A Declarative Framework for Specifying and Enforcing Purpose-aware Policies
This work addresses privacy protection for users by providing a more rigorous and enforceable approach to purpose-aware policies, though it appears incremental relative to existing proposals.
The paper tackles the problem of ambiguous semantics and lack of run-time enforcement in purpose-aware privacy policies by proposing a declarative framework based on first-order temporal logic, resulting in a precise semantics and a run-time monitor with analyzed complexity.
Purpose is crucial for privacy protection as it makes users confident that their personal data are processed as intended. Available proposals for the specification and enforcement of purpose-aware policies are unsatisfactory for their ambiguous semantics of purposes and/or lack of support to the run-time enforcement of policies. In this paper, we propose a declarative framework based on a first-order temporal logic that allows us to give a precise semantics to purpose-aware policies and to reuse algorithms for the design of a run-time monitor enforcing purpose-aware policies. We also show the complexity of the generation and use of the monitor which, to the best of our knowledge, is the first such a result in literature on purpose-aware policies.