Team for Research in
Ubiquitous Secure Technology

Privacy and Utility in Business Processes
Adam Barth, Anupam Datta, John C. Mitchell, sharada sundaram

Citation
Adam Barth, Anupam Datta, John C. Mitchell, sharada sundaram. "Privacy and Utility in Business Processes". Proceedings of 20th IEEE Computer Security Foundations Symposium, July, 2007.

Abstract
We propose an abstract model of business processes for the purpose of (i) evaluating privacy policy in light of the goals of the process and (ii) developing automated support for privacy policy compliance and audit. In our model, agents that send and receive tagged personal information are assigned organizational roles and responsibilities. We present approaches and algorithms for determining whether a business process design simultaneously achieves privacy and the goals of the organization (utility). The model also allows us to develop a notion of minimal exposure of per- sonal information, for a given process. We investigate the problem of auditing with inexact information and develop methods to identify a set of potentially culpable individu- als when privacy is breached. The audit methods draw on traditional causality concepts to reduce the effort needed to search audit logs for irresponsible actions.

Electronic downloads

Citation formats  
  • HTML
    Adam Barth, Anupam Datta, John C. Mitchell, sharada
    sundaram. <a
    href="http://www.truststc.org/pubs/413.html"
    >Privacy and Utility in Business Processes</a>,
    Proceedings of 20th IEEE Computer Security Foundations
    Symposium, July, 2007.
  • Plain text
    Adam Barth, Anupam Datta, John C. Mitchell, sharada
    sundaram. "Privacy and Utility in Business
    Processes". Proceedings of 20th IEEE Computer Security
    Foundations Symposium, July, 2007.
  • BibTeX
    @inproceedings{BarthDattaMitchellsundaram07_PrivacyUtilityInBusinessProcesses,
        author = {Adam Barth and Anupam Datta and John C. Mitchell
                  and sharada sundaram},
        title = {Privacy and Utility in Business Processes},
        booktitle = {Proceedings of 20th IEEE Computer Security
                  Foundations Symposium},
        month = {July},
        year = {2007},
        abstract = {We propose an abstract model of business processes
                  for the purpose of (i) evaluating privacy policy
                  in light of the goals of the process and (ii)
                  developing automated support for privacy policy
                  compliance and audit. In our model, agents that
                  send and receive tagged personal information are
                  assigned organizational roles and
                  responsibilities. We present approaches and
                  algorithms for determining whether a business
                  process design simultaneously achieves privacy and
                  the goals of the organization (utility). The model
                  also allows us to develop a notion of minimal
                  exposure of per- sonal information, for a given
                  process. We investigate the problem of auditing
                  with inexact information and develop methods to
                  identify a set of potentially culpable individu-
                  als when privacy is breached. The audit methods
                  draw on traditional causality concepts to reduce
                  the effort needed to search audit logs for
                  irresponsible actions.},
        URL = {http://www.truststc.org/pubs/413.html}
    }
    

Posted by Anupam Datta on 25 Jul 2008.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.