Privacy Research: Secure XML Views with Access Control Policies and Semantic Reasoning
Whereas Internet technologies seem to facilitate the information flow between entities, several concerns have been raised about the risks connected to the misuse of the data that belongs either to organizations or to individuals. In fact, collaborations between two or more subjects usually involve disclosure of information, which if is not controlled, might end in revealing strategic and valuable company knowledge of a or sensitive data about citizens, workers or clients.
With data protection and privacy acts, such as the EU directive 95/46/EC, governments have been trying to regulate manners on how the data about citizens can be collected, used and transferred, allowing the individual itself to express preferences about the usage of its own data. Several research groups – such as the EU funded PRIME and PrimeLife consortiums – have been providing solutions and tools to support these regulations in open digital systems, such as Internet.
One of the most promising research topic in this field are systems that capture the data usage requirements of each party, translate them in policies that can be processed by an automatic engine and control the disclosure of the data. During the collaboration between the parties, the system grants the access to the information only if the parties find an agreement, according to requirement expressed in the policies. Each of the parties discloses to the other(s) just the information on which usage they found a successful agreement. This kind of systems can be used anywhere information disclosure is involved: the P3P platform is an existing example of these systems. With P3P, websites declare a set of policies that allows them to state their intended uses of personal information that may be gathered from their visitors. Users set their own of policies, stating what personal information they will allows to be seen by the sites. During the web site visit, the P3P technology check if the two set of policies match, and in case of any inconsistence, it will ask to the user to reveal more data, describing the risks.
Besides the clear advantages for the citizens and their privacy, data disclosure tools could also help companies to enforce internal regulations, avoiding for instance that strategic information might be revealed to the wrong side during complex collaborations that occur in business workflows. For example, a project may gather different companies in a consortium: some of them might be competitors on some markets whereas others might have strategic partnerships.
While sharing information with the other within the project processes, a company may disclose strategic information only to the strategic partners, and would stay away from disclosing knowledge about a market to another company if they were competitors in that particular field.
The creation of these systems certainly present several issues:
- How to translate the legal, high-level and abstract terms of regulations in policies?
- Which technologies can be used for writing interoperable policies?
- How to enforce the effects of these policies at runtime, especially in the case of structured data?
Moving toward a system that is able to selectively disclose information, according to the regulatory requirements, we realized an application able to filter structured data using access control policies that are processed by an independent engine. To improve the capability of the access control technology to describe and regulate a complex domain using abstraction, we integrated semantic web technologies and reasoning.
In a future blog we will outline the proposed research application that takes as input an XML document, a set of access control policies expressed using the extensible access control mark-up language (XACML) and a set of credentials that describes the particular access. After the processing, the application returns an XML document containing only the information that can be disclosed under those circumstances.
This research work was carried out within the context of a European Project, Primelife, and the SAP Applied Research Security & Trust Program. Special acknowledgement to former colleague Andrea Rota.