserving data mining algorithms. In: SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (2001)
Agrawal, R., Johnson, C., et al.: Securing electronic health records without impeding the flow of information. International Journal of Medical Informatics (2007)
Barhamgi, M., Benslimane, D., Ghedira, C., Gancarski, A.L.: Privacy-preserving data mashup. In: International Conference on Advanced Information Networking and Applications (AINA) (2011)
Barhamgi, M., Benslimane, D., Medjahed, B.: A query rewriting approach for web service composition. Transactions on Services Computing (2010)
Bhatti, R., Bertino, E., Ghafoor, A.: A trust-based context-aware access control model for web-services. In: International Conference on Web Services (2004)
Brown, G., Pocock, A., Zhao, M.-J., Luján, M.: Conditional Likelihood Maximisation: A Unifying Framework for Information Theoretic Feature Selection. The Journal of Machine Learning Research (2012)
Christopoulou, E., Goumopoulos, C., Zaharakis, I., Kameas, A.: An ontology-based conceptual model for composing context-aware applications. Research Academic Computer Technology Institute (2004)
Ferrini, R., Bertino, E.: Supporting rbac with xacml+ owl. In: Symposium on Access Control Models and Technologies (2009)
Fung, B., Trojer, T., Hung, P.C., Xiong, L., Al-Hussaeni, K., Dssouli, R.: Service-oriented architecture for high-dimensional private data mashup. IEEE Transactions on Services Computing (2012)
Grandison, T., Ganta, S.R., Braun, U., Kaufman, J., et al.: Protecting privacy while sharing medical data between regional healthcare entities. Studies in Health Technology and Informatics (2007)
Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The weka data mining software: An update (2009)
Kasthuri, S., Meyyappan, T.: Detection of sensitive items in market basket database using association rule mining for privacy preserving. In: International Conference on Pattern Recognition, Informatics and Medical Engineering (PRIME) (2013)
Machanavajjhala, A., Gehrke, J.: On the efficiency of checking perfect privacy. In: SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (2006)
Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: l-diversity: Privacy beyond k-anonymity. Transactions on Knowledge Discovery from Data (TKDD) (2007)
Mohammed, N., Fung, B., Hung, P.C., Lee, C.-K.: Anonymizing healthcare data: a case study on the blood transfusion service. In: Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2009)
Mont, M.C., Thyne, R.: Privacy policy enforcement in enterprises with identity management solutions. In: International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services (2006)
Nguyen, H.-V., Choi, Y.: Proactive detection of ddos attacks utilizing k-nn classifier in an anti-ddos framework. International Journal of Electrical, Computer, and Systems Engineering (2010)
Pallapa, G., Di Francescoy, M., Das, S.K.: Adaptive and context-aware privacy preservation schemes exploiting user interactions in pervasive environments. In: International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM) (2012)
Rahmouni, H.B., Solomonides, T., Mont, M.C., Shiu, S.: Privacy compliance in european healthgrid domains: An ontology-based approach. In: International Symposium on Computer-Based Medical Systems, CBMS (2009)
Sweeney, L.: Achieving k-anonymity privacy protection using generalization and suppression. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems (2002)
Villata, S., Costabello, L., Delaforge, N., Gandon, F.: A social semantic web access control model. Journal on Data Semantics (2013)
Wang, K., Fung, B.C., Philip, S.Y.: Handicapping attacker’s confidence: an alternative to k-anonymization. Knowledge and Information Systems (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Ammar, N., Malik, Z., Bertino, E., Rezgui, A. (2014). Dynamic Privacy Policy Management in Services-Based Interactions. In: Decker, H., Lhotská, L., Link, S., Spies, M., Wagner, R.R. (eds) Database and Expert Systems Applications. DEXA 2014. Lecture Notes in Computer Science, vol 8645. Springer, Cham. https://doi.org/10.1007/978-3-319-10085-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-10085-2_23
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10084-5
Online ISBN: 978-3-319-10085-2
eBook Packages: Computer ScienceComputer Science (R0)