A Generic Architecture for Integrating Health Monitoring and Advanced Care Provisioning

This paper presents a novel approach for advanced person- alized care and health services. It consists of four tiers and presents a high level of openness, privacy and manageability compared to existing systems. Moreover, the architecture is driven by realistic underlying business opportunities and is validated through the design of multiple scenarios.status: publishe

Access Control for Data Integration in Presence of Data Dependencies

International audienceDefining access control policies in a data integration scenario is a challenging task. In such a scenario typically each source specifies its local access control policy and cannot anticipate data inferences that can arise when data is integrated at the mediator level. Inferences, e.g., using functional dependencies, can allow malicious users to obtain, at the mediator level, prohibited information by linking multiple queries and thus violating the local policies. In this paper, we propose a framework, i.e., a methodology and a set of algorithms, to prevent such violations. First, we use a graph-based approach to identify sets of queries, called violating transactions, and then we propose an approach to forbid the execution of those transactions by identifying additional access control rules that should be added to the mediator. We also state the complexity of the algorithms and discuss a set of experiments we conducted by using both real and synthetic datasets. Tests also confirm the complexity and upper bounds in worst-case scenarios of the proposed algorithms

An Algebra for Enterprise Privacy Policies Closed Under Composition and Conjunction

To cope with the complex requirements imposed on the processing of privacy-sensitive data within enterprises, the use of automatic or semi-automatic tools is gradually becoming inevitable. A fundamental prerequisite for applying such automated tools is an adequate fine-grained formalization of privacy policies along with appropriate operators to manipulate such policies. So far the most promising results for the formalization of privacy policies have been achieved with the language EPAL resp. its academic counterpart E-P3P. As shown by Backes et al at ESORICS 2004, in the existing form E-P3P has fundamental limitations in the expressability of composed policies as desired in projects involving multiple departments or enterprises. We describe a Novel Algebraic Privacy Specification (NAPS) which addresses these problems by offering conjunction, composition and scoping operators, which are defined analogously to those known from E-P3P, but exhibit desirable algebraic properties. Most notably NAPS is, in contrast to E-P3P, closed under all of these operators. Also, we show how existing E-P3P policies fit into the NAPS framework

Compliance checking of data-aware and resource-aware compliance requirements

Compliance checking is gaining importance as today’s organizations need to show that their business practices are in accordance with predefined (legal) requirements. Current compliance checking techniques are mostly focused on checking the control-flow perspective of business processes. This paper presents an approach for checking the compliance of observed process executions taking into account data, resources, and control-flow. Unlike the majority of conformance checking approaches we do not restrict the focus to the ordering of activities (i.e., control-flow). We show a collection of typical data and resource-aware compliance rules together with some domain specific rules. Moreover providing diagnostics and insight about the deviations is often neglected in current compliance checking techniques. We use control-flow and data-flow alignment to check compliance of processes and combine diagnostics obtained from both techniques to show deviations from prescribed behavior. Furthermore we also indicate the severity of observed deviations. This approach integrates with two existing approaches for control-flow and temporal compliance checking, allowing for multi-perspective diagnostic information in case of compliance violations. We have implemented our techniques and show their feasibility by checking compliance of synthetic and real life event logs with resource and data-aware compliance rules. Keywords: compliance checking; auditing; data-aware and resource-aware compliance requirements; conformance checkin

W18 - PDMST '07 & GRep '07: 4th international workshop on P2P Data Management, Security, and Trust: 3rd international workshop on Data management in Global data Repositories

10.1109/DEXA.2007.4312999Proceedings - International Workshop on Database and Expert Systems Applications, DEXA775-77