=Paper=
{{Paper
|id=None
|storemode=property
|title=Representation and Inference of Privacy Risks Using Semantic Web Technologies
|pdfUrl=https://ceur-ws.org/Vol-674/Paper187.pdf
|volume=Vol-674
|dblpUrl=https://dblp.org/rec/conf/ekaw/VieiraSSANCBPBR10
}}
==Representation and Inference of Privacy Risks Using Semantic Web Technologies==
https://ceur-ws.org/Vol-674/Paper187.pdf
Representation and Inference of Privacy Risks Using
Semantic Web Technologies
Renata Vieira Douglas da Silva Tomas Sander
PUCRS PUCRS Systems Security HP Lab
Ipiranga Av. 6681, FACIN Ipiranga Av. 6681, FACIN 5 Vaughn Dr,
CEP 90619-900 CEP 90619-900
Porto Alegre, Brazil Porto Alegre, Brazil Princeton, NJ 08540, USA
renata.vieira@pucrs.br douglas.silva@cpph.pucrs.br tomas.sander@hp.com
ABSTRACT Considering the importance of a proper representation of relevant
This poster discusses domain ontologies on the privacy field for rules formulated for handling personal information, described in
automatic risk identification and project qualification. It presents laws, guidelines, policies, and other normative sources, we
an ontology model for describing risks as an interpretation of propose an ontology describing data privacy risk related concepts,
privacy policies contextualized in project specifications. based on project actions. In particular, we address the appropriate
usage of information under a set of rules based on the
identification of privacy risks when dealing with sensitive
Categories and Subject Descriptors information. An OWL ontology infers risks in terms of actions of
K.4.1 [Computers and Society]: Public Policy Issues – privacy. software projects and the effect of these actions over sensitive
information.
General Terms
Management, Reliability, Security, Legal Aspects. 2. REPRESENTING PRIVACY RISKS
Our model includes concepts, such as personally identifiable
Keywords information (PII), sensitive information, user actions, location,
Ontologies, privacy, accountability, risk assessment. and risk levels. Restrictions and constructors to classify actions in
risk actions are described through object properties. Figure 1
shows some of the relevant identified classes.
1. INTRODUCTION
Attention to privacy legislation is an important issue in IT
(information technology) projects to avoid lawsuits and loss of
consumer trust [1]. The privacy domain in IT and accountable
privacy management (APM) in organizations are explored in
several works, as follows. In [2] a taxonomy describes concepts
such as collection, processing, dissemination and invasion of
information. Knutson [3] presents basic principles to create
privacy awareness in software projects. This is done through the
identification of privacy goals that fulfill legal obligations, the
definition of a privacy core team with technical and legal experts
and the creation of guidelines to help developers to become
independent from the privacy experts. Similar concerns for
software design are endorsed within other work on privacy
awareness [4][5]. The KAoS Policy Ontologies (KPO) [6] defines
concepts such as actions, actors, groups, places, entities related to
actions, and policies. An integration of policies relating several
aspects of security is proposed in [7], including authorization and
privacy into semantic web services. The BDSG ontology,
mapping law statements to a machine interpretable language is
presented in [8] as a way to enforce privacy in enterprises using
ontologies to generate XACML [9] policies. Hecker [10] argues
that ontologies on the privacy field must enable interoperability,
determine the privacy level of a transaction and guide the Figure 1. Privacy domain classes.
implementation of privacy functionalities without requiring
expertise from the domain. Hecker creates an ontology using These are common concepts in documents, laws and guidelines of
terms from privacy notions and concepts from the European the domain for privacy assurance and accountable software
Parliament Directive 95/46/EC11. Hu [11] proposes that the
semantic model for EPAL privacy policies can be expressed as a
variety of combinations of ontologies and rules.
�development1. Properties are used to relate actions to contextual contexts (time, place) are related to risks. The proposed approach
information, examples are: is intended to guide managers with risk assessment. The model is
also designed to help privacy experts to formalize risky situations
Information Transfer has origin Country
Information Transfer has destination Country in organizations. As future work we plan to map our concepts to
PII is sensitive information in location Geo other similar ontologies, linking for instance, our action concepts
Action involves information Information
Action has secondary action Action to action concepts of KAoS. We are also considering the
processing of textual knowledge sources such as laws and
Based on Argentina’s provision [12], which presents a guidelines to ease the identification of relevant domain
classification of risks as low, moderate and high, we exemplify information.
risk inference as follows. Figure 2 shows Risk_Action classes.
