Issue No.04 - July-Aug. (2014 vol.11)
Elena Ferrari , Dipartimento di Scienze Teoriche e Applicate Università degli Studi dell’Insubria via Mazzini, 5, Varese 21100, Italy
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.48
Within Database Management Systems (DBMS), privacy policies regulate the collection, access and disclosure of the stored personal, identifiable and sensitive data. Policies often specify obligations which represent actions that must be executed or conditions that must be satisfied before and/or after data are accessed. Although numerous policies specification languages allow the specification, no systematic support is provided to enforce obligations within relational DBMS. In this paper, we make a step to fill this void presenting an approach to the definition of an enforcement monitor which handles privacy policies that include obligations. Such a monitor is derived from the same set of policies that must be enforced, and regulates the execution of SQL code based on the satisfaction of a variety of obligation types. The proposed solution is systematic, has been automated, does not require any programming activity and can be used with most of the existing relational DBMSs.
Privacy, Unified modeling language, Monitoring, Data privacy, Databases, Data models, Authorization,model driven engineering, Obligations, privacy policies, enforcement, monitor, relational database management systems, aspect oriented programming
Elena Ferrari, "Enforcing Obligations within RelationalDatabase Management Systems", IEEE Transactions on Dependable and Secure Computing, vol.11, no. 4, pp. 318-331, July-Aug. 2014, doi:10.1109/TDSC.2013.48