The Community for Technology Leaders
20th IEEE Computer Security Foundations Symposium (CSF'07) (2007)
Venice, Italy
July 6, 2007 to July 8, 2007
ISBN: 0-7695-2819-8
pp: 279-294
Adam Barth , Stanford University
John Mitchell , Stanford University
Anupam Datta , Carnegie Mellon University
Sharada Sundaram , Tata Consultancy Services
We propose an abstract model of business processes for the purpose of (i) evaluating privacy policy in light of the goals of the process and (ii) developing automated support for privacy policy compliance and audit. In our model, agents that send and receive tagged personal information are assigned organizational roles and responsibilities. We present approaches and algorithms for determining whether a business process design simultaneously achieves privacy and the goals of the organization (utility). The model also allows us to develop a notion of minimal exposure of personal information, for a given process. We investigate the problem of auditing with inexact information and develop methods to identify a set of potentially culpable individuals when privacy is breached. The audit methods draw on traditional causality concepts to reduce the effort needed to search audit logs for irresponsible actions.

S. Sundaram, J. Mitchell, A. Datta and A. Barth, "Privacy and Utility in Business Processes," 20th IEEE Computer Security Foundations Symposium (CSF'07)(CSF), Venice, Italy, 2007, pp. 279-294.
96 ms
(Ver 3.3 (11022016))