Privacy and Utility in Business Processes

Privacy and Utility in Business Processes
Adam Barth, Anupam Datta, John C. Mitchell, sharada sundaram

Citation
Adam Barth, Anupam Datta, John C. Mitchell, sharada sundaram. "Privacy and Utility in Business Processes". Proceedings of 20th IEEE Computer Security Foundations Symposium, July, 2007.

Abstract
We propose an abstract model of business processes for the purpose of (i) evaluating privacy policy in light of the goals of the process and (ii) developing automated support for privacy policy compliance and audit. In our model, agents that send and receive tagged personal information are assigned organizational roles and responsibilities. We present approaches and algorithms for determining whether a business process design simultaneously achieves privacy and the goals of the organization (utility). The model also allows us to develop a notion of minimal exposure of per- sonal information, for a given process. We investigate the problem of auditing with inexact information and develop methods to identify a set of potentially culpable individu- als when privacy is breached. The audit methods draw on traditional causality concepts to reduce the effort needed to search audit logs for irresponsible actions.

Electronic downloads

http://www.andrew.cmu.edu/user/danupam/bdms-csf07.pdf

Citation formats

HTML

Adam Barth, Anupam Datta, John C. Mitchell, sharada
sundaram. <a
href="http://www.truststc.org/pubs/413.html"
>Privacy and Utility in Business Processes</a>,
Proceedings of 20th IEEE Computer Security Foundations
Symposium, July, 2007.

Plain text

Adam Barth, Anupam Datta, John C. Mitchell, sharada
sundaram. "Privacy and Utility in Business
Processes". Proceedings of 20th IEEE Computer Security
Foundations Symposium, July, 2007.

BibTeX

@inproceedings{BarthDattaMitchellsundaram07_PrivacyUtilityInBusinessProcesses,
    author = {Adam Barth and Anupam Datta and John C. Mitchell
              and sharada sundaram},
    title = {Privacy and Utility in Business Processes},
    booktitle = {Proceedings of 20th IEEE Computer Security
              Foundations Symposium},
    month = {July},
    year = {2007},
    abstract = {We propose an abstract model of business processes
              for the purpose of (i) evaluating privacy policy
              in light of the goals of the process and (ii)
              developing automated support for privacy policy
              compliance and audit. In our model, agents that
              send and receive tagged personal information are
              assigned organizational roles and
              responsibilities. We present approaches and
              algorithms for determining whether a business
              process design simultaneously achieves privacy and
              the goals of the organization (utility). The model
              also allows us to develop a notion of minimal
              exposure of per- sonal information, for a given
              process. We investigate the problem of auditing
              with inexact information and develop methods to
              identify a set of potentially culpable individu-
              als when privacy is breached. The audit methods
              draw on traditional causality concepts to reduce
              the effort needed to search audit logs for
              irresponsible actions.},
    URL = {http://www.truststc.org/pubs/413.html}
}

Posted by Anupam Datta on 25 Jul 2008.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.