6. ACKNOWLEDGMENTS
This paper was done in cooperation with Hewlett-Packard Brasil
Ltda. using incentives of Brazilian Informatics Law (Law nº
8.2.48 of 1991).
7. ADDITIONAL AUTHORS
Figure 2. Risk classes. Additional authors: Alexandre Agustini (PUCRS), Caio
Northfleet (HP), Fernando Castilho (PUCRS), Mírian Bruckschen
In our model, privacy risks are inferred from project related (PUCRS), Patrícia Pizzinato (PUCRS), Paulo Bridi (PUCRS),
information. Consider an instance of a project in the ontology, Prasad Rao (HP), Roger Granada (PUCRS).
which refers to actions that manipulate information, such as name,
address and social security number. This project instance is
8. REFERENCES
[1] Mont, M., Thyne, R.: Privacy policy enforcement in
asserted using the relations: involves action, involves
enterprises with identity management solutions. In: PST '06,
information, has origin, has destination, and is sensitive vol. 380, pp. 1--12. ACM, New York (2006).
information in location, as shown below. [2] Solove, D. J.: A Taxonomy of Privacy. University of
project involves action
Pennsylvania Law Review, vol. 154, no. 3, p. 477, (2006).
information access [3] Knutson, T. R. 2007. Building Privacy into Software
information transfer
information access involves information Products and Services. IEEE Security and Privacy, vol. 5,
name no. 3, pp. 72--74 (2007)
address
social security number [4] Duncan, G.: ENGINEERING: Privacy By Design. Science
information transfer involves information 317 (5842), 1178, (2007)
name
address [5] Ye, X., Zhu, Z., Peng, Y., Xie, F.: Privacy Aware
social security number
information transfer has origin Engineering: A Case Study. Journal of Software, vol. 4, no.
USA
information transfer has destination
3, pp. 218--225 (2009)
Portugal [6] Bradshaw, J. et al.: Representation and reasoning for
social security number is sensitive information in location
USA
DAML-based policy and domain services in KAoS and
nomads. In: AAMAS '03. Melbourne, Australia (2003)
With these facts asserted in the ontology, an instance involving [7] Kagal, L., Paoucci, M., Srinivasan, N., Denker, G., Finin,
social security number will be classified as Sensitive T., and Sycara, T.: Authorization and Privacy for Semantic
Information in the USA as a consequence of a SWRL codified Web Services, In: AAAI Spring Symposium on Semantic
rule. In this way, the action will be inferred as high risk action: Web Services (2004)
Sensitive Information Access and Sensitive Information [8] Abou-Tair, D.D., Berlik, S., Kelter, U.: Enforcing Privacy
by Means of an Ontology Driven XACML Framework. In:
Transfer.
IAS 2007, Third International Symposium on Information
3. FINAL REMARKS Assurance and Security, pp. 279--284 (2007)
[9] OASIS XACML Technical Committee.: eXtensible Access
Ontologies on the privacy domain are useful to provide ways to
Control Markup Language (2003)
share vocabulary and better understand a particular domain and its
[10] Hecker, M., Dillon, T. S., Chang, E. Privacy Ontology
related concepts. Our research is aimed at building models that
Support for E-Commerce, IEEE Internet Computing, vol.
infer risks automatically from the specification of project features.
12, no. 2, pp. 54--61 (2008)
Such knowledge intensive areas require advanced knowledge
[11] Hu, Y., Guo, H., and Lin, A. G.: Semantic Enforcement of
management technologies. A privacy core team is necessary to
Privacy Protection Policies via the Combination of
create and maintain such systems based on dynamically changing
Ontologies and Rules. In: SUTC 2008, vol. 00. IEEE
knowledge. Our model presents concepts and relations where
Computer Society, Washington, DC, pp. 400--407 (2008)
actions involving data related to personal information and their
[12] Ministerio de Justicia, Seguridad e Derechos Humanos,
Presidencia de la Nación Argentina. Dirección Nacional de
1
Protección de Datos Personales (2006)
A hyperbolic view of the ontology is available at
http://www.inf.pucrs.br/~ontolp/Visualizacao/Privacy_Risks/Privacy_risks.html.
