Within Database
Management Systems (DBMS), privacy policies regulate the collection, access and
disclosure of the stored personal, identifiable and sensitive data. Policies
often specify obligations which represent actions that must be executed or
conditions that must be satisfied before and/or after data are accessed.
Although numerous policies specification languages allow the specification, no
systematic support is provided to enforce obligations within relational DBMS.
In this paper we make a step to fill this void presenting an approach to the
definition of an enforcement monitor which handles privacy policies that
include obligations. Such a monitor is derived from the same set of prolicies
that must be enforced, and regulates the execution of SQL code based on the
satisfaction of a variety of obligation types. The proposed solution is
systematic, has been automated, does not require any programming activity and
can be used with most of the existing relational DBMSs.
No comments:
Post a Comment